Verify signature from unsigned upload

Comments

6 comments

  • Avatar
    Maor Gariv

    Hi Michal,

    Thanks for reaching out.

    The signature is returned as part of the upload response, together with the public_id, version and other details you can store in your DB.

    For more information, please refer to our docs - 

    http://cloudinary.com/documentation/upload_images#upload_response

     

    0
    Comment actions Permalink
  • Avatar
    Michal

    Thank you for you answer but my question was actually, how can I verify this signature on my server. As you said, the signature is returned as part of upload response and client sends url,public_id,signature (parts of upload response) to my server. I want to be sure that url is valid url where user uploaded his image a it is not some hack. I assume that I have to verify signature with my api_key, api_secret in some way with sent public_id. The question is How Can I do that ?

    Thanks 

    0
    Comment actions Permalink
  • Avatar
    Maor Gariv

    Hi,

     

    You can create the signature on your server, using the same parameters of the upload and then compare it with the response signature.
    This will enable you to make sure the response is valid.

    For information on creating signature - 

    https://support.cloudinary.com/hc/en-us/articles/203817991-How-to-generate-a-Cloudinary-signature-on-my-own-

     

     

    0
    Comment actions Permalink
  • Avatar
    Michal

    If  I'm not mistaken. you mean that I take alle parameters from upload response

    {
     url: 'http://res.cloudinary.com/demo/image/upload/v1312461204/sample.jpg',
     secure_url: 'https://res.cloudinary.com/demo/image/upload/v1312461204/sample.jpg',
     public_id: 'sample',
     version: '1312461204',
     width: 864,
     height: 564,
     format: 'jpg',
     created_at: '2015-10-10T09:55:32Z',
     resource_type: 'image',
     tags: [], 
     bytes: 9597, 
     type: 'upload', 
     etag: 'd1ac0ee70a9a36b14887aca7f7211737', 
     signature: 'abcdefgc024acceb1c1baa8dca46717137fa5ae0c3',
     original_filename: 'sample'
    }
    expect resource_type,type,signature,created_at. I think, I have to convert created_at into timestamp and include it into final string and then proceed as being said in this link
    http://cloudinary.com/documentation/upload_images#creating_api_authentication_signatures , right ?

    thanks

    0
    Comment actions Permalink
  • Avatar
    Maor Gariv

    Yes.. you can generate the signature using these parameters (plus the API_SECRET that should only be kept on the server side)

    0
    Comment actions Permalink
  • Avatar
    Daniel Mendoza

    To verify the signature of an unsigned upload, all that would need to be done is to use the public_id and the version of the image. I have referenced an example here using Ruby.

    1
    Comment actions Permalink

Please sign in to leave a comment.