Skip to main content

Invalid Signature

Felix

Hello guys,

I have a problem with the signature. Everytime I get:
{
    "error":{
        "message":"Invalid Signature 0d73aeb33f646422d7a437fc49e39502d457df40. String to sign - 'timestamp=1564499680'."
    }
}

The signature code is always different of course. I saw an example here:
https://cloudinary.com/documentation/upload_images#generating_authentication_signatures

There is a signature result of "bfd09f95f331f558cbd1320e67aa8d488770583e". If I use the test parameters I got the same, but when I use the actual time and my api_secret there is a problem.

This is my request using perl:

my $time = time();
my $data = "eager=w_400,h_300,c_pad|w_260,h_200,c_crop&public_id=sample_image&timestamp=" . $time . "<api_secret>";
my $digest = sha1_hex($data);
my $command = 'curl https://api.cloudinary.com/v1_1/demo/image/upload -X POST --data \'file=ftp://<user>:<password>@<server+path> &timestamp='.$time.'&api_key=<api_key>&signature='.$digest.'\'';
my $output = system($command);
print $output . "\r\n";

Anyone have an idea what is the problem here?

Thank you for your help!

Best regards
Felix

0

Comments

2 comments

Date Votes
  • Stephen Doyle

    Hi Felix,

    Are you calling ...api.cloudinary.com/v1_1/demo/image... in this example or your own cloud name?

    If the 'demo' in your code sample isn't due to you redacting the name of your own account, that is part of the problem because the request will be validated against the 'demo' account's API secret, not yours.

    Additionally, the "String to sign - 'timestamp=1564499680'." message means that when we received your request and tried to validate the signature, the only parameter we received was the timestamp, so that's all that should have been used to create the signature.

    Your code shows eager and public_id in the signature generation for what's in the $data value, but they're not part of the request you made to the /upload endpoint in the $command variable, so in that case, the signature validation will also fail.

    In addition to the document you linked, there's a summary of how to generate the signature here: https://cloudinary.com/documentation/signatures

    Please take a look and see if that solves the issue for you
    Regards,

    Stephen

    0
  • Felix

    Hello Stephen,

    thank you for your quick response.

    I really used "demo" but replacing it with my cloudname results in the same error code. I used customer credentials before but I'm testing now with my own credentials, just to make sure that every key and secret is correct.

    I'm wondering that the signature is just using the timestamp but I already thought about it too. The thing is that I get the correct signature code from the example so it should be right when I replace the timestamp with the actual one and my api secret instead of "abcd". But obviously there is still a problem.

    On the site you referred to I used the "Generating authentication signatures" for a post request. That is the site that I linked. What is the response on your site, when you insert your credentials in my example and execute it? Is that working? I'm really surprised that not all parameters from the $data variable are in the signature process.

    Best regards
    Felix

    1

Post is closed for comments.

Didn't find what you were looking for?

New post