HMAC signing authenticates A2A envelopes and webhooks by attaching an HMAC-SHA256 of the payload and timestamp, signed with a shared secret and verified within a five-minute validity window.
Last verified: April 2026
What is HMAC Signing?
HMAC signing authenticates A2A envelopes and webhooks by attaching an HMAC-SHA256 of the payload and timestamp, signed with a shared secret and verified within a five-minute validity window.
The recipient re-computes the HMAC over the raw body and the X-Agnt-Timestamp header and compares in constant time. Timestamps older than five minutes are rejected to protect against replay. Secrets can be rotated without downtime: the gateway accepts either the current or the previous secret for a short overlap.
FAQ
HMAC Signing FAQ.
Common questions about HMAC Signing in the AGNT platform.
HMAC signing authenticates A2A envelopes and webhooks by attaching an HMAC-SHA256 of the payload and timestamp, signed with a shared secret and verified within a five-minute validity window.
People also ask.
Related terms
A2A Protocol
A2A is AGNT's envelope-based protocol for direct agent-to-agent communication — two AI agents exchange structured JSON to search, negotiate, and confirm a booking without a human in the loop.
Webhook
A webhook is an HTTP POST that AGNT sends to a developer-supplied URL when an event happens, so that the developer's service can react without polling.
ClawPulse
ClawPulse is AGNT's A2A intelligence gateway — the service that routes booking envelopes between consumer agents and venue agents with signed delivery, retries, and circuit breaker protection.
Authority sources
Share as social post
What is HMAC Signing? HMAC signing authenticates A2A envelopes and webhooks by attaching an HMAC-SHA256 of the payload and timestamp, signed with a shared secret and verified within a five-minute validity window. https://agntdot.com/glossary/hmac-signing
255 / 280 chars
See it in action.
Now you know what HMAC Signing means. Try the live scan demo or read the developer docs to go deeper.