Cross-language HMAC-SHA256 request signing with a defined canonical string format.
Project description
hardenlabs-hmac
Cross-language HMAC-SHA256 request signing with a defined canonical string format. Guaranteed identical signatures across C#, Python, TypeScript, and Go.
Installation
pip install hardenlabs-hmac
pip install "hardenlabs-hmac[fastapi]" # for FastAPI middleware
pip install "hardenlabs-hmac[requests]" # for requests library support
Quick Start — Server (FastAPI)
from fastapi import Depends, FastAPI, Request
from hardenlabs_hmac import HmacValidate, install_hmac_exception_handler
from hardenlabs_hmac.config import HmacConfig, HmacClientIdentity, SignedHeadersConfig
config = HmacConfig(
signed_headers=SignedHeadersConfig.default(),
timestamp_tolerance_seconds=30,
clients={
"order-service": HmacClientIdentity(shared_secret="orders-base64-secret"),
},
)
hmac_validate = HmacValidate(config)
app = FastAPI()
install_hmac_exception_handler(app)
# Protected — requires valid HMAC signature
@app.get("/api/hello")
async def hello(request: Request, _hmac: None = Depends(hmac_validate)):
return {"message": "Authenticated!"}
# Unprotected — no dependency, no HMAC required
@app.get("/health")
async def health():
return {"status": "healthy"}
Routes without Depends(hmac_validate) are not validated. Use the global HardenHmacMiddleware instead if you want all routes validated.
Public API — Server
| Symbol | Description |
|---|---|
HmacValidate(config, secret_resolver=None) |
Per-route dependency for Depends() |
install_hmac_exception_handler(app) |
Register error handler (call once per app) |
HmacValidationHttpError |
Exception raised on validation failure |
HardenHmacMiddleware |
Global middleware (validates all routes) |
Quick Start — Client
from hardenlabs_hmac.client import HmacClientFactory
from hardenlabs_hmac.config import HmacConfig, HmacTargetConfig
config = HmacConfig(
targets={
"my-service": HmacTargetConfig(
base_url="https://api.example.com",
shared_secret="your-base64-encoded-secret",
),
},
)
factory = HmacClientFactory(config)
with factory.create_sync_client("my-service") as client: # requires [httpx]; or create_requests_session() with [requests]
response = client.get("/api/hello") # automatically signed
Documentation
Full documentation, canonical string specification, and cross-language compatibility details: github.com/HardenLabs/HardenHMAC
License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file hardenlabs_hmac-1.0.tar.gz.
File metadata
- Download URL: hardenlabs_hmac-1.0.tar.gz
- Upload date:
- Size: 24.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3180ebc5fa7fe5f281c7c5ee209f80eb4a5e450865b9b0e63ed1a6a8f1075499
|
|
| MD5 |
fba4dd03f0f3b121d0c404147a42322b
|
|
| BLAKE2b-256 |
147030e4417e65caa2d8e1177806873174e46ecaaf3f903160a3501d149d8e82
|
File details
Details for the file hardenlabs_hmac-1.0-py3-none-any.whl.
File metadata
- Download URL: hardenlabs_hmac-1.0-py3-none-any.whl
- Upload date:
- Size: 18.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c9fdecbbf1624a53e27b73bcfbe9aaa0adf91d1e3ebddc39ceba605434464262
|
|
| MD5 |
0c06e648ed6e8cae622275a36598237e
|
|
| BLAKE2b-256 |
d0592fe155df19a320b1d52a2ccbfb06d68934e22df98627e8846a7deb114156
|
