Invalid Signature XXX. String to sign.

Jirou Stanby

June 24, 2019 04:21 Edited

I want to delete the image imidiately, but I get an Invalid Signature error. Please tell me what parameters are correct.

# set params
export CLOUDINARY_APIKEY=000000000000000
export TIME=(date +%s)
# calc sha1
export SHA1=(echo "invalidate=true&public_id=PATH/TO/IMAGE&timestamp=$TIME&type=upload$CLOUDINARY_APIKEY" | openssl sha1)

# call api
curl https://api.cloudinary.com/v1_1/PROJECT/image/destroy -X POST --data "invalidate=true&public_id=PATH/TO/IMAGE&timestamp=$TIME&type=upload&signature=$SHA1&api_key=$CLOUDINARY_APIKEY"

returns

{"error":{"message":"Invalid Signature XXX. String to sign - 'invalidate=true&public_id=PATH/TO/IMAGE&timestamp=1561350027&type=upload'."}}

0

• 

  Aleksandar Kostadinov

  June 24, 2019 15:21

  Hi Jirou,

  Looking at the parameters you're using for the signature generation - you are appending the Cloudinary API Key as the last part of the string to hash but the API Key shouldn't be included. Instead, please append the Cloudinary API Secret.

  In addition, the "type" parameter is defaulted to "upload" and thus isn't required in your string which generates the signature and also in the POST body unless it's different to "upload".

  Based on this, could you please try using the line below (replacing $CLOUDINARY_API_SECRET with your actual account secret):

  export SHA1=(echo "invalidate=true&public_id=PATH/TO/IMAGE&timestamp=$TIME$CLOUDINARY_API_SECRET" | openssl sha1)

  Your cURL line will therefore be:

  curl https://api.cloudinary.com/v1_1/PROJECT/image/destroy -X POST --data "invalidate=true&public_id=PATH/TO/IMAGE&timestamp=$TIME&signature=$SHA1&api_key=$CLOUDINARY_APIKEY"

  This part of our documentation goes through the steps of generating the authentication signatures manually:

  https://cloudinary.com/documentation/upload_images#generating_authentication_signatures

  Let me know how this goes.

  Best regards,

  Aleksandar

  0

Post is closed for comments.