FazerCards Glossary
HMAC
Hash-based Message Authentication Code — a cryptographic construction (key + hash) that proves a message originated from someone who knows the key and wasn't modified in transit.
HMAC is a standard way to sign messages with a shared secret. In the FazerCards webhook flow, the secret is the webhook signing secret in your reseller panel, the message is the raw POST body, and the hash is SHA-256. The result is a hex string that goes into the X-FazerCards-Signature header.
Key facts
- Standard algorithm — built in to Node crypto, Python hmac, Go crypto/hmac.
- Always use a timing-safe compare on the receiver side.
- Same construction used by Stripe, GitHub, Slack webhooks.