Once the response is received, you need to validate the X-verify in order to ensure that the response received is not tampered with. In order to validate the X-verify, please follow the below steps:
- Generate the checksum by using a SHA256 of the encoded body received in the response, salt key and salt index
- The salt we would use will be appended with ### to the checksum value in the checksum attribute. Upon receiving this payload, you need to look at the salt_index in the checksum attribute after ### delimiter and use the appropriate salt_index to be able to calculate checksum at their end for the said payload. If it doesn’t match, then you need to abort the request.
- Salts are already pre-shared with you at the time of onboarding
- If the value of any parameter is null, it will not be included in the calculation of the checksum