This support forum is no longer in use. Please use the Cloudinary Community at https://community.cloudinary.com/ to receive assistance from other members of the community and from Cloudinary's support team. For account-specific questions or if you believe that you've encountered a bug, please contact the Cloudinary team directly via the "submit a request" option on this support site.

Verify signature from unsigned upload

Follow
Avatar
Michal

Hi,

I'd like to verify signature in response from unsigned upload on my node server before I insert url into db. I already know how to create signature. Actually I need to know that url coming from response is valid and image is stored on cloudinary but I think verifying the signature is the way the go.

Thanks a lot

Best Regards

Michal  

0

Comments

6 comments

Sort by Date Votes
  • Avatar
    Maor Gariv

    Hi Michal,

    Thanks for reaching out.

    The signature is returned as part of the upload response, together with the public_id, version and other details you can store in your DB.

    For more information, please refer to our docs - 

    http://cloudinary.com/documentation/upload_images#upload_response

     

    0
    Comment actions Permalink
  • Avatar
    Michal

    Thank you for you answer but my question was actually, how can I verify this signature on my server. As you said, the signature is returned as part of upload response and client sends url,public_id,signature (parts of upload response) to my server. I want to be sure that url is valid url where user uploaded his image a it is not some hack. I assume that I have to verify signature with my api_key, api_secret in some way with sent public_id. The question is How Can I do that ?

    Thanks 

    0
    Comment actions Permalink
  • Avatar
    Maor Gariv
    • Edited

    Hi,

     

    You can create the signature on your server, using the same parameters of the upload and then compare it with the response signature.
    This will enable you to make sure the response is valid.

    For information on creating signature - 

    https://support.cloudinary.com/hc/en-us/articles/203817991-How-to-generate-a-Cloudinary-signature-on-my-own-

     

     

    0
    Comment actions Permalink
  • Avatar
    Michal

    If  I'm not mistaken. you mean that I take alle parameters from upload response

    {
 url: 'http://res.cloudinary.com/demo/image/upload/v1312461204/sample.jpg',
 secure_url: 'https://res.cloudinary.com/demo/image/upload/v1312461204/sample.jpg',
 public_id: 'sample',
 version: '1312461204',
 width: 864,
 height: 564,
 format: 'jpg',
 created_at: '2015-10-10T09:55:32Z',
 resource_type: 'image',
 tags: [], 
 bytes: 9597, 
 type: 'upload', 
 etag: 'd1ac0ee70a9a36b14887aca7f7211737', 
 signature: 'abcdefgc024acceb1c1baa8dca46717137fa5ae0c3',
 original_filename: 'sample'
}
    expect resource_type,type,signature,created_at. I think, I have to convert created_at into timestamp and include it into final string and then proceed as being said in this link 
    http://cloudinary.com/documentation/upload_images#creating_api_authentication_signatures , right ?

    thanks

    0
    Comment actions Permalink
  • Avatar
    Maor Gariv
    • Edited

    Yes.. you can generate the signature using these parameters (plus the API_SECRET that should only be kept on the server side)

    0
    Comment actions Permalink
  • Avatar
    Daniel Mendoza

    To verify the signature of an unsigned upload, all that would need to be done is to use the public_id and the version of the image. I have referenced an example here using Ruby.

    1
    Comment actions Permalink

Post is closed for comments.