There is an issue with signature creation for requests involving emails (subaccount requests).

The query params are encoded and then the signature is created from encoded query, but for the signature to be correct, it has to be created on decoded query, and encoded after signature is created.

email=xxx%40xxx.com this is encoded, and therefore creates wrong signature, so we need to decode it, when creating the signature.

I encountered this only for emails in params, but could also happen in other cases

There is a simple fix to it by replacing query with decodeURIComponent(query) on line 331 when creating signature under signedRequest method.