All service request and response messages must have a Signature parameter and will be validated by payment gateway to prevent data tampering. If the signature is invalid then the payment gateway will return HTTP Status 401.
It’s highly RECOMMENDED for merchants to perform similar validation to ensure data validity against the origin source. Repeat the same steps from 1 - 4 described in generate signature and compare with the signature received from the payment gateway.