Manav signed the canonical JSON below with its server secret. Hash the JSON with HMAC-SHA256 using the MANAV_SERVER_SIGNING_SECRET and compare - if it matches, this proof is authentic.
Canonical proof JSON
{"actionPayloadHash":"36851683092d33aeaf3f357308985af1295a32459d4e92e7df51f773290e2a0a","actionTitle":"Shift sign-in · Arivu · Employer A (TechCorp)","actionType":"shift_verify","actorHandle":null,"externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_F_at224Hrwmi","signedAt":"2026-06-03 07:28:34"}
Action payload hash · SHA-256 of the canonical action payload
36851683092d33aeaf3f357308985af1295a32459d4e92e7df51f773290e2a0a
Server signature · HMAC-SHA256 over canonical JSON above
fe319c034721e950751049d8f98b4c5708f519c963db932d8c91826e3f59ba51
Recompute it yourself
$ printf '%s' '{"actionPayloadHash":"36851683092d33aeaf3f357308985af1295a32459d4e92e7df51f773290e2a0a","actionTitle":"Shift sign-in · Arivu · Employer A (TechCorp)","actionType":"shift_verify","actorHandle":null,"externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_F_at224Hrwmi","signedAt":"2026-06-03 07:28:34"}' \
| openssl dgst -sha256 -hmac "$MANAV_SERVER_SIGNING_SECRET" -hex
$ # expected: fe319c034721e950751049d8f98b4c5708f519c963db932d8c91826e3f59ba51