HMAC stands for Hash-based message authentication codes which is often used between communication between server and client.
- The server and client are both provided with a secret key known only by that specific server and client.
- The client generates a unique HMAC, or hash, per request to the server by hashing the request data with the secret key and sending it as part of a request.
- The server receives the request and regenerates its own unique HMAC, it compares the two HMACs. If they’re equal, the client is trusted and the request is executed.
- The whole process is well described here by Amazon.
- RFC 2104 – HMAC: Keyed-Hashing for Message Authentication
- Example of codes for creating HMAC-SHA256.