Manav signed the canonical JSON below with its server secret. Hash the JSON with HMAC-SHA256 using the MANAV_SERVER_SIGNING_SECRET and compare - if it matches, this proof is authentic.
Canonical proof JSON
{"actionPayloadHash":"78aedcb805980046634b450cea6f62ad693564db140163d7ef5753f192b7f06f","actionTitle":"Face verification · arivu","actionType":"verify_identity","actorHandle":"arivu","externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_QmOr3ugGI1j1","signedAt":"2026-06-03 15:33:27"}
Action payload hash · SHA-256 of the canonical action payload
78aedcb805980046634b450cea6f62ad693564db140163d7ef5753f192b7f06f
Server signature · HMAC-SHA256 over canonical JSON above
be8a880b97b594daa13eede952c40d80512e64efacc7877c28a68f795e4b0248
Recompute it yourself
$ printf '%s' '{"actionPayloadHash":"78aedcb805980046634b450cea6f62ad693564db140163d7ef5753f192b7f06f","actionTitle":"Face verification · arivu","actionType":"verify_identity","actorHandle":"arivu","externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_QmOr3ugGI1j1","signedAt":"2026-06-03 15:33:27"}' \
| openssl dgst -sha256 -hmac "$MANAV_SERVER_SIGNING_SECRET" -hex
$ # expected: be8a880b97b594daa13eede952c40d80512e64efacc7877c28a68f795e4b0248