diff --git a/AUTHORS.rst b/AUTHORS.rst
index 2b45de5..4f4d414 100644
--- a/AUTHORS.rst
+++ b/AUTHORS.rst
@@ -11,3 +11,4 @@ Contributors
 ------------
 
 * Michele Lacchia https://github.com/rubik
+* Saber Zafarpoor https://github.com/SaBeRDoTCoDeR
diff --git a/django_coinpayments/utils.py b/django_coinpayments/utils.py
index ff64da8..34ee410 100644
--- a/django_coinpayments/utils.py
+++ b/django_coinpayments/utils.py
@@ -1,8 +1,7 @@
 from django.conf import settings
 
 import hmac
-import hashlib
-from django.utils.http import urlencode
+from hashlib import sha512
 
 BCH = "BCH"
 BLK = "BLK"
@@ -66,7 +65,15 @@ def get_coins_list():
 
 
 def create_ipn_hmac(request):
-    ipn_secret = getattr(settings, 'COINPAYMENTS_IPN_SECRET', None)
-    encoded = urlencode(request).encode('utf-8')
-    hash = hmac.new(bytearray(ipn_secret, 'utf-8'), encoded, hashlib.sha512).hexdigest()
-    return hash
+    # secret = 'you sould set your API secret in here and then uncomment this line'
+
+    # for example:
+    # secret = 'mysecret'
+    secret = 'default'
+    encoded = request[2:-1]
+    computed_sig = hmac.new(
+        bytearray(secret, 'utf-8'),
+        msg=bytearray(encoded, 'utf-8'), digestmod=sha512
+    ).hexdigest()
+    print(computed_sig)
+    return computed_sig
diff --git a/django_coinpayments/views.py b/django_coinpayments/views.py
index 398ebe0..097e477 100644
--- a/django_coinpayments/views.py
+++ b/django_coinpayments/views.py
@@ -84,6 +84,7 @@ class PaymentListView(ListView):
 # HTTP_HMAC'9320f7f970294b0ea2c6e82519f839a65972c635bb137f3de859f5ede37c0adfa0607c10c8a3ce41dca3c038beab1b685013fb9fca8fdec984342e2338b5b6e0'
 @csrf_exempt
 def ipn_view(request):
+    body = str(request.body)
     p = request.POST
     ipn_mode = p.get('ipn_mode')
     if ipn_mode != 'hmac':
@@ -91,8 +92,12 @@ def ipn_view(request):
     http_hmac = request.META.get('HTTP_HMAC')
     if not http_hmac:
         return HttpResponseBadRequest('No HMAC signature sent.')
-    our_hmac = create_ipn_hmac(request)
+    # set your secret in this function if you want your code works:)
+    our_hmac = create_ipn_hmac(body)
+
     print("Our hmac == server hmac - {res}" % {'res': str(our_hmac == http_hmac)})
+    if our_hmac != http_hmac:
+        return HttpResponseBadRequest('Wrong HMAC signature provided.')
 
     merchant_id = getattr(settings, 'COINPAYMENTS_MERCHANT_ID', None)
     if p.get('merchant') != merchant_id: