Skip to main content

Verify signature from unsigned upload



  • Maor Gariv

    Hi Michal,

    Thanks for reaching out.

    The signature is returned as part of the upload response, together with the public_id, version and other details you can store in your DB.

    For more information, please refer to our docs -


  • Michal

    Thank you for you answer but my question was actually, how can I verify this signature on my server. As you said, the signature is returned as part of upload response and client sends url,public_id,signature (parts of upload response) to my server. I want to be sure that url is valid url where user uploaded his image a it is not some hack. I assume that I have to verify signature with my api_key, api_secret in some way with sent public_id. The question is How Can I do that ?


  • Maor Gariv



    You can create the signature on your server, using the same parameters of the upload and then compare it with the response signature.
    This will enable you to make sure the response is valid.

    For information on creating signature -



  • Michal

    If  I'm not mistaken. you mean that I take alle parameters from upload response

     url: '',
     secure_url: '',
     public_id: 'sample',
     version: '1312461204',
     width: 864,
     height: 564,
     format: 'jpg',
     created_at: '2015-10-10T09:55:32Z',
     resource_type: 'image',
     tags: [], 
     bytes: 9597, 
     type: 'upload', 
     etag: 'd1ac0ee70a9a36b14887aca7f7211737', 
     signature: 'abcdefgc024acceb1c1baa8dca46717137fa5ae0c3',
     original_filename: 'sample'
    expect resource_type,type,signature,created_at. I think, I have to convert created_at into timestamp and include it into final string and then proceed as being said in this link , right ?


  • Maor Gariv

    Yes.. you can generate the signature using these parameters (plus the API_SECRET that should only be kept on the server side)

  • Daniel Mendoza

    To verify the signature of an unsigned upload, all that would need to be done is to use the public_id and the version of the image. I have referenced an example here using Ruby.


Post is closed for comments.