Use {{hmac}} to generate an HMAC (keyed-hash message authentication code) from a given field or string, using a secret key and a supported hash algorithm. This verifies data integrity and authenticity when sending requests.
{{hmac "algorithm" key "encoding" field keyEncoding}}
-
algorithm: One of Celigo’s supported cryptographic algorithms (e.g.,
"sha256","sha1","md5"). -
key: The path to your secret key in dot notation (e.g.,
connection.http.encrypted.secretKey). -
encoding: The format of the resulting HMAC (e.g.,
"hex"or"base64"). -
field: The string or field path whose value you want to authenticate.
-
keyEncoding (optional): How the secret key is encoded (
"utf8"or"base64"). Defaults to"utf8"if not specified.
-
HMAC-SHA256 with a secure key
{{hmac "sha256" connection.http.encrypted.secretKey "hex" record.payload}}-
Uses the secret key in
connection.http.encrypted.secretKey -
Produces a hex-encoded SHA-256 HMAC of
record.payload
-
-
Base64-encoded key and field
{{hmac "sha1" connection.http.encrypted.secretKey "base64" record.body "base64"}}-
Interprets the secret key as base64
-
Returns a base64-encoded SHA-1 signature of
record.body
-
Tip
-
Secure your secret key: Always store it in encrypted fields to prevent exposure (e.g.,
connection.http.encrypted). -
Use HTTPS: HMAC is most effective when transmitted securely over HTTPS.
-
URI-encode parameters if your authentication scheme requires signing the entire URL, including query parameters.
-
No dot notation for the HMAC result: The
fieldparameter must be a direct string or field path; referencing nested objects (e.g.,record.property) typically works, but passing the result ofhmacfurther with dot notation is not supported. -
For additional control (e.g., signing a full URL or customizing the signature process), see hmacOptions in Celigo’s documentation.