This support forum is no longer in use. Please use the Cloudinary Community at to receive assistance from other members of the community and from Cloudinary's support team. For account-specific questions or if you believe that you've encountered a bug, please contact the Cloudinary team directly via the "submit a request" option on this support site.

Invalid Signature - String to sign - Upload Widget



  • Avatar
    Wissam Khalili

    Hi Zachary,

    You would need to pass the params_to_sign from the widget to your server-side/backend, and use these exact params to generate the signature (e.g use the exact timestamp that is passed in params_to_signand not create your own timestamp). You could read more about it in the following guide:

    If you would like to provide your cloud name, I can further investigate the logs and see the exact error you are receiving, to do so please raise a support ticket with us directly by filling out the form at this link.



    Comment actions Permalink
  • Avatar
    Zachary Hurst

    Hey Wissam,

    Sorry to be wasting your time on this however, I'm still stuck, could you provide a code example? I admit I'm not the best when it comes to talking about code, I do best when I have something to poke at. I changed where and how I generate the timestamp and tried using the uploadSignatureTimestamp param as well.  I think that's probably where I'm not understanding. I'm ready to facepalm over the thing I'm missing.

    Updated Server Side:'/cloudinary-info', ensureAuthenticated, (req, res) => {
        var data = req.body;

        var apiSecret = process.env.CLOUDINARY_API_SECRET;
        var apiKey = process.env.CLOUDINARY_API_KEY;
        var cloudName = process.env.CLOUD_NAME;
        var preset = process.env.CLOUDINARY_API_PRESET;

        data.upload_preset = preset;
        if (data.resource_type) {
            delete data.resource_type;

        var timestamp = data.timestamp;

        var signature = cloudinary.utils.api_sign_request(data, apiSecret);

        var response = { signature, apiKey, cloudName, preset, timestamp };
    Client Side:
    var timestamp = Math.round((new Date).getTime()/1000);
    $.post('/images/cloudinary-info', { timestamp })
        .then(cInfo => {
            console.log(timestamp == cInfo.timestamp);

            widget = cloudinary.createUploadWidget({
                apiKey: cInfo.apiKey,
                cloudName: cInfo.cloudName,
                folder: 'avatars',
                multiple: false,
                overwrite: true,
                public_id: theLoggedInUsersID,
                uploadPreset: cInfo.preset,
                uploadSignature: cInfo.signature,
                uploadSignatureTimestamp: cInfo.timestamp
            }, (error, result) => {
                if (result.event == 'success') {
                        Do the success things
    Cloud Name: propoint
    Comment actions Permalink
  • Avatar
    Wissam Khalili

    Hi Zachary,

    I have checked the errors that you are getting:

    Invalid Signature 67c2345ce72940454e91e0cf6436de385157efe6. 
    String to sign -

    I see that the client-side is sending only the timestamp to the server-side and the server-side adds the upload_preset in order to create the signature. This is not enough, you will need to send the following parameters as well { folder, overwrite,public_id,source }.

    Once you make your call, in case of a failure you could catch the error and you could exactly what should be added in order to create the signature.

    You could see in the documentation that all parameters added to the method call should be included exceptfilecloud_nameresource_type and your api_key.

    Hope this is helpful!




    Comment actions Permalink

Post is closed for comments.