Manav signed the canonical JSON below with its server secret. Hash the JSON with HMAC-SHA256 using the MANAV_SERVER_SIGNING_SECRET and compare - if it matches, this proof is authentic.
Canonical proof JSON
{"actionPayloadHash":"06b366b5eebfc60467219d5b6584ef5bb7d5b1ac534be67fbdd257c668876f13","actionTitle":"Shift sign-in · Arivu · Employer B (CloudStartup)","actionType":"shift_verify","actorHandle":null,"externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_OM99OFEKztwn","signedAt":"2026-06-03 07:23:22"}
Action payload hash · SHA-256 of the canonical action payload
06b366b5eebfc60467219d5b6584ef5bb7d5b1ac534be67fbdd257c668876f13
Server signature · HMAC-SHA256 over canonical JSON above
d53205314ad5a3f66e2837a74cc493dcc6df864e4b872e0086e86b0e3bdc83ed
Recompute it yourself
$ printf '%s' '{"actionPayloadHash":"06b366b5eebfc60467219d5b6584ef5bb7d5b1ac534be67fbdd257c668876f13","actionTitle":"Shift sign-in · Arivu · Employer B (CloudStartup)","actionType":"shift_verify","actorHandle":null,"externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_OM99OFEKztwn","signedAt":"2026-06-03 07:23:22"}' \
| openssl dgst -sha256 -hmac "$MANAV_SERVER_SIGNING_SECRET" -hex
$ # expected: d53205314ad5a3f66e2837a74cc493dcc6df864e4b872e0086e86b0e3bdc83ed