How to generate a Cloudinary signature on my own?

Generally Cloudinary provides a comprehensive API client-libraries in order to save you the hassle of generating the HTTP request and the signature by yourself.

If you still require doing that on your own, you might want to check out how it's done on our client libraries. Below are some references to start from:

Ruby On Rails:
api_sign_request(params_to_sign, api_secret)

PHP:
api_sign_request($params_to_sign, $api_secret)

Node JS:
api_sign_request = function(params_to_sign, api_secret)

Java:
apiSignRequest(Map<String, Object> paramsToSign, String apiSecret)

Django:
api_sign_request(params_to_sign, api_secret)

.NET:
SignParameters(IDictionary<string, object> parameters)

Few more tips:

  1. The string to sign must consist of a valid Timestamp (UNIX format), your account's api_secret and any additional upload parameter in use.
  2. String to sign must contain all required parameters sorted alphabetically, and end with the api_secret.
  3. api_secret should never be revealed to anyone who is not authorized, therefore should never be used on the client side or inside your native application.
  4. Mobile native applications must either use an unsigned-upload or have a server to process the signature on.
  5. A signature is only valid for 1 hour since the timestamp it's based on.
  6. Sanity check - Signing the following string:
    "public_id=sample_image&timestamp=1315060510abcd"
    where `abcd` is the api_secret, should result with the following signature:
    "b4ad47fb4e25c7bf5f92a20089f9db59bc302313"
  7. More information is available here:
    http://cloudinary.com/documentation/upload_images#creating_api_authentication_signatures
Have more questions? Submit a request

Comments

  • Avatar
    William Jamieson

    Modeling your sample into a SHA1 digest hex doesn't work with your server. I think there is something missing or out of date. What about the HTTP headers?

  • Avatar
    Nadav Ofir

    William, feel free to share with us your signature generation code (Make sure to remove any secret/private credentials first) so we can further investigate.
    You can also do that by opening a support ticket, if privacy is an issue.

Powered by Zendesk