Manav signed the canonical JSON below with its server secret. Hash the JSON with HMAC-SHA256 using the MANAV_SERVER_SIGNING_SECRET and compare - if it matches, this proof is authentic.
Canonical proof JSON
{"actionPayloadHash":"5dc466982dc7368df315c10e00dbf36f211f7b4fca6150ef01880224303839e3","actionTitle":"Verified sign-in · arivu","actionType":"verify_identity","actorHandle":"arivu","externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_bQxnM0XFYtgP","signedAt":"2026-06-03 13:46:30"}
Action payload hash · SHA-256 of the canonical action payload
5dc466982dc7368df315c10e00dbf36f211f7b4fca6150ef01880224303839e3
Server signature · HMAC-SHA256 over canonical JSON above
bcb2269b58a508223e3f236bccca3b1fc493008dce084c0c24b195ccd92f55ef
Recompute it yourself
$ printf '%s' '{"actionPayloadHash":"5dc466982dc7368df315c10e00dbf36f211f7b4fca6150ef01880224303839e3","actionTitle":"Verified sign-in · arivu","actionType":"verify_identity","actorHandle":"arivu","externalReference":null,"organizationSlug":null,"signatureSlug":"mnav_sig_bQxnM0XFYtgP","signedAt":"2026-06-03 13:46:30"}' \
| openssl dgst -sha256 -hmac "$MANAV_SERVER_SIGNING_SECRET" -hex
$ # expected: bcb2269b58a508223e3f236bccca3b1fc493008dce084c0c24b195ccd92f55ef