Manav signed the canonical JSON below with its server secret. Hash the JSON with HMAC-SHA256 using the MANAV_SERVER_SIGNING_SECRET and compare - if it matches, this proof is authentic.
Canonical proof JSON
{"actionPayloadHash":"056a4ea5b126e42c708f89e62123aedb655d07e13b8ffee234a1aacea0f05b64","actionTitle":"Face verification · arivu","actionType":"verify_identity","actorHandle":"arivu","externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_KuSiGXqRtkHA","signedAt":"2026-06-03 15:38:06"}
Action payload hash · SHA-256 of the canonical action payload
056a4ea5b126e42c708f89e62123aedb655d07e13b8ffee234a1aacea0f05b64
Server signature · HMAC-SHA256 over canonical JSON above
65182e41759208662295afe7fefd11ae1fd4e6975e53b53457a356146dc44e11
Recompute it yourself
$ printf '%s' '{"actionPayloadHash":"056a4ea5b126e42c708f89e62123aedb655d07e13b8ffee234a1aacea0f05b64","actionTitle":"Face verification · arivu","actionType":"verify_identity","actorHandle":"arivu","externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_KuSiGXqRtkHA","signedAt":"2026-06-03 15:38:06"}' \
| openssl dgst -sha256 -hmac "$MANAV_SERVER_SIGNING_SECRET" -hex
$ # expected: 65182e41759208662295afe7fefd11ae1fd4e6975e53b53457a356146dc44e11