Tool
HMAC signature verifier
Compute an HMAC over a payload and secret, or verify one against an expected signature — all client-side via Web Crypto. Your secret never leaves the browser.
Paste a payload and signing secret to compute its HMAC signature (hex and base64), or paste an expected signature to check for a match. Useful when a webhook signature check is failing and you need to see what the signature should be — for example while debugging Stripe signature verification.
Payload
Signing secret
Algorithm
Expected signature (optional)
Everything runs in your browser via the Web Crypto API. Your secret and payload are never sent anywhere.
Related
Keep reading
Get started
Start debugging your webhooks.
Point one endpoint at HookWatch, capture a failure, and replay it once it’s fixed. Free during beta.