# getHmacSHA1

## `getHmacSHA1` Function

The `getHmacSHA1` function returns a **SHA-1 HMAC (Hash-based Message Authentication Code)** from an input string using Node.js’ built-in [`crypto`](https://nodejs.org/api/crypto.html#cryptocreatehmacalgorithm-key-options) module. This function is commonly used for **signed payloads, request validation, or secure token generation**.

***

### Purpose

Use this function to:

* Generate **signed hashes** with a secret key (HMAC)
* Verify payload integrity between systems
* Implement token-based authentication or validation
* Create secure webhooks or API signature mechanisms

***

### Function Definition

| Property          | Description                        |
| ----------------- | ---------------------------------- |
| **Function Name** | `this.getHmacSHA1`                 |
| **Type**          | `function`                         |
| **Available In**  | Server-Side Variables              |
| **Returns**       | `string` (SHA-1 HMAC of the input) |

***

### Parameters

| Parameter    | Description                                                       | Type     | Required                                      | Example           |
| ------------ | ----------------------------------------------------------------- | -------- | --------------------------------------------- | ----------------- |
| `secret-key` | The secret used to sign the HMAC                                  | `string` | <i class="fa-square-check">:square-check:</i> | `"my-secret-key"` |
| `input`      | The input string to hash                                          | `string` | <i class="fa-square-check">:square-check:</i> | `"data-to-sign"`  |
| `encoding`   | Output format of the hash (e.g., `"hex"`, `"base64"`, `"latin1"`) | `string` | <i class="fa-square-check">:square-check:</i> | `"base64"`        |

***

### Supported Encodings

See [Node.js crypto documentation](https://nodejs.org/api/crypto.html#cryptocreatehmacalgorithm-key-options) for full details.

Common options include:

* `hex` — Human-readable hash string
* `base64` — Compact and URL-safe
* `latin1` — Raw binary output

***

### Example Usage

```js
async function() {
    const config = {
        secret_key: this.accountvars["secret_key"],
        request_payload: this.payload,
        encoding: "base64"
    };

    return this.tools.getHmacSHA1(config.secret_key, config.request_payload, config.encoding);
}
```

In this example:

* The secret key is pulled from `accountvars`
* The full payload is used as the input
* The resulting SHA-1 HMAC is encoded in base64

***

### Use Cases

* Generate **HMAC signatures for webhooks**
* Sign requests to third-party APIs
* Validate payloads between frontend and backend
* Create tamper-resistant tokens or messages

***

### Notes

* SHA-1 HMAC is **secure for keyed hashing**, but for new applications, consider using **HMAC-SHA256** where supported.
* Make sure the secret key is securely stored (e.g., in `accountvars` or protected config).
* Encoding must always be explicitly specified.

***

### Summary

`this.getHmacSHA1` enables secure and efficient creation of **signed hashes** for request validation, secure communications, and payload protection. It is ideal for API integrations, webhook authentication, and cryptographic use cases where **data integrity and authenticity** matter.