Manav signed the canonical JSON below with its server secret. Hash the JSON with HMAC-SHA256 using the MANAV_SERVER_SIGNING_SECRET and compare - if it matches, this proof is authentic.
Canonical proof JSON
{"actionPayloadHash":"3f1ea3fb6e6fe16ed1e2e2b8b9f850ba733a48a9d73827d26d27083a1f538209","actionTitle":"Face enrollment · arivu","actionType":"verify_identity","actorHandle":"arivu","externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_s_ZIoTxSJ2ht","signedAt":"2026-06-03 15:26:15"}
Action payload hash · SHA-256 of the canonical action payload
3f1ea3fb6e6fe16ed1e2e2b8b9f850ba733a48a9d73827d26d27083a1f538209
Server signature · HMAC-SHA256 over canonical JSON above
f48270288a07cf28a845595e5571d4cc748b9a9b5c1ea02ba5aa865cc8634637
Recompute it yourself
$ printf '%s' '{"actionPayloadHash":"3f1ea3fb6e6fe16ed1e2e2b8b9f850ba733a48a9d73827d26d27083a1f538209","actionTitle":"Face enrollment · arivu","actionType":"verify_identity","actorHandle":"arivu","externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_s_ZIoTxSJ2ht","signedAt":"2026-06-03 15:26:15"}' \
| openssl dgst -sha256 -hmac "$MANAV_SERVER_SIGNING_SECRET" -hex
$ # expected: f48270288a07cf28a845595e5571d4cc748b9a9b5c1ea02ba5aa865cc8634637