getHmacSHA1
getHmacSHA1
Function
getHmacSHA1
FunctionThe getHmacSHA1
function returns a SHA-1 HMAC (Hash-based Message Authentication Code) from an input string using Node.js’ built-in crypto
module. This function is commonly used for signed payloads, request validation, or secure token generation.
Purpose
Use this function to:
Generate signed hashes with a secret key (HMAC)
Verify payload integrity between systems
Implement token-based authentication or validation
Create secure webhooks or API signature mechanisms
Function Definition
Function Name
this.getHmacSHA1
Type
function
Available In
Server-Side Variables
Returns
string
(SHA-1 HMAC of the input)
Parameters
secret-key
The secret used to sign the HMAC
string
"my-secret-key"
input
The input string to hash
string
"data-to-sign"
encoding
Output format of the hash (e.g., "hex"
, "base64"
, "latin1"
)
string
"base64"
Supported Encodings
See Node.js crypto documentation for full details.
Common options include:
hex
— Human-readable hash stringbase64
— Compact and URL-safelatin1
— Raw binary output
Example Usage
async function() {
const config = {
secret_key: this.accountvars["secret_key"],
request_payload: this.payload,
encoding: "base64"
};
return this.tools.getHmacSHA1(config.secret_key, config.request_payload, config.encoding);
}
In this example:
The secret key is pulled from
accountvars
The full payload is used as the input
The resulting SHA-1 HMAC is encoded in base64
Use Cases
Generate HMAC signatures for webhooks
Sign requests to third-party APIs
Validate payloads between frontend and backend
Create tamper-resistant tokens or messages
Notes
SHA-1 HMAC is secure for keyed hashing, but for new applications, consider using HMAC-SHA256 where supported.
Make sure the secret key is securely stored (e.g., in
accountvars
or protected config).Encoding must always be explicitly specified.
Summary
this.getHmacSHA1
enables secure and efficient creation of signed hashes for request validation, secure communications, and payload protection. It is ideal for API integrations, webhook authentication, and cryptographic use cases where data integrity and authenticity matter.
Last updated
Was this helpful?