Refer to the sample proxy server code for a recommended implementation of the authentication logic for a request to your proxy server from Blackboard Learn (or from the browser as redirected by Blackboard Learn). This works in conjunction with GenericParameters.java which builds up the required data from the request. Apply this validation to every authenticated request to make sure that the data received is the data Blackboard Learn intended to send.
While the sample source code is the best description of the logic to be applied here, a text description can be found here.

Note that while the rule is that 100% of the parameters (except mac) are included in the generation of the mac, there are a few that will be excluded. Refer to the sample code for the exclusion list.