stellar-sdk/com.soneso.stellar.sdk.sep.sep12/CallbackSignatureVerifier/verify

verify

suspend fun verify(signatureHeader: String, requestBody: String, expectedHost: String, anchorSigningKey: String, maxAgeSeconds: Long = DEFAULT_SHIM_MAX_AGE_SECONDS): Boolean

Verifies a callback signature from a SEP-12 anchor.

This shim delegates to com.soneso.stellar.sdk.sep.common.CallbackSignatureVerifier via SharedVerifier.forShim so that expectedHost is honoured verbatim and the freshness check stays one-sided, matching v0.6.0 observable behaviour.

Validates that:

  1. Signature header is properly formatted

  2. Timestamp is not older than maxAgeSeconds (one-sided check; future-dated timestamps are accepted in this shim)

  3. Signature is valid for the payload <timestamp>.<expectedHost>.<requestBody>

Return

true if signature is valid and not expired, false otherwise.

Example:

val isValid = CallbackSignatureVerifier.verify(
    signatureHeader = "t=1234567890, s=SGVsbG8gV29ybGQh",
    requestBody = """{"id":"123","status":"ACCEPTED"}""",
    expectedHost = "myapp.com",
    anchorSigningKey = "GBWMCCC3NHSKLAOJDBKKYW7SSH2PFTTNVFKWSGLWGDLEBKLOVP5JLBBP"
)
Content copied to clipboard

Parameters

signatureHeader

The Signature or X-Stellar-Signature header value (format: "t=<timestamp>, s=<signature>").

requestBody

The raw request body (JSON string).

expectedHost

The expected host string from the callback URL. Used verbatim; no URL parsing or port stripping is performed.

anchorSigningKey

The anchor's SIGNING_KEY from stellar.toml (G... address).

maxAgeSeconds

Maximum age of signature in seconds (default: 300 = 5 minutes).

Generated by Dokka
© 2026 Copyright