Gridy ID
Gridy ID
- Overview
- Quickstart
- API Reference
  API Reference
  - Overview
    Overview
    
    API Endpoints
    
    API Access
    
    API Responses
    
    API Hosts
    
    API Status
    
    OpenAPI definition
    
    Postman collection
    
    Client Libraries
  - Endpoints
    Endpoints
    
    /challenge
    
    /verify
    
    /status
    
    /time
    
    /blocked
  - Security
    Security
    
    Authentication
    
    Rate Limits
  - Error Codes
  - Examples
    Examples
    
    New Challenge
    
    Cancel Challenge
    
    Verify Auth Code
    
    Check Status
    
    Check Blocked
    
    Get Time
- API Clients
  API Clients
  - Java
  - Dart
  - Python
  - PHP
  - JS
  - Other
- Auth. Types
  Auth. Types
  - QR Keys
  - Cube ID
  - Face ID
  - Voice ID
  - Pin ID
  - TOTP
- Roles & Permissions
  Roles & Permissions
  - Overview
  - Examples
    Examples
    
    Add New Role
    
    Remove Role
- Block Rules
  Block Rules
  - Overview
  - Examples
    Examples
    
    Enable Blocked Rules
    
    View Blocked Rules
    
    Block Users
    
    Block IPv4 Addresses
    
    Block IPv4 Ranges
    
    Block Country IPv4 Range
- Monitoring
  Monitoring
  - Overview
  - Events
    Events
    
    onNewChallenge
    
    onCancelChallenge
    
    onNewQRKeysChallenge
    
    onNewCubeChallenge
    
    onNewVoiceChallenge
    
    onNewFaceChallenge
    
    onNewPinChallenge
    
    onVerifyCode
    
    onQRKeysAuth
    
    onVoiceAuth
    
    onFaceAuth
    
    onCubeAuth
    
    onPinAuth
    
    onFailedAttempt
    
    onMaxAttempts
    
    onAcctBlocked
    
    onIPAddrBlock
    
    onIPRangeBlock
    
    onUserBlock
    
    onTorExitNodeBlock
    
    onPublicProxyBlock
    
    onAnonymousProxyBlock
    
    onGeoIPCtryBlock
    
    onApi500Status
    
    onApi400Status
    
    onApi200Status
    
    onApi202Status
    
    onApi204Status
- Alerting
  Alerting
  - Overview
  - Webhooks
  - Email
- History
- Account
- Account Lock
- One-Tap Auth.
- Administrators
- CLI
- Tools
  Tools
  - Login Demo
  - QR Code Logo Builder
  - Login Form Builder
    Login Form Builder
    
    Bootstrap v4
  - API Explorer
  - HMAC Tool
Gridy Authenticator
Gridy Authenticator
- Quick Start
- Sign Up
- Authentication
  Authentication
  - QR Keys
  - Cube ID
  - Face ID
  - Voice ID
  - Pin ID
  - TOTP
- History
- Account Lock
- Screen Lock
- Linked Accounts
- Settings
- Screens
Gridy ID (Community Ed.)
Gridy ID (Community Ed.)
- Overview
- Case Study
Gridy OTP
Gridy OTP
- Overview
- How it Works
- Getting Started
- Works With
  Works With
  - Google/Gmail
  - Others
Gridy Block
Gridy Block
- Overview
- API Reference
  API Reference
  - Endpoint
    Endpoint
    
    /blocked
  - Security
    Security
    
    Authentication
    
    Rate Limits
  - Error Codes
  - Examples
    Examples
    
    Check Blocked
- Setup
  Setup
Gridy Docs
Gridy Docs
- Overview
Gridy Vault
Gridy Vault
- Overview
Gridy Age
Gridy Age
- Overview
FAQ
Roadmap
Roadmap
- 2025
  2025
  - Docs
- 2026
  2026
  - Vault
  - Age
  - Coin
Integrations
Blog

HMAC Tool

Gridy APIs use a Hash-based Message Authentication Code (HMAC) to add an HMAC signature to the HTTP Authorization header of each API request. This security measure provides maximum protection against man-in-the-middle and session replay attacks.

HMAC signing provides these added security benefits:

The API Secret is never transmitted, but encrypts the HMAC from the sender-side and decrypts it from the server-side.
The HMAC signature validates that the message was not tampered with or altered in transit. Any change to the message invalidates the HMAC.
The HMAC signature includes a nonce (one-time code) that prevents replay attack

Use the HMAC Tool to generate an HTTP Authorization header for use with the API Explorer.

Go to https://gridy.io/play and select the HMAC Tool from the Playground menu.

Enter your API User ID & API Secret Key to generate the HTTP Authorization header required when using the API Explorer.

Learn more