HMAC (Hash-based Message Authentication Code) is a cryptographic mechanism that uses a secret key combined with a hash function to verify both the integrity and authenticity of a message.
What is HMAC?
HMAC (Hash-based Message Authentication Code) is a cryptographic signing mechanism that verifies two things:
- Integrity — The message has not been modified in transit
- Authenticity — The message truly comes from the legitimate sender
How Does HMAC Work?
HMAC combines a secret key shared between sender and receiver with a hash function (SHA-256, SHA-512, etc.):
- The sender creates a hash of the message using the secret key:
HMAC(key, message) = signature - The signature is sent along with the message
- The receiver recalculates the hash with the same key and compares
- If signatures match, the message is authentic and intact
HMAC in AI Tracking
In the context of AI tracking, HMAC is used to sign events sent from the tracker to the server. This prevents:
- Fake event injection — An attacker cannot fabricate false crawls or referrals
- Transit modification — Data cannot be altered between tracker and server
- Replay attacks — Combined with timestamps, old events cannot be replayed