Manav signed the canonical JSON below with its server secret. Hash the JSON with HMAC-SHA256 using the MANAV_SERVER_SIGNING_SECRET and compare - if it matches, this proof is authentic.
Canonical proof JSON
{"actionPayloadHash":"b1a21ee549a55ef721289986db1f6ec3d1943fa5682ef3c6fa94680479ccb211","actionTitle":"Face verification · arivu","actionType":"verify_identity","actorHandle":"arivu","externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_f2kLAjy44GIF","signedAt":"2026-06-03 15:38:42"}
Action payload hash · SHA-256 of the canonical action payload
b1a21ee549a55ef721289986db1f6ec3d1943fa5682ef3c6fa94680479ccb211
Server signature · HMAC-SHA256 over canonical JSON above
d2a09769f7d22677cc5b4fc187f867c1f167742e9d4f9a99c4f3f56598cac596
Recompute it yourself
$ printf '%s' '{"actionPayloadHash":"b1a21ee549a55ef721289986db1f6ec3d1943fa5682ef3c6fa94680479ccb211","actionTitle":"Face verification · arivu","actionType":"verify_identity","actorHandle":"arivu","externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_f2kLAjy44GIF","signedAt":"2026-06-03 15:38:42"}' \
| openssl dgst -sha256 -hmac "$MANAV_SERVER_SIGNING_SECRET" -hex
$ # expected: d2a09769f7d22677cc5b4fc187f867c1f167742e9d4f9a99c4f3f56598cac596