getHmacSHA1

getHmacSHA1 Function

The getHmacSHA1 function returns a SHA-1 HMAC (Hash-based Message Authentication Code) from an input string using Node.js’ built-in crypto module. This function is commonly used for signed payloads, request validation, or secure token generation.


Purpose

Use this function to:

  • Generate signed hashes with a secret key (HMAC)

  • Verify payload integrity between systems

  • Implement token-based authentication or validation

  • Create secure webhooks or API signature mechanisms


Function Definition

Property
Description

Function Name

this.getHmacSHA1

Type

function

Available In

Server-Side Variables

Returns

string (SHA-1 HMAC of the input)


Parameters

Parameter
Description
Type
Required
Example

secret-key

The secret used to sign the HMAC

string

"my-secret-key"

input

The input string to hash

string

"data-to-sign"

encoding

Output format of the hash (e.g., "hex", "base64", "latin1")

string

"base64"


Supported Encodings

See Node.js crypto documentation for full details.

Common options include:

  • hex — Human-readable hash string

  • base64 — Compact and URL-safe

  • latin1 — Raw binary output


Example Usage

async function() {
    const config = {
        secret_key: this.accountvars["secret_key"],
        request_payload: this.payload,
        encoding: "base64"
    };

    return this.tools.getHmacSHA1(config.secret_key, config.request_payload, config.encoding);
}

In this example:

  • The secret key is pulled from accountvars

  • The full payload is used as the input

  • The resulting SHA-1 HMAC is encoded in base64


Use Cases

  • Generate HMAC signatures for webhooks

  • Sign requests to third-party APIs

  • Validate payloads between frontend and backend

  • Create tamper-resistant tokens or messages


Notes

  • SHA-1 HMAC is secure for keyed hashing, but for new applications, consider using HMAC-SHA256 where supported.

  • Make sure the secret key is securely stored (e.g., in accountvars or protected config).

  • Encoding must always be explicitly specified.


Summary

this.getHmacSHA1 enables secure and efficient creation of signed hashes for request validation, secure communications, and payload protection. It is ideal for API integrations, webhook authentication, and cryptographic use cases where data integrity and authenticity matter.

Last updated

Was this helpful?