stellar-sdk/com.soneso.stellar.sdk.sep.sep12/CallbackSignatureVerifier/verify

verify

suspend fun verify(signatureHeader: String, requestBody: String, expectedHost: String, anchorSigningKey: String, maxAgeSeconds: Long = 300): Boolean

Verifies a callback signature from a SEP-12 anchor.

Validates that:

  1. Signature header is properly formatted

  2. Timestamp is within acceptable age

  3. Signature is valid for the payload

The payload is constructed as: <timestamp>.<host>.<body>

Return

true if signature is valid and not expired, false otherwise

Example:

val isValid = CallbackSignatureVerifier.verify(
    signatureHeader = "t=1234567890, s=SGVsbG8gV29ybGQh",
    requestBody = """{"id":"123","status":"ACCEPTED"}""",
    expectedHost = "myapp.com",
    anchorSigningKey = "GBWMCCC3NHSKLAOJDBKKYW7SSH2PFTTNVFKWSGLWGDLEBKLOVP5JLBBP"
)
Content copied to clipboard

Parameters

signatureHeader

The Signature or X-Stellar-Signature header value (format: "t=, s=")

requestBody

The raw request body (JSON string)

expectedHost

The expected host from the callback URL (e.g., "myapp.com")

anchorSigningKey

The anchor's SIGNING_KEY from stellar.toml (G... address)

maxAgeSeconds

Maximum age of signature in seconds (default: 300 = 5 minutes)

Generated by Dokka
© 2026 Copyright