Comparing signatures

To ensure the integrity of the response, you must compare the signature contained in the IPN with the value computed in the previous step.

You should not compare the signature of the IPN with the signature that you transmitted in your payment request.
If the signatures match
  • You may consider the response as safe and proceed with the analysis.
  • Otherwise, the script will have to raise an exception and notify the merchant about the anomaly.

Example in PHP:
if ($_POST['signature'] == $sign){
    //Processing data

    throw new Exception('An error occurred while computing the signature');

The signatures may not match in case of:

  • an implementation error (error in your calculation, problem with UTF-8 encoding, etc.),
  • an error in the key value or in the vads_ctx_mode field (frequent issue when shifting to production mode),
  • a data corruption attempt.