...
x-pkisigning-timestamp: the value of this header prevents against replay attacks and should be checked by the receiver. Normally there should not be more than a few seconds difference in time when the time of receiving system is synced through NTP.
x-pkisigning-publickey:tThis This value contains a PKCS7 encoded certificate that was used to sign the callback request. Validate if the certificate is provided by a valid trusted service provider, is not revoked, is within its validity period and most important if the certificate contains a PKIsigning domain (either we use the top level domains PKIsigning.io or and PKIsigning.nl).
x-pkisigning-signature: this value contains the RSASHA256 signature of the contents combined with the timestamp. To check the signature follow the following procedure:
obtain the raw bytes of the payload (UTF-8 encoding)
obtain the bytes of the timestamp (UTF-8 encoding)
concatenate both byte sequences into one byte sequence
verify the signature against the certificate
...