HMAC stands for Hash-based Message Authentication Code. It is a specific type of message authentication code (MAC) that includes a cryptographic hash function and a secret cryptographic key. HMAC can be used to verify both the data integrity and authenticity of a message at the same time. It is a type of key hash function that can also be used in a “key derivation scheme” or a “key stretching scheme”.

HMAC can provide authentication using a shared secret instead of using digital signatures with asymmetric cryptography. It trades in the need for a complex public key infrastructure by delegating the key exchange to the communicating parties, who are responsible for setting up and using a trusted channel to agree on the key prior to communication.