wyreup
inspect

Signed URL

Generate or verify an HMAC-signed URL (S3-presign style). Combines url-parse + hmac — append a signature and optional expiry, verify by recomputing. Canonicalized so query-param order doesn't change the signature.

Loading…

About Signed URL

Signed URL generates or verifies an HMAC-signed URL in the style of an S3 presign — appending a signature and an optional expiry so a link proves it wasn't tampered with. It combines URL parsing with HMAC, and the query parameters are canonicalized first so reordering them won't break the signature. Both signing and verification run in your browser, keeping your signing secret off any server.

Category
inspect
Input
Accepts: */*.
Output
Outputs: application/json.
Cost
Free, runs in your browser
Memory
low
Privacy: Signed URL runs entirely on your device. Files you provide never leave your browser — no uploads, no server, no tracking. The page works offline once loaded.

Common uses

  • Generate a time-limited download link whose signature you can verify server-side later
  • Debug why a presigned-style URL fails verification by recomputing the signature locally
  • Confirm that reordering query params doesn't invalidate a signature thanks to canonicalization
  • Test an expiry window by signing a URL with a short TTL and checking it past the deadline
  • Reproduce a known-good signed URL to validate your own signing implementation

Frequently asked questions

How does it handle query-parameter order?

The URL is canonicalized before signing, so the same parameters in a different order produce the same signature. That prevents spurious verification failures.

Does it support expiry?

Yes. You can attach an optional expiry to the signed URL, S3-presign style, and verification can take that deadline into account.

Is my signing secret uploaded?

No. Signing and verifying both run in your browser. The HMAC secret never leaves your device, which is essential for a credential like this.

Can it both create and check signatures?

Yes. Generate a signed URL from a secret, or verify an existing one by recomputing the signature and comparing.

What signing primitive does it use?

HMAC, the same keyed-hash approach behind S3 presigns and webhook signatures. Output is JSON describing the signed URL or the verification result.

Keywords

  • signed
  • url
  • presigned
  • hmac
  • s3
  • token
  • expiry
  • auth

Try next

URL Parse
inspect

Inspect the parts of a URL before signing or after verifying it
Webhook Verify
inspect

Verify inbound request signatures with the same HMAC convention
URL Build
create

Assemble the base URL from parts before you sign it
Color Palette
inspect

Extract dominant colors from an image as hex codes.
Image Diff
inspect

Pixel-level diff between two images of the same dimensions.
Image Info
inspect

Extract dimensions, format, and metadata from an image.
PDF Info
inspect

Extract page count and metadata from a PDF.
Hash
inspect

Compute SHA-256, SHA-1, or SHA-512 hashes of files.
JSON Formatter
inspect

Parse and pretty-print JSON with configurable indentation.
Extract PDF Tables
export

Extract tabular data from a PDF as JSON or CSV. Works well for simple tables with aligned columns and no merged cells. Complex tables, rotated text, and scanned PDFs (images) will not extract cleanly.
Topic Keywords
text

Pull the topic-bearing nouns and noun phrases out of any text. Answers "what is this about" — not "what words appear most" (try Text Frequency for that). Runs entirely in your browser.