← All terms

Concepts

HMAC

Cryptographic seal on a URL or message — proves it's authentic and unmodified

Category: Concepts Also known as: 4 Related terms: 2

Definition

Hash-based Message Authentication Code. A short signature (SHA-256) over (data + secret-key) that anyone can verify but only the key-holder can generate. We use it on /alerts/ URLs so signed links can't be tampered with or forged. TTL 1 year.

Context anchor

HMAC-SHA256 = 64 hex chars (~256 bits); brute-force ~10^77 attempts — practically unbreakable

Example

Premium alert links carry HMAC signature — proves the URL came from us, not forged

Also known as

hmachmac signaturesigned linkrequest signature

Related terms

  • OAuthWeb-standard for "Sign in with X" — no password sharing, no API-key copying
  • Rate LimitHow many requests you can make per day or minute before you're throttled