Upload Widget Response Signature

Follow

Finalsite Development

• October 17, 2016 13:11

When uploading files using Cloudinary's Upload Widget successfully, the callback function receives an array containing all of the resources that were uploaded. Each resource object contains information about the resource, as well as a signature. I am forwarding this response to our server using an ajax request, and need to verify the signature on the server side.

Is the signature calculated differently for the upload widget response than it is for the post sent via the notification_url? When using the Cloudinary::Utils.api_sign_request method from the gem and passing all of the params (except the signature), the signature it generates does not match the one returned from the upload widget for the resource.

I'm wondering if the signature is calculated differently for the upload widget because generally, you don't want the api secret on the client side to verify the signature, but in this case, I am fowarding it to our server for verification.

0

• 

  Nadav Ofir

  • October 25, 2016 16:24

  Hi Alex,

  The signature in the response JSON wasn't meant to be used for validation. This is the Signature that was generated behind the scenes to allow the upload process in the first place (verified by our servers).

  0

  Comment actions Permalink
• 

  Chris Nolan

  • January 26, 2018 16:49

  So how are we able to verify the upload response?

  0

  Comment actions Permalink
• 

  Daniel Mendoza

  • January 27, 2018 01:42

  @Chris Nolan

  To verify the signature, all that would need to be done is to use the public_id and the version of the image retrieved from the upload response. I have referenced an example here using Ruby, but please let me know if you need it in another language.

  1

  Comment actions Permalink
• 

  Chris Nolan

  • January 27, 2018 07:30

  @Daniel Mendoza

  Thank you, that works a treat.

  0

  Comment actions Permalink

Post is closed for comments.