diff --git a/bun.lockb b/bun.lockb
index 94e82add7..f17db01a2 100755
Binary files a/bun.lockb and b/bun.lockb differ
diff --git a/package.json b/package.json
index 2838f4c9a..63b403507 100644
--- a/package.json
+++ b/package.json
@@ -97,7 +97,9 @@
     "typescript": "^5.3.3"
   },
   "overrides": {
-    "tslib": "^2.6.2"
+    "tslib": "^2.6.2",
+    "ts-node": "10.9.2",
+    "typescript": "5.3.3"
   },
   "trustedDependencies": [
     "@sentry/cli",
diff --git a/pomelo/api/transactions/authorizations.ts b/pomelo/api/transactions/authorizations.ts
index 0d8e63042..98ba3aac7 100644
--- a/pomelo/api/transactions/authorizations.ts
+++ b/pomelo/api/transactions/authorizations.ts
@@ -25,7 +25,7 @@ export default async function authorizations(request: VercelRequest, response: V
     return response.status(403).end("forbidden");
   }
 
-  const parsed = authorizationRequest.safeParse(raw);
+  const parsed = authorizationRequest.safeParse(JSON.parse(raw));
 
   if (parsed.success) {
     const tx = await processTransaction(parsed.data);
diff --git a/pomelo/utils/buffer.ts b/pomelo/utils/buffer.ts
index 0c3e72523..beebd6360 100644
--- a/pomelo/utils/buffer.ts
+++ b/pomelo/utils/buffer.ts
@@ -1,9 +1,11 @@
 import type { Readable } from "node:stream";
 
-export default async function buffer(readable: Readable) {
-  const chunks = [];
-  for await (const chunk of readable) {
-    chunks.push(typeof chunk === "string" ? Buffer.from(chunk) : chunk);
-  }
-  return Buffer.concat(chunks);
+export default function buffer(request: Readable): Promise<Buffer> {
+  return new Promise((r) => {
+    const chunks: Buffer[] = [];
+    request.on("data", (chunk: Buffer | string) => chunks.push(Buffer.from(chunk)));
+    request.on("end", () => {
+      r(Buffer.concat(chunks));
+    });
+  });
 }
diff --git a/pomelo/utils/types.ts b/pomelo/utils/types.ts
index 9c96ef185..7a39d5bdf 100644
--- a/pomelo/utils/types.ts
+++ b/pomelo/utils/types.ts
@@ -2,7 +2,7 @@ import { z } from "zod";
 
 const country = z.enum(["ARG", "BRA", "MEX", "COL", "PER", "CHL"]);
 
-const date = z.string().datetime();
+const date = z.string();
 
 const address = z.object({
   street_name: z.string(),
@@ -110,19 +110,22 @@ export type CreateCardRequest = z.infer<typeof createCardRequest>;
 export const authorizationRequest = z.object({
   transaction: z.object({
     id: z.string().regex(/^ctx-.*/),
+    country_code: z.string(),
     type: z.string(),
     point_type: z.string(),
     entry_mode: z.string(),
-    country_code: z.string(),
     origin: z.string(),
-    source: z.string(),
-    original_transaction_id: z.string().regex(/^ctx-.*/),
+    source: z.string().optional(),
     local_date_time: date,
+    original_transaction_id: z
+      .string()
+      .regex(/^ctx-.*/)
+      .nullish(),
   }),
   merchant: z.object({
     id: z.string(),
     mcc: z.string(),
-    address: z.string(),
+    address: z.string().nullish(),
     name: z.string(),
   }),
   card: card.pick({
@@ -140,7 +143,7 @@ export const authorizationRequest = z.object({
       .object({
         type: z.string(),
         currency: z.string(),
-        amount: z.string(),
+        amount: z.number(),
         name: z.string(),
       })
       .array(),
diff --git a/pomelo/utils/verify.ts b/pomelo/utils/verify.ts
index ce9ec9c11..e40fa5a73 100644
--- a/pomelo/utils/verify.ts
+++ b/pomelo/utils/verify.ts
@@ -15,11 +15,11 @@ export function verifySignature(request: VercelRequest, body: string) {
   let signature = request.headers["x-signature"];
   const apiKey = request.headers["x-api-key"];
 
-  if (!valid(endpoint) || !valid(timestamp) || !valid(apiKey) || Array.isArray(apiKey) || !valid(signature)) {
+  if (!valid(endpoint) || !valid(timestamp) || !valid(apiKey) || !valid(signature)) {
     return false;
   }
 
-  if (!POMELO_API_KEY) return false;
+  if (apiKey !== POMELO_API_KEY || !POMELO_API_SECRET) return false;
 
   if (signature.startsWith("hmac-sha256")) {
     signature = signature.replace("hmac-sha256 ", "");
@@ -28,7 +28,7 @@ export function verifySignature(request: VercelRequest, body: string) {
   }
 
   const hmac = crypto
-    .createHmac("sha256", Buffer.from(POMELO_API_KEY, "base64"))
+    .createHmac("sha256", Buffer.from(POMELO_API_SECRET, "base64"))
     .update(timestamp)
     .update(endpoint)
     .update(body);
@@ -47,11 +47,11 @@ export function signResponse(request: VercelRequest, response: VercelResponse, t
     return response.status(400).end("bad request");
   }
 
-  if (!POMELO_API_KEY) return response.status(500).end("internal server error");
+  if (apiKey !== POMELO_API_KEY || !POMELO_API_SECRET) return response.status(500).end("internal server error");
 
   const timestamp = Math.floor(Date.now() / 1000).toString();
 
-  const hmac = crypto.createHmac("sha256", Buffer.from(POMELO_API_KEY, "base64")).update(timestamp).update(endpoint);
+  const hmac = crypto.createHmac("sha256", Buffer.from(POMELO_API_SECRET, "base64")).update(timestamp).update(endpoint);
   if (text) hmac.update(text);
 
   const hash = hmac.digest("base64");