Manav signed the canonical JSON below with its server secret. Hash the JSON with HMAC-SHA256 using the MANAV_SERVER_SIGNING_SECRET and compare - if it matches, this proof is authentic.
Canonical proof JSON
{"actionPayloadHash":"31f31776035da70e9695f00e1e365415c9d10c9b877bc080951e12b84ae4c141","actionTitle":"Shift sign-in · Arivu · Employer B (CloudStartup)","actionType":"shift_verify","actorHandle":null,"externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_crD2PTHNlhaU","signedAt":"2026-06-03 07:28:42"}
Action payload hash · SHA-256 of the canonical action payload
31f31776035da70e9695f00e1e365415c9d10c9b877bc080951e12b84ae4c141
Server signature · HMAC-SHA256 over canonical JSON above
0f4909fcb1a8f722c011381cdfa35d0809222accb97d8a3b590a92c9e3bfeb9d
Recompute it yourself
$ printf '%s' '{"actionPayloadHash":"31f31776035da70e9695f00e1e365415c9d10c9b877bc080951e12b84ae4c141","actionTitle":"Shift sign-in · Arivu · Employer B (CloudStartup)","actionType":"shift_verify","actorHandle":null,"externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_crD2PTHNlhaU","signedAt":"2026-06-03 07:28:42"}' \
| openssl dgst -sha256 -hmac "$MANAV_SERVER_SIGNING_SECRET" -hex
$ # expected: 0f4909fcb1a8f722c011381cdfa35d0809222accb97d8a3b590a92c9e3bfeb9d