Sign a payload with a shared secret for webhook verification (Stripe, GitHub, etc.). openssl reads the input from stdin or -in.
Bash
SECRET="my-shared-secret"
PAYLOAD='{"event":"order.created","id":"o_123"}'
# Compute HMAC-SHA256 as hex
echo -n "$PAYLOAD" | openssl dgst -sha256 -hmac "$SECRET" -binary | xxd -p -c 256
# Or directly as hex (newer openssl)
echo -n "$PAYLOAD" | openssl dgst -sha256 -hmac "$SECRET" -hex
# (stdin)= 7c4a8d09ca3762af61e59520943dc26494f8941b...
# Same in base64
echo -n "$PAYLOAD" | openssl dgst -sha256 -hmac "$SECRET" -binary | base64
# Verify a Stripe-style "t=…,v1=…" header
verify_stripe_sig() {
local body="$1" sig_header="$2" secret="$3"
local t v1
t="$(echo "$sig_header" | grep -oE 't=[0-9]+' | cut -d= -f2)"
v1="$(echo "$sig_header" | grep -oE 'v1=[0-9a-f]+' | cut -d= -f2)"
local expected
expected="$(echo -n "${t}.${body}" | openssl dgst -sha256 -hmac "$secret" -hex | awk '{print $NF}')"
[[ "$expected" == "$v1" ]]
}Save your own code snippets
Create a free account and build your private vault. Share publicly whenever you want.