# HMAC #### Allowed users {% tabs %} {% tab title="User" %} Allowed {% endtab %} {% tab title="Master" %} Not allowed {% endtab %} {% tab title="ExtAuth" %} Allowed {% endtab %} {% endtabs %} #### Required access scope {% tabs %} {% tab title="Main" %} `keymgmt:use:` where `` is a Key ID as a 32-character hexadecimal string {% endtab %} {% endtabs %} ## Hash ## Gen an HMAC of a message `POST` `https://my.ence.do/api/crypto/hmac/hash` Return an HMAC of a given message. #### Headers | Name | Type | Description | | ----------------------------------------------- | ------ | ----------------- | | Authorization\* | String | Bearer JWT\_TOKEN | | Content-Type\* | String | application/json | #### Request Body | Name | Type | Description | | --------------------------------------- | ------ | ------------------------------------------------ | | `alg` | String | Algorithm to use (e.g. SHA2-256) | | `ext_kid` | String | External Key ID, 32 chars hex string | | `msg`\* | String | Base64 encoded message to hmac (max. 2048 bytes) | | `pubkey` | String | Base64 encoded external public key | | `kid`\* | String | Key ID, 32 chars hex string | #### Response status code {% tabs %} {% tab title="200: Operation successful" %} ```javascript { "mac": "otGuoI+uH8K6cWk6Qnx3vNGKDjFv2zTF0dUM73a3YMo=" } ``` {% endtab %} {% tab title="400: Incorrect argument(s)" %} {% endtab %} {% tab title="401: Missing or invalid JWT\_TOKEN" %} {% endtab %} {% tab title="403: Incorrect access scope" %} {% endtab %} {% tab title="406: Operation failed" %} {% endtab %} {% tab title="409: Incorrect internal state" %} {% endtab %} {% tab title="418: TLS connection required" %} {% endtab %} {% endtabs %} {% hint style="info" %} The key type pointed to `ext_kid` or represented by `pubkey` MUST be the same as the `kid` key type. Otherwise, indirect ECDH will fail. {% endhint %} #### Possible `alg` values | Agorithm | Description | | -------- | ------------- | | SHA2-256 | SHA2-256 HMAC | | SHA2-384 | SHA2-384 HMAC | | SHA2-512 | SHA2-512 HMAC | | SHA3-256 | SHA3-256 HMAC | | SHA3-384 | SHA3-384 HMAC | | SHA3-512 | SHA3-512 HMAC | #### Response data for successful operation
NameTypeDescription
macStringBase64 encoded HMAC value
#### Log entries
EventResultSource
LOG_TYPE_FAILED_SCOPE_CHECKLOG_RESULT_FAILED403
LOG_TYPE_CRYPTO_HMAC_HASHLOG_RESULT_ERROR400
LOG_TYPE_CRYPTO_HMAC_HASHLOG_RESULT_FAILED406
LOG_TYPE_CRYPTO_HMAC_HASHLOG_RESULT_OK200
## Verify ## Verify an HMAC of the message `POST` `https://my.ence.do/api/crypto/hmac/verify` Verify the hash of a given message. #### Headers | Name | Type | Description | | ----------------------------------------------- | ------ | ----------------- | | Authorization\* | String | Bearer JWT\_TOKEN | | Content-Type\* | String | application/json | #### Request Body | Name | Type | Description | | --------------------------------------- | ------ | -------------------------------------------------------------- | | `alg` | String | Algorithm to use (e.g. SHA2-256) | | `ext_kid` | String | External Key ID, 32 chars hex string | | `mac`\* | String | MAC calculated by `hash` operation | | `msg`\* | String | Base64 encoded HMAC of a message to validate (max. 2048 bytes) | | `pubkey` | String | Base64 encoded external public key | | `kid`\* | String | Key ID, 32 chars hex string | #### Response status code {% tabs %} {% tab title="200: Operation successful" %} {% endtab %} {% tab title="400: Incorrect argument(s)" %} {% endtab %} {% tab title="401: Missing or invalid JWT\_TOKEN" %} {% endtab %} {% tab title="403: Incorrect access scope" %} {% endtab %} {% tab title="406: Operation failed" %} {% endtab %} {% tab title="409: Incorrect internal state" %} {% endtab %} {% tab title="418: TLS connection required" %} {% endtab %} {% endtabs %} {% hint style="info" %} The key type pointed to `ext_kid` or represented by `pubkey` MUST be the same as the `kid` key type. Otherwise, indirect ECDH will fail. {% endhint %} #### Possible `alg` values Check the list [here](#possible-alg-values). #### Log entries
EventResultSource
LOG_TYPE_FAILED_SCOPE_CHECKLOG_RESULT_FAILED403
LOG_TYPE_CRYPTO_HMAC_HASHLOG_RESULT_ERROR400
LOG_TYPE_CRYPTO_HMAC_HASHLOG_RESULT_FAILED406
LOG_TYPE_CRYPTO_HMAC_HASHLOG_RESULT_OK200
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.encedo.com/hem-api/reference/api-reference/cryptography-operations/hmac.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.