On This Page
REST API
Validating a Notification
To validate a notification, you must use the digital signature key to generate your own signature and
match it with the signature in the notification. The digital signature of the notification is
contained in the
sig
parameter of the v-c-signature
header
of the notification.When you sent the API request that created the digital signature key,
you received a response that contains a
keyInformation
array. The
keyInformation
array contains a keyinformation.key
field which contains the digital signature key and a keyinformation.keyId
field that identifies the digital signature key. The keyinformation.key
field is required to generate your own signature, which you can use to validate the
notification's signature. Follow these steps to validate the integrity of a notification.
- Split the signature by semicolon and extractt,keyId, andsig.
- UsekeyIdto fetch the digital signature key.
- Generate the payload by concatenating the timestamp with a period character (.) and the payload from the body of the notification.
- Use the SHA256 algorithm to encrypt the generated payload from Step 3 using the key from Step 2.
- Verify that the encrypted value matches the value insig.