diff --git a/98.md b/98.md
index 48d079e..3a8ffdf 100644
--- a/98.md
+++ b/98.md
@@ -18,8 +18,8 @@ The `content` SHOULD be empty.
 
 The following tags are defined as REQUIRED.
 
-* `url` - absolute URL
-* `method` - HTTP Request Method 
+* `u` - absolute URL
+* `method` - HTTP Request Method
 
 Example event:
 ```json
@@ -31,7 +31,7 @@ Example event:
     "created_at": 1682327852,
     "tags": [
         [
-            "url",
+            "u",
             "https://api.snort.social/api/v1/n5sp/list"
         ],
         [
@@ -49,6 +49,10 @@ Servers MUST perform the following checks in order to validate the event:
 3. The `url` tag MUST be exactly the same as the absolute request URL (including query parameters).
 4. The `method` tag MUST be the same HTTP method used for the requested resource.
 
+When the request contains a body (as in POST/PUT/PATCH methods) clients SHOULD include a SHA256 hash of the request body in a `payload` tag as hex (`["payload", "<sha256-hex>"]`), servers MAY check this to validate that the requested payload is authorized.
+
+If one of the checks was to fail the server SHOULD respond with a 401 Unauthorized response code.
+
 All other checks which server MAY do are OPTIONAL, and implementation specific.
 
 ## Request Flow