Validating the Signature

Owned by Selma Pittman
Jun 07, 2023
1 min read

To validate the Validic Signature, you may create your own signature using the components above and compare it with Validic Signature found in the Push Notification HTTP Headers. The following steps outline how to create your own signature:

HTTP

POST https://yoursite.com/notification HEADERS Accept: */* Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3 Connection: close Content-Length: 258 Content-Type: application/json Host: api.validic.com User-Agent: Faraday v0.8.8 X-Validic-Signature: iYg596AeXNSgUqEPJHu6LKIVUGU= X-Validic-Timestamp: 2015-12-08T16:04:18029095657000 BODY { "data":[ ... ] }

In this example, the Organization Access Token used is “e61467e3845e8a66f7453dc55ea3fc445d1b879a6f96ebe7b243badbeae04f63″ and Application Secret is “123ABC”.

  1. Concatenate your Organization Access Token, the service name (‘notification’) and X-Validic-Timestamp found in the Push Notification HTTP Headers. Do not use any characters to separate them. e61467e3845e8a66f7453dc55ea3fc445d1b879a6f96ebe7b243badbeae04f63notification2015-12-08T16:04:18029095657000

  2. Calculate the HMAC by using the SHA-1 hash algorithm using the Application Secret as the key.

  3. Apply Base64 encoding to the resulting string.

  4. Compare the resulting string to the Validic Signature. Your resulting string must match the X-Validic-Signature found in the Push Notification HTTP Headers.

For sample implementations on popular programming languages and scripting toolkits, you may visit Timeanddate API Services for more information.