Manav signed the canonical JSON below with its server secret. Hash the JSON with HMAC-SHA256 using the MANAV_SERVER_SIGNING_SECRET and compare - if it matches, this proof is authentic.
Canonical proof JSON
{"actionPayloadHash":"671a6372a96e9c045059942f855d1e4e7ca90712fcd8175061a505449fb5fec7","actionTitle":"Face verification · arivu","actionType":"verify_identity","actorHandle":"arivu","externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_dn9_O4oTrWN4","signedAt":"2026-06-03 15:31:38"}
Action payload hash · SHA-256 of the canonical action payload
671a6372a96e9c045059942f855d1e4e7ca90712fcd8175061a505449fb5fec7
Server signature · HMAC-SHA256 over canonical JSON above
7bf8f614a8d09a59ae6e847bb3713cffced7c1cb3259c78751a86c3c6321cdac
Recompute it yourself
$ printf '%s' '{"actionPayloadHash":"671a6372a96e9c045059942f855d1e4e7ca90712fcd8175061a505449fb5fec7","actionTitle":"Face verification · arivu","actionType":"verify_identity","actorHandle":"arivu","externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_dn9_O4oTrWN4","signedAt":"2026-06-03 15:31:38"}' \
| openssl dgst -sha256 -hmac "$MANAV_SERVER_SIGNING_SECRET" -hex
$ # expected: 7bf8f614a8d09a59ae6e847bb3713cffced7c1cb3259c78751a86c3c6321cdac