Skip to main content

Invalid Signature - String to sign - Upload Widget



  • Wissam Khalili

    Hi Zachary,

    You would need to pass the params_to_sign from the widget to your server-side/backend, and use these exact params to generate the signature (e.g use the exact timestamp that is passed in params_to_signand not create your own timestamp). You could read more about it in the following guide:

    If you would like to provide your cloud name, I can further investigate the logs and see the exact error you are receiving, to do so please raise a support ticket with us directly by filling out the form at this link.



  • Zachary Hurst

    Hey Wissam,

    Sorry to be wasting your time on this however, I'm still stuck, could you provide a code example? I admit I'm not the best when it comes to talking about code, I do best when I have something to poke at. I changed where and how I generate the timestamp and tried using the uploadSignatureTimestamp param as well.  I think that's probably where I'm not understanding. I'm ready to facepalm over the thing I'm missing.

    Updated Server Side:'/cloudinary-info', ensureAuthenticated, (req, res) => {
        var data = req.body;

        var apiSecret = process.env.CLOUDINARY_API_SECRET;
        var apiKey = process.env.CLOUDINARY_API_KEY;
        var cloudName = process.env.CLOUD_NAME;
        var preset = process.env.CLOUDINARY_API_PRESET;

        data.upload_preset = preset;
        if (data.resource_type) {
            delete data.resource_type;

        var timestamp = data.timestamp;

        var signature = cloudinary.utils.api_sign_request(data, apiSecret);

        var response = { signature, apiKey, cloudName, preset, timestamp };
    Client Side:
    var timestamp = Math.round((new Date).getTime()/1000);
    $.post('/images/cloudinary-info', { timestamp })
        .then(cInfo => {
            console.log(timestamp == cInfo.timestamp);

            widget = cloudinary.createUploadWidget({
                apiKey: cInfo.apiKey,
                cloudName: cInfo.cloudName,
                folder: 'avatars',
                multiple: false,
                overwrite: true,
                public_id: theLoggedInUsersID,
                uploadPreset: cInfo.preset,
                uploadSignature: cInfo.signature,
                uploadSignatureTimestamp: cInfo.timestamp
            }, (error, result) => {
                if (result.event == 'success') {
                        Do the success things
    Cloud Name: propoint
  • Wissam Khalili

    Hi Zachary,

    I have checked the errors that you are getting:

    Invalid Signature 67c2345ce72940454e91e0cf6436de385157efe6. 
    String to sign -

    I see that the client-side is sending only the timestamp to the server-side and the server-side adds the upload_preset in order to create the signature. This is not enough, you will need to send the following parameters as well { folder, overwrite,public_id,source }.

    Once you make your call, in case of a failure you could catch the error and you could exactly what should be added in order to create the signature.

    You could see in the documentation that all parameters added to the method call should be included exceptfilecloud_nameresource_type and your api_key.

    Hope this is helpful!





Post is closed for comments.