DigitalRiver-Signatureheader. You can use the signature to verify that Digital River sent the events, rather than a third party. You can use our libraries to verify signatures, or you can manually verify signatures.
DigitalRiver-Signatureheader. The signed payload has a timestamp that is verified by the signature, so an attacker cannot change the timestamp without invalidating the signature. If the signature is valid, but the timestamp is too old, you can have your application reject the payload.