PHP hash_hmac function (http://php.net/manual/en/function.hash-hmac.php) produces different key since Java interprets it binary as default. By setting true to raw_out flag, it resolves the differences.
/* * Get encoded secret */ function getHmacEncode($message, $key) { $secret = hash_hmac('sha256', $message, $key, true); return base64_encode($secret); }