Skip to end of metadata
Go to start of metadata


The HMAC-SHA256 Generator plugin is used to generate a message signature using the SHA-256 hash function. The signature is returned as a hex-encoded string in the output variable Jitterbit.HMACSHA256.Signature.

Global Variables

To use this plugin, any required global variables must be set in a script for use with the plugin. The input table below documents all possible variables for this plugin. The output table documents the signature variable output by the plugin.


Jitterbit.HMACSHA256.KeystringRequiredThe secret key.
Jitterbit.HMACSHA256.MessagestringRequiredThe message for which to create a signature.
Jitterbit.HMACSHA256.EncodingstringOptionalThe encoding to use when translating the key and message to bytes (e.g. "UTF-8" or "ISO-8859-1"). If this value is not set, both the key and the message will be assumed to be US-ASCII.

Set to "true" for base64-encoded keys. The default is "false". If set to "true", the value in the Jitterbit.HMACSHA256.Key variable is treated as a base64-encoded value.

NOTE: This variable is available only in version or higher of this plugin.

Set to "true" for base64-encoded messages. The default is "false". If set to "true", the value in the Jitterbit.HMACSHA256.Message variable is treated as a base64-encoded value.

NOTE: This variable is available only in version or higher of this plugin.


Jitterbit.HMACSHA256.SignaturestringThe variable returns the signature as a hex-encoded string.

Example 1

This example script both sets the variables used as input for the HMAC-SHA256 Generator plugin, as well as runs the plugin.

//Clear result: 
$Jitterbit.HMACSHA256.Signature = ""; 

$Jitterbit.HMACSHA256.Key = "dGVzdA=="; 
$Jitterbit.HMACSHA256.Message = "Test"; 
$Jitterbit.HMACSHA256.Encoding = "UTF-8"; // optional 
$Jitterbit.HMACSHA256.Base64EncodedKey = true;
$Jitterbit.HMACSHA256.Base64EncodedMessage = false;
eval(RunPlugin("<TAG>plugin:</TAG>"), $error=GetLastError()); 
WriteToOperationLog("HMAC Signature: " + $Jitterbit.HMACSHA256.Signature); 

The result of running this script is HMAC Signature: 52d7189b38b924d7ff81e70f1825993363df5bac2ffb2a03c73a0dbb4638759d.

Example 2 (AWS)

This example uses scripting to authenticate with the AWS REST API using AWS Signature Version 4. The first script sets the variables used as input for the HMAC-SHA256 Generator plugin and runs the plugin. The second script is for getting the AWS Signature using the first script.

Examples of the values you need to pass to AWS Signature Version 4 can be found in the AWS documentation Authenticating Requests (AWS Signature Version 4). For additional assistance, please contact support.

Get HMAC-SHA256 Signature
ArgumentList(key, message, encoding, keyEncoded, messageEncoded);

encoding = IfEmpty(encoding, "UTF-8");
keyEncoded = IfEmpty(keyEncoded, False);
messageEncoded = IfEmpty(messageEncoded, False);

$Jitterbit.HMACSHA256.Key = key;
$Jitterbit.HMACSHA256.Message = message;
$Jitterbit.HMACSHA256.Encoding = encoding;
$Jitterbit.HMACSHA256.Base64EncodedKey = keyEncoded;
$Jitterbit.HMACSHA256.Base64EncodedMessage = messageEncoded;
eval(RunPlugin("<TAG>plugin:</TAG >"), $error=GetLastError());
AWS Signature
ArgumentList(key, dateStamp, regionName, serviceName, package);
keySecret = ("AWS4" + key);
keyDate = RunScript("<TAG>Scripts/Get HMAC-SHA256 Signature</TAG>", keySecret, dateStamp, "", False, False);
keyRegion = RunScript("<TAG>Scripts/Get HMAC-SHA256 Signature</TAG>", Base64Encode(HexToBinary(keyDate)), regionName, "", True, False);
keyService = RunScript("<TAG>Scripts/Get HMAC-SHA256 Signature</TAG>", Base64Encode(HexToBinary(keyRegion)), serviceName, "", True, False);
keySigned = RunScript("<TAG>Scripts/Get HMAC-SHA256 Signature</TAG>", Base64Encode(HexToBinary(keyService)), package, "", True, False);      
NOTE: The above script uses project item references in the Design Studio syntax. For syntax to use in Cloud Studio, see the RunScript() documentation.