Comparing signatures

In order to make sure the response is complete, you must compare the value of the signature field received in the response with the one computed in the step “Computing the IPN signature”.

You must not compare the IPN signature with the signature that you transmitted in your form.
If the signatures match,
  • You may consider the response as safe and proceed with the analysis.
  • If they do not, the script will have to throw an exception and warn the merchant .

The signatures may not match because of:

  • an implementation error (error in your calculation, problem with UTF-8 encoding, etc.),
  • an error in the value of the key or in the vads_ctx_mode (field value - frequent issue when going to live mode),
  • a data corruption attempt.