Comparing signatures
To ensure the integrity of the response, you must compare the signature contained in the IPN with the value computed in the previous step.
If the signatures match
- You may consider the response as safe and proceed with the analysis.
- Otherwise, the script will have to raise an exception and notify the merchant about the anomaly.
Example in PHP:
if ($_POST['signature'] == $sign){ //Processing data }else{ throw new Exception('An error occurred while computing the signature'); }
The signatures may not match in case of:
- an implementation error (error in your calculation, problem with UTF-8 encoding, etc.),
- an error in the key value or in the vads_ctx_mode field (frequent issue when shifting to production mode),
- a data corruption attempt.