Skip to Content

HMAC-SHA256 Generator


The HMAC-SHA256 Generator plugin generates a message signature using the SHA-256 hash function. The signature is returned as a hex-encoded string in the output variable Jitterbit.HMACSHA256.Signature.

This plugin is available by default on Jitterbit cloud agent groups and can also be associated with Private agent groups.


Plugins provided by Jitterbit are deprecated. See Deprecation and support in Plugins.

Download and add the plugin

The HMAC-SHA256 Generator plugin is a standard Jitterbit plugin that is already available in the Management Console Plugins page and does not need to be downloaded or added to the organization.

If directed by Jitterbit Support, this plugin can be downloaded at the links provided below and added to the organization (see Add new plugins in Customizations > Plug-ins).



Associate the plugin with an agent group

All Harmony versions of the HMAC-SHA256 Generator plugin are associated with Jitterbit cloud agent groups by default. We recommend using version

If using a private agent group, before you can use the plugin you must associate it with the private agent group to make the plugin available on all agents in the group (see Associate agent groups in Customizations > Plug-ins).

The plugin is listed in the Management Console Plugins page with a display name of Jitterbit HMAC-SHA256 Generator.

Set variables and use the plugin in a project

Refer to these topics for information about using plugins in a project:

To use the HMAC-SHA256 Generator plugin, any required global variables must be set in a script for use with the plugin. The input table below documents all possible variables for this plugin. The output table documents the signature variable output by the plugin.


Name Type Required Description
Jitterbit.HMACSHA256.Key String Required The secret key.
Jitterbit.HMACSHA256.Message String Required The message for which to create a signature.
Jitterbit.HMACSHA256.Encoding String Optional The encoding to use when translating the key and message to bytes (e.g. "UTF-8" or "ISO-8859-1"). If this value is not set, both the key and the message will be assumed to be US-ASCII.
Jitterbit.HMACSHA256.Base64EncodedKey Boolean Optional Set to true for base64-encoded keys. The default is false. If set to true, the value in the Jitterbit.HMACSHA256.Key variable is treated as a base64-encoded value.
Jitterbit.HMACSHA256.Base64EncodedMessage Boolean Optional. Set to true for base64-encoded messages. The default is false. If set to true, the value in the Jitterbit.HMACSHA256.Message variable is treated as a base64-encoded value.


Name Type Description
Jitterbit.HMACSHA256.Signature String The variable returns the signature as a hex-encoded string.

Example 1

This example script both sets the variables used as input for the HMAC-SHA256 Generator plugin, as well as runs the plugin.

//Clear result:
$Jitterbit.HMACSHA256.Signature = "";

$Jitterbit.HMACSHA256.Key = "dGVzdA==";
$Jitterbit.HMACSHA256.Message = "Test";
$Jitterbit.HMACSHA256.Encoding = "UTF-8"; // optional
$Jitterbit.HMACSHA256.Base64EncodedKey = true;
$Jitterbit.HMACSHA256.Base64EncodedMessage = false;
eval(RunPlugin("<TAG>plugin:</TAG>"), $error=GetLastError());
WriteToOperationLog("HMAC Signature: " + $Jitterbit.HMACSHA256.Signature);

The result of running this script is HMAC Signature: 52d7189b38b924d7ff81e70f1825993363df5bac2ffb2a03c73a0dbb4638759d.

Example 2 (AWS)

This example uses scripting to authenticate with the AWS REST API using AWS Signature Version 4. The first script sets the variables used as input for the HMAC-SHA256 Generator plugin and runs the plugin. The second script is for getting the AWS Signature using the first script.

Examples of the values you need to pass to AWS Signature Version 4 can be found in the AWS documentation Authenticating requests (AWS signature version 4). For additional assistance, please contact support.

Get HMAC-SHA256 Signature
ArgumentList(key, message, encoding, keyEncoded, messageEncoded);

encoding = IfEmpty(encoding, "UTF-8");
keyEncoded = IfEmpty(keyEncoded, False);
messageEncoded = IfEmpty(messageEncoded, False);

$Jitterbit.HMACSHA256.Key = key;
$Jitterbit.HMACSHA256.Message = message;
$Jitterbit.HMACSHA256.Encoding = encoding;
$Jitterbit.HMACSHA256.Base64EncodedKey = keyEncoded;
$Jitterbit.HMACSHA256.Base64EncodedMessage = messageEncoded;
eval(RunPlugin("<TAG>plugin:</TAG >"), $error=GetLastError());
AWS Signature
ArgumentList(key, dateStamp, regionName, serviceName, package);

keySecret = ("AWS4" + key);
keyDate = RunScript("<TAG>Scripts/Get HMAC-SHA256 Signature</TAG>", keySecret, dateStamp, "", False, False);
keyRegion = RunScript("<TAG>Scripts/Get HMAC-SHA256 Signature</TAG>", Base64Encode(HexToBinary(keyDate)), regionName, "", True, False);
keyService = RunScript("<TAG>Scripts/Get HMAC-SHA256 Signature</TAG>", Base64Encode(HexToBinary(keyRegion)), serviceName, "", True, False);
keySigned = RunScript("<TAG>Scripts/Get HMAC-SHA256 Signature</TAG>", Base64Encode(HexToBinary(keyService)), package, "", True, False);


The above script uses project item references in the Design Studio syntax. For syntax to use in Cloud Studio, see the RunScript documentation.