Response Signature v2

overview response objects from license api endpoints contain an http header licensesignature which is an hmac sha256 signature used to verify the integrity and authenticity of the response this is not the same as the license signature in certain response objects (see response signature docid\ oucigcagcaikadwcbx9wk for that property) the licensesignature header signs the entire response object using our private key, which enables you to use our public key to verify the signature verifying response signature v2 you can use the server's public key to verify the licensesignature header by validating the signature, you ensure the response originates from licensespring's trusted servers download the server public key from the link below to implement signature verification using the example provided https //archbee doc uploads s3 amazonaws com/ijdhyjblo9loxordnwjtx/8 om1oqw9qe45obpr7mt prod pub code sample import crypto from 'node\ crypto' import dayjs from 'dayjs' import utc from 'dayjs/plugin/utc js' dayjs extend(utc) // header and response received from our servers const responselicensesignatureheader = ' '; const responsebody = { // response object from licensespring's server }; / note specifically for the activate license offline endpoint, existing signatures in the response body need to be removed before calculating the v2 signature, like this delete responsebody license signature; delete responsebody license signature v2; / const verifier = crypto createverify('rsa sha256'); verifier update(json stringify(response)); const result = verifier verify(publickey, responselicensesignatureheader, 'base64'); console log(result); // will be "true" if signature is valid