PR's comment

client/src/main/com/sinch/sdk/auth/adapters/VerificationApplicationAuthManager.java

@@ -58,7 +58,7 @@ public Collection<Pair<String, String>> getAuthorizationHeaders(
 
     return Arrays.asList(
         new Pair<>("Authorization", AUTH_KEYWORD + " " + key + ":" + encoded),
-        new Pair<>(XTIMESTAMP_HEADER, timestamp.toString()));
+        new Pair<>(XTIMESTAMP_HEADER, timestamp));
   }
 
   private String getBodyMD5Hash(String body) {

client/src/main/com/sinch/sdk/domains/verification/adapters/WebHooksService.java

@@ -11,10 +11,8 @@
 import java.util.Map;
 import java.util.TreeMap;
 import java.util.function.Supplier;
-import java.util.logging.Logger;
 
 public class WebHooksService implements com.sinch.sdk.domains.verification.WebHooksService {
-  private static final Logger LOGGER = Logger.getLogger(WebHooksService.class.getName());
 
   private final Supplier<Map<String, AuthManager>> authManagerSupplier;
 
@@ -40,6 +38,13 @@ public boolean checkAuthentication(
     String authorizationKeyword = split.length > 0 ? split[0] : "";
     String authorizationHash = split.length > 1 ? split[1] : "";
 
+    String computedHash = computeHash(ciHeaders, authorizationKeyword, method, path, jsonPayload);
+
+    return computedHash.equals(authorizationHash);
+  }
+
+  private String computeHash(Map<String, String> ciHeaders, String authorizationKeyword,
+      String method, String path, String jsonPayload) {
     // getting content type header
     String contentTypeHeader = ciHeaders.getOrDefault("content-type", "");
 
@@ -62,9 +67,7 @@ public boolean checkAuthentication(
             .map(Pair::getRight)
             .orElse("");
     String[] newSplit = computedAuthorization.split(" ");
-    String computedHash = newSplit.length > 1 ? newSplit[1] : "";
-
-    return computedHash.equals(authorizationHash);
+    return newSplit.length > 1 ? newSplit[1] : "";
   }
 
   @Override

client/src/test/java/com/sinch/sdk/domains/verification/adapters/WebhooksServiceTest.java

@@ -41,11 +41,26 @@ void checkApplicationAuthentication() throws ApiException {
   }
 
   @Test
-  void checkApplicationAuthenticationFailure() throws ApiException {
+  void checkApplicationAuthenticationFailureOnKey() throws ApiException {
 
     Map<String, String> headers =
         Stream.of(
-                new AbstractMap.SimpleEntry<>("authorization", "application foo="),
+                new AbstractMap.SimpleEntry<>("authorization", "application badkey:xfKhO0XvlRNJraahUBEJzzi1f3Fn3pYO41/ZzwOHPaQ="),
+                new AbstractMap.SimpleEntry<>("content-type", "application/json; charset=utf-8"),
+                new AbstractMap.SimpleEntry<>("x-timestamp", "2023-12-01T15:01:20.0406449Z"))
+            .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
+
+    boolean authenticationResult =
+        webHooksService.checkAuthentication("POST", "/VerificationRequestEvent", headers, request);
+
+    Assertions.assertThat(authenticationResult).isEqualTo(false);
+  }
+  @Test
+  void checkApplicationAuthenticationFailureOnHash() throws ApiException {
+
+    Map<String, String> headers =
+        Stream.of(
+                new AbstractMap.SimpleEntry<>("authorization", "application 789:fooHash="),
                 new AbstractMap.SimpleEntry<>("content-type", "application/json; charset=utf-8"),
                 new AbstractMap.SimpleEntry<>("x-timestamp", "2023-12-01T15:01:20.0406449Z"))
             .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));