Manav signed the canonical JSON below with its server secret. Hash the JSON with HMAC-SHA256 using the MANAV_SERVER_SIGNING_SECRET and compare - if it matches, this proof is authentic.
Canonical proof JSON
{"actionPayloadHash":"339cde133967cf276ec437105d5dea985e9534062e432c1c7990ac3cb9889da3","actionTitle":"Face enrollment · testfaceonly","actionType":"verify_identity","actorHandle":"testfaceonly","externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_tvPb-jBR7yi4","signedAt":"2026-06-03 15:24:20"}
Action payload hash · SHA-256 of the canonical action payload
339cde133967cf276ec437105d5dea985e9534062e432c1c7990ac3cb9889da3
Server signature · HMAC-SHA256 over canonical JSON above
bb296503a4a958663ca1603a37cc617841036bf322735a1fbfdc299e85d2cfac
Recompute it yourself
$ printf '%s' '{"actionPayloadHash":"339cde133967cf276ec437105d5dea985e9534062e432c1c7990ac3cb9889da3","actionTitle":"Face enrollment · testfaceonly","actionType":"verify_identity","actorHandle":"testfaceonly","externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_tvPb-jBR7yi4","signedAt":"2026-06-03 15:24:20"}' \
| openssl dgst -sha256 -hmac "$MANAV_SERVER_SIGNING_SECRET" -hex
$ # expected: bb296503a4a958663ca1603a37cc617841036bf322735a1fbfdc299e85d2cfac