Testing notifications

Using example values, here’s a quick test to ensure your signature check works correctly:

item Example value
version 1.0 (from the User-Agent header containing Volt/1.0)
X-Volt-Timed 1631525064
X-Volt-Signed ed22494369277d25cf8c2293d142e5fddb9cecbea1f54e28ac16db0bee3b8009
body {} (empty as in a test notification)
notification secret 9c0c8c97-c224-45ed-a195-23b54b1c67e5

Steps to test

Use the pipe delimiter (|) to concatenate the body, X-Volt-Timed and version in that order to create the string to hash

Concatenated string to hash

Hash this string using SHA256 and your notification secret

Example code (PHP)
$hash = hash_hmac('sha256', $string, $notification_secret);

If everything is correct, you should receive an HMAC signature that is identical to your X-Volt-Signed key

Generated HMAC signature for test notification

Notifications containing real data

Note that when you receive real notifications the body element should be supplied as one continuous, unformatted, string – with no spaces or slashes to break up parameters.  Don’t escape quotes, or encode accented or special characters.  So in this case your body might look like this:-


therefore your check string when concatenated (using the same X-Volt-Timed and version as earlier) would look like this:- 


and your HMAC signature (using the same notification secret as earlier) would be

Generated HMAC Signature for real data

Check your working

Use our handy interactive form to test the HMAC signature calculation – post in the details you get from a Volt notification to re-calculate the signature using your notification secret.

The body of the POST message from Volt.
The value of the X-Volt-Timed header.
Extracted from User-Agent (e.g. "Volt/2.0").
This will be used to generate the signature.