signedPayload =
{"iat":"2026-06-21T10:28-0400",
    "site":"www.staples.ca"
}

signedPayload | strip_newlines
{"iat":"2026-06-21T10:28-0400",    "site":"www.staples.ca"}

signedPayload | strip_newlines| hmac_sha256
d471bba108b3433a360731421dd93a77f840aa7a8c820460b0da766851d5ab9b

SECRET: s3cr3ts_Ar3_T0ugh

JSON Payload

4c0f35a7-2b1c-40f4-9741-d59aa0745cc7

signedPayload is all server side generated.

signature is server side generated/calculated. This is calculated by taking the json string from signedPayload, and stripping all "\n", and then hmac_hash('sha256', payloadStrippedOfNewLines, SecretString)

Signature is stripped of all newlines, and no spaces around ":".

Exact LIQUID syntax is: assign signature = signedPayload | strip_newlines| hmac_sha256: 's3cr3ts_Ar3_T0ugh'

unsignedPayload, can be populated with whatever you want.

Algo for this page. (SS: Server Side/Liquid, CS: client side)

SS: fetch customer[id,email,site,iat]
- strip new lines
- when generating the json, no extra white spaces
SS: hmac_sha256
CS: fetch cart, and misc items
SEE Console.log for post results to "post"

URL (relative, or absolute) to post to