Manav signed the canonical JSON below with its server secret. Hash the JSON with HMAC-SHA256 using the MANAV_SERVER_SIGNING_SECRET and compare - if it matches, this proof is authentic.
Canonical proof JSON
{"actionPayloadHash":"71b3eb86a8e53444b9aa1639524d29157c23fdb1317776f942a40361221c7283","actionTitle":"Face verification · arivu","actionType":"verify_identity","actorHandle":"arivu","externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_e1J0qYWMxx9Y","signedAt":"2026-06-03 15:40:01"}
Action payload hash · SHA-256 of the canonical action payload
71b3eb86a8e53444b9aa1639524d29157c23fdb1317776f942a40361221c7283
Server signature · HMAC-SHA256 over canonical JSON above
8b84474953e58d1e0c1d263ee62bd8c3ac5822cb7e125b479d466f35d7398ca1
Recompute it yourself
$ printf '%s' '{"actionPayloadHash":"71b3eb86a8e53444b9aa1639524d29157c23fdb1317776f942a40361221c7283","actionTitle":"Face verification · arivu","actionType":"verify_identity","actorHandle":"arivu","externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_e1J0qYWMxx9Y","signedAt":"2026-06-03 15:40:01"}' \
| openssl dgst -sha256 -hmac "$MANAV_SERVER_SIGNING_SECRET" -hex
$ # expected: 8b84474953e58d1e0c1d263ee62bd8c3ac5822cb7e125b479d466f35d7398ca1