diff --git a/kmip/demos/pie/mac.py b/kmip/demos/pie/mac.py
index 8dd8d34..d30a34d 100644
--- a/kmip/demos/pie/mac.py
+++ b/kmip/demos/pie/mac.py
@@ -50,7 +50,7 @@ if __name__ == '__main__':
     # Build the client and connect to the server
     with client.ProxyKmipClient(config=config) as client:
         try:
-            uid, mac_data = client.mac(uid, algorithm, data)
+            uid, mac_data = client.mac(data, uid, algorithm)
             logger.info("Successfully done MAC using key with ID: "
                         "{0}".format(uid))
             logger.info("MACed data: {0}".format(
diff --git a/kmip/pie/client.py b/kmip/pie/client.py
index 75d725e..fb23db4 100644
--- a/kmip/pie/client.py
+++ b/kmip/pie/client.py
@@ -575,17 +575,16 @@ class ProxyKmipClient(api.KmipClient):
             message = result.result_message.value
             raise exceptions.KmipOperationFailure(status, reason, message)
 
-    def mac(self, uid, algorithm, data):
+    def mac(self, data, uid=None, algorithm=None):
         """
         Get the message authentication code for data.
 
         Args:
+            data (string): The data to be MACed.
             uid (string): The unique ID of the managed object that is the key
                 to use for the MAC operation.
             algorithm (CryptographicAlgorithm): An enumeration defining the
                 algorithm to use to generate the MAC.
-            data (string): The data to be MACed.
-
 
         Returns:
             string: The unique ID of the managed object that is the key
@@ -598,14 +597,15 @@ class ProxyKmipClient(api.KmipClient):
             TypeError: if the input arguments are invalid
         """
         # Check inputs
-        if not isinstance(uid, six.string_types):
-            raise TypeError("uid must be a string")
-        if not isinstance(algorithm, enums.CryptographicAlgorithm):
-            raise TypeError(
-                "algorithm must be a CryptographicAlgorithm enumeration")
         if not isinstance(data, six.binary_type):
-            raise TypeError(
-                "data must be bytes")
+            raise TypeError("data must be bytes")
+        if uid is not None:
+            if not isinstance(uid, six.string_types):
+                raise TypeError("uid must be a string")
+        if algorithm is not None:
+            if not isinstance(algorithm, enums.CryptographicAlgorithm):
+                raise TypeError(
+                    "algorithm must be a CryptographicAlgorithm enumeration")
 
         # Verify that operations can be given at this time
         if not self._is_open:
@@ -615,7 +615,7 @@ class ProxyKmipClient(api.KmipClient):
             cryptographic_algorithm=CryptographicAlgorithm(algorithm))
 
         # Get the message authentication code and handle the results
-        result = self.proxy.mac(uid, parameters_attribute, data)
+        result = self.proxy.mac(data, uid, parameters_attribute)
 
         status = result.result_status.value
         if status == enums.ResultStatus.SUCCESS:
diff --git a/kmip/services/kmip_client.py b/kmip/services/kmip_client.py
index 5d4591b..8203b5c 100644
--- a/kmip/services/kmip_client.py
+++ b/kmip/services/kmip_client.py
@@ -430,12 +430,12 @@ class KMIPProxy(KMIP):
             results = self._process_batch_items(response)
             return results[0]
 
-    def mac(self, unique_identifier=None, cryptographic_parameters=None,
-            data=None, credential=None):
+    def mac(self, data, unique_identifier=None,
+            cryptographic_parameters=None, credential=None):
         return self._mac(
+            data=data,
             unique_identifier=unique_identifier,
             cryptographic_parameters=cryptographic_parameters,
-            data=data,
             credential=credential)
 
     def _create(self,
@@ -930,9 +930,9 @@ class KMIPProxy(KMIP):
         return result
 
     def _mac(self,
+             data,
              unique_identifier=None,
              cryptographic_parameters=None,
-             data=None,
              credential=None):
         operation = Operation(OperationEnum.MAC)
 
diff --git a/kmip/tests/unit/pie/test_api.py b/kmip/tests/unit/pie/test_api.py
index 5994935..d282990 100644
--- a/kmip/tests/unit/pie/test_api.py
+++ b/kmip/tests/unit/pie/test_api.py
@@ -115,4 +115,4 @@ class TestKmipClient(testtools.TestCase):
         Test that the mac method can be called without error.
         """
         dummy = DummyKmipClient()
-        dummy.mac('uid', 'algorithm', 'data')
+        dummy.mac('data', 'uid', 'algorithm')
diff --git a/kmip/tests/unit/pie/test_client.py b/kmip/tests/unit/pie/test_client.py
index ee56906..a6a0837 100644
--- a/kmip/tests/unit/pie/test_client.py
+++ b/kmip/tests/unit/pie/test_client.py
@@ -1140,7 +1140,7 @@ class TestProxyKmipClient(testtools.TestCase):
         with ProxyKmipClient() as client:
             client.proxy.mac.return_value = result
 
-            uid, mac_data = client.mac(uuid, algorithm, data)
+            uid, mac_data = client.mac(data, uuid, algorithm)
             self.assertEqual(uid, uuid)
             self.assertEqual(mac_data, data)
 
@@ -1165,17 +1165,17 @@ class TestProxyKmipClient(testtools.TestCase):
             uuid=attr.UniqueIdentifier(uuid),
             mac_data=obj.MACData(data))
 
-        args = [uuid_invalid, algorithm, data]
+        args = [data, uuid_invalid, algorithm]
         with ProxyKmipClient() as client:
             client.proxy.mac.return_value = result
             self.assertRaises(TypeError, client.mac, *args)
 
-        args = [uuid, algorithm_invalid, data]
+        args = [data, uuid, algorithm_invalid]
         with ProxyKmipClient() as client:
             client.proxy.mac.return_value = result
             self.assertRaises(TypeError, client.mac, *args)
 
-        args = [uuid, algorithm, data_invalid]
+        args = [data_invalid, uuid, algorithm]
         with ProxyKmipClient() as client:
             client.proxy.mac.return_value = result
             self.assertRaises(TypeError, client.mac, *args)
@@ -1204,7 +1204,7 @@ class TestProxyKmipClient(testtools.TestCase):
         client = ProxyKmipClient()
         client.open()
         client.proxy.mac.return_value = result
-        args = [uuid, algorithm, data]
+        args = [data, uuid, algorithm]
 
         self.assertRaisesRegexp(
             KmipOperationFailure, error_msg, client.mac, *args)
@@ -1220,7 +1220,7 @@ class TestProxyKmipClient(testtools.TestCase):
         uuid = 'aaaaaaaa-1111-2222-3333-ffffffffffff'
         algorithm = enums.CryptographicAlgorithm.HMAC_SHA256
         data = (b'\x00\x01\x02\x03\x04')
-        args = [uuid, algorithm, data]
+        args = [data, uuid, algorithm]
         self.assertRaises(
             ClientConnectionNotOpen, client.mac, *args)
 
diff --git a/kmip/tests/unit/services/test_kmip_client.py b/kmip/tests/unit/services/test_kmip_client.py
index 245e9a1..7215de3 100644
--- a/kmip/tests/unit/services/test_kmip_client.py
+++ b/kmip/tests/unit/services/test_kmip_client.py
@@ -793,16 +793,14 @@ class TestKMIPClient(TestCase):
         self.client._send_message.side_effect = verify_request
         self.client._receive_message.return_value = BytearrayStream(response)
 
-        result = self.client.mac(uuid, cryptographic_parameters,
-                                 data)
+        result = self.client.mac(data, uuid, cryptographic_parameters)
         self.assertEqual(result.uuid.value, uuid)
         self.assertEqual(result.mac_data.value, mdata)
 
         self.client._receive_message.return_value = \
             BytearrayStream(response_no_payload)
 
-        result = self.client.mac(uuid, cryptographic_parameters,
-                                 data)
+        result = self.client.mac(data, uuid, cryptographic_parameters)
         self.assertEqual(result.uuid, None)
         self.assertEqual(result.mac_data, None)