This is a security question, not actual coding.
The idea is to produce a HMAC using hexdigest method.
Is it considered safe to use the application secret for HMAC encryption key?
The encryption/decryption only happens on the server, so there will be no key exchange.
Is there anything to be considered against it?
I'm not sure why you would apply an HMAC to data that never leaves the server.
The HMAC key and the application secret_token are different lengths, so you will need to decide what algorithm you will use to truncate it.
Whilst I cannot point to any particular security vulnerability in using some derivative of the application secret_token as the HMAC key, it's generally not a good idea to reuse encryption keys, because all uses are compromised if the key is ever guessed or exposed. It's no extra burden to store two values than it is to store one.
A later developer might not realize that the secret_token is used for multiple purposes and may decide to change the value for some reason, without understanding the unintended collateral effect. It might not even be another developer... you, yourself might forget the dual use of the parameter a month, year, decade from now.
It's always good practice if the name of a variable offers some insight into its function. So I would suggest creating a new variable for keying the HMAC and giving it a name that unambiguously reflects its use.