Manav signed the canonical JSON below with its server secret. Hash the JSON with HMAC-SHA256 using the MANAV_SERVER_SIGNING_SECRET and compare - if it matches, this proof is authentic.
Canonical proof JSON
{"actionPayloadHash":"97cc9ed1c8d48c7f306604eb8acf1ecd4a1e43c2d3f8860719736ffca3d37397","actionTitle":"Face verification · arivu","actionType":"verify_identity","actorHandle":"arivu","externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_8EjqbEgP-9T3","signedAt":"2026-06-03 15:27:02"}
Action payload hash · SHA-256 of the canonical action payload
97cc9ed1c8d48c7f306604eb8acf1ecd4a1e43c2d3f8860719736ffca3d37397
Server signature · HMAC-SHA256 over canonical JSON above
74020ec13bb48dff49ee8a75197285010e43d0584a28d28fe4ee3cd05d3db6c1
Recompute it yourself
$ printf '%s' '{"actionPayloadHash":"97cc9ed1c8d48c7f306604eb8acf1ecd4a1e43c2d3f8860719736ffca3d37397","actionTitle":"Face verification · arivu","actionType":"verify_identity","actorHandle":"arivu","externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_8EjqbEgP-9T3","signedAt":"2026-06-03 15:27:02"}' \
| openssl dgst -sha256 -hmac "$MANAV_SERVER_SIGNING_SECRET" -hex
$ # expected: 74020ec13bb48dff49ee8a75197285010e43d0584a28d28fe4ee3cd05d3db6c1