Crate iron_hmac [] [src]

Iron middleware for HMAC authentication

This package contains BeforeMiddleware for authenticating HTTP requests and AfterMiddleware for signing response. The HMAC stragegy is presently hardcoded as follows using an SHA-256 hash.

For requests, the expected hmac is

hmac(hmac(request.method) + hmac(request.path) + hmac(request.body))

The response is signed with an hmac generated with


Middleware can be obtained with the following calls

use iron_hmac::Hmac256Authentication;

let secret = "<your shared hmac secret here>";
let header_name = "x-my-hmac";

let (hmac_before, hmac_after) = Hmac256Authentication::middleware(secret, header_name);

The middleware is linked in the usual way.


If you wish to use the openssl backed implementation, set default-features = false in addition to adding features = ["hmac-openssl"].



Iron middleware for validation hmac headers on requests and signing responses.


Key used for HMAC computation