BestHub
search
Sign in
Information Security 6 min read

Using Python hashlib and hmac Modules for Data Security in API Automation

This article explains how Python's hashlib and hmac modules can be applied in API automation to compute hashes, generate salted password hashes, create HMACs, verify data integrity, encrypt sensitive information, and produce secure tokens, providing ten practical code examples.

Test Development Learning Exchange
Test Development Learning Exchange
Test Development Learning Exchange
Using Python hashlib and hmac Modules for Data Security in API Automation

In API automation, ensuring data security is crucial; Python's hashlib and hmac modules provide hashing and message‑authentication mechanisms that protect data integrity and confidentiality.

Compute string hash

import hashlib
data = "Hello, world!"
hash_value = hashlib.sha256(data.encode()).hexdigest()
print("SHA-256 hash:", hash_value)

Compute file hash

import hashlib
def calculate_hash(file_path):
    with open(file_path, "rb") as file:
        content = file.read()
        hash_value = hashlib.md5(content).hexdigest()
        return hash_value
file_path = "path/to/file.txt"
hash_value = calculate_hash(file_path)
print("File MD5 hash:", hash_value)

Use HMAC for message authentication

import hmac
import hashlib
key = b"secret_key"
message = "Hello, world!"
hmac_value = hmac.new(key, message.encode(), hashlib.sha256).hexdigest()
print("HMAC value:", hmac_value)

Verify HMAC value

import hmac
import hashlib
key = b"secret_key"
message = "Hello, world!"
hmac_value = "..."
computed_hmac = hmac.new(key, message.encode(), hashlib.sha256).hexdigest()
if hmac.compare_digest(hmac_value, computed_hmac):
    print("HMAC is valid")
else:
    print("HMAC is invalid")

Salted hash for password storage

import hashlib
import os

def hash_password(password):
    salt = os.urandom(16)
    hash_value = hashlib.pbkdf2_hmac("sha256", password.encode(), salt, 100000)
    return salt + hash_value

def verify_password(password, stored_hash):
    salt = stored_hash[:16]
    stored_hash = stored_hash[16:]
    hash_value = hashlib.pbkdf2_hmac("sha256", password.encode(), salt, 100000)
    return hmac.compare_digest(stored_hash, hash_value)

password = "my_password"
stored_hash = hash_password(password)
if verify_password(password, stored_hash):
    print("Password verification passed")
else:
    print("Password verification failed")

Use hash for data checksum

import hashlib

def generate_checksum(data):
    checksum = hashlib.md5(data).hexdigest()
    return checksum

def verify_checksum(data, checksum):
    computed_checksum = hashlib.md5(data).hexdigest()
    if computed_checksum == checksum:
        return True
    else:
        return False

data = "Hello, world!"
checksum = generate_checksum(data)
print("Checksum:", checksum)
if verify_checksum(data, checksum):
    print("Checksum is valid")
else:
    print("Checksum is invalid")

Encrypt sensitive information

import hashlib

def encrypt_data(data):
    encrypted_data = hashlib.sha256(data.encode()).hexdigest()
    return encrypted_data

sensitive_data = "sensitive_info"
encrypted_data = encrypt_data(sensitive_data)
print("Encrypted sensitive info:", encrypted_data)

Compare hashes of sensitive information

import hashlib

def compare_hash(data1, data2):
    hash1 = hashlib.sha256(data1.encode()).hexdigest()
    hash2 = hashlib.sha256(data2.encode()).hexdigest()
    if hash1 == hash2:
        return True
    else:
        return False

data1 = "sensitive_info"
data2 = "sensitive_info"
if compare_hash(data1, data2):
    print("Sensitive information matches")
else:
    print("Sensitive information does not match")

Generate random secure token

import hashlib
import secrets

def generate_token():
    token = secrets.token_hex(16)
    return token

security_token = generate_token()
print("Secure token:", security_token)

Verify data integrity

import hashlib

def generate_hash(data):
    hash_value = hashlib.md5(data.encode()).hexdigest()
    return hash_value

def verify_integrity(data, hash_value):
    computed_hash = generate_hash(data)
    if computed_hash == hash_value:
        return True
    else:
        return False

data = "Hello, world!"
hash_value = generate_hash(data)
if verify_integrity(data, hash_value):
    print("Data integrity verification passed")
else:
    print("Data integrity verification failed")

By leveraging hashlib and hmac , developers can easily implement encryption, hash computation, message authentication, and integrity checks, ensuring secure handling of data in real‑world API automation scenarios.

pythonAPI automationencryptionData SecurityhashlibHMAC
Test Development Learning Exchange
Written by

Test Development Learning Exchange

Test Development Learning Exchange

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment