Samsung IAP ISN Signature

The Samsung In-App Purchase (IAP) Instant Server Notification (ISN) is signed using the JSON Web Token (JWT) standard and can be verified using open source libraries or your own implementation. It is encoded in base64 format, but there is no need to decode it as the signature is not human readable.

By verifying the signature of a notification received from the Samsung IAP ISN service, you are assured that the content of the message is created by Samsung and has not been tampered.

For code examples on how to use your IAP public key to verify the notifications you receive from the Samsung IAP ISN service, see Notification Verification Examples.

Example signature

HKoLD9adhbbDoFhjBkoYP1PxWro6c9pPobM5OLPrQW_mfzXO7u-iND5J-oWyMVwmUQEdJBXfwFMyU-BFU4OJyicQFmpbPKxxJMgp8N78jBtK-0wxvk4l_o7Q7A2h6JMe3rVelMqfYh8eD667MfqEc2Gkk0STK5rGk6zIhXWI_J1ajbgbHLK6kUxwUXTqxNUF4vBfSauWOrwJgmPM6RhmIm55WzS5p-5RqRBrqqwNF-pYvxFKkJRSTamCcfMAnfL_TVIZLRYkRd3ofw0Tvtl1kdyJhOKq5NbF4iaNDRt2qAVuDqOLLowXkDbRvWvu23zsQckBfH0omLQtC1gY_-s6pA