Signatures are used by Cloudinary to verify the integrity of messages sent and for authentication reasons. All Upload API methods require a signature, which is automatically handled for you when using our SDKs.
One puzzling error you might see when using one of our SDKs to make Upload API calls is "Invalid Signature", even though the signature generation should be automatic and this error message is far more common when manually generating a signature.
One cause of this is when a user for your account has previously requested that only SHA-256 encryption be used. By default, Cloudinary supports both SHA-1 and SHA-256 and uses the former for API calls using our SDKs, but you can request that only SHA-256 be used. Once you do so, you must set the following parameter when configuring your SDK:
'signatureAlgorithm' => 'sha256'
This will be in the same step where you configure your cloud name and API Key for example. Please note that SDKs will either use camelCase or kebab-case for these parameters so you may need to use `signature_algorithm` instead of `signatureAlgorithm`.
If you would like to limit your sub-accounts to use only SHA-256, please submit a support request and specify the cloud names of the sub-accounts in question.