 | Documentation Feedback |  |
Amazon Simple Pay sends you outbound notifications for both the ReturnURL and IPN notification. For the ReturnURL, it is in the form of GET data, and for IPN notification, it is POST data. When you handle these notifications, we recommend you validate the signature to ensure the notification originated from Amazon Payments.
Signature version 2 security enables you to verify the signature of the
response using a server-side call to the
VerifySignature FPS
Action. To use it, modify your returnUrl and
ipnUrl pages to parse the notification. From those components, you
assemble the relevant parameters for VerifySignature. The
result of the call from is either Success, meaning the
response is valid, or Failure, indicating the response is
suspect.
For more information on VerifySignature, see VerifySignature. In addition,
you can use the validation samples to assist creating your own validation pages. For
more information, see Understanding the
IPNAndReturnURLValidation Sample.
![[Important]](images/important.png) | Important |
|---|---|
The original implementation of signature version 2 supported a method of client-side signature validation using PKI. Client-side signature validation deprecated on 01 November, 2010. If you are using client-side signature validation now, you must switch to using the FPS action |
