I want to forward my visitors to a 3rd party paysite. This 3rd party will process their payment and POST to me a 64 character token generated from a unique order number and shared password using PHP’s hash_hmac using the sha256 algorithm, like so:

$token = hash_hmac("sha256", "12345", "sharedpassword");

Then I want to use the same algorithm on my end to generate the (hopefully) the same token to verify the user has paid. The problem is I cannot find an equivalent function or way to replicate the function in Python. The closest I’ve come is Python’s hashlib, but there doesn’t appear to be a function that can take in 2 arguments – the data and the shared password. Does anyone know of an equivalent of hash_hmac that would be applicable in this case?

You want hmac.

hmac.new("sharedpassword", "12345", hashlib.sha256).hexdigest()