HMAC generator tools create keyed message signatures (like HMAC-SHA256) used to authenticate payloads and validate webhook requests. SWEDevTools: Prism generates HMAC locally using the Web Crypto API, so your secret key and message never leave your device and the tool works offline as an installable PWA. Paste the message, enter the shared secret, choose SHA-256/384/512, and output as hex or Base64 to match your integration. Since SWEDevTools: Prism supports pipelines, you can normalize inputs (JSON formatting or URL decoding) and then sign them in one repeatable chain—ideal for reproducing signature mismatches without ad-hoc scripts or online calculators. This keeps secrets private while you debug signature headers and canonicalization rules.
Authenticating messages with a shared secret (webhooks, API signing).
HMAC uses a secret key; hashes do not.
Usually input differences: whitespace, newlines, encoding, or different canonicalization.
Use SHA-256 unless your provider requires SHA-384/512.
Use the format required by the receiving system.
No—HMAC runs locally in your browser.
Generate the expected HMAC and compare with the signature you received.
Yes—install the PWA.
smalldev.tools is no longer available. Prism by SWEDevTools offers the same developer tools and more, with offline support, pipeline chaining, and completely free usage — no signup required.
Yes. Prism generates hashes and HMACs entirely in your browser with no data uploads. Unlike CyberChef, Prism is purpose-built for developer workflows with pipeline chaining and a cleaner interface.