When uploading files using Cloudinary's Upload Widget successfully, the callback function receives an array containing all of the resources that were uploaded. Each resource object contains information about the resource, as well as a signature. I am forwarding this response to our server using an ajax request, and need to verify the signature on the server side.
Is the signature calculated differently for the upload widget response than it is for the post sent via the notification_url? When using the Cloudinary::Utils.api_sign_request method from the gem and passing all of the params (except the signature), the signature it generates does not match the one returned from the upload widget for the resource.
I'm wondering if the signature is calculated differently for the upload widget because generally, you don't want the api secret on the client side to verify the signature, but in this case, I am fowarding it to our server for verification.
Post is closed for comments.