I discovered what I was doing wrong. I thought the api_secret was included
in the signature string like the other params, but it just needs to be
appended to the end of the string prior to creating the MD5 hash. So the
signature string ends up looking
like "api_key[api_key_here]email[email_here]password[password_here][api_secret_h ere]".
On Sunday, September 16, 2012 1:23:42 PM UTC-4, Cory Deppen wrote:
> Just getting the token for a user has been a challenge so far. If I
> understand the API, the signature string should be
> "api_key[api_key_here]email[email_here]password[password_here]" if
> I'm calling users/login. I'm confused, though, since the docs say
> "your_signature is a signature of all the parameters sent to the call.
> Signatures are created by concatenating every scalar argument (ie: non
> array) listed in alphabetical order with your api secret". So should the
> secret be part of the signature string or not, since it's not an argument
> being passed? I've tried including it in the signature string and excluding
> it, but I continue to get a 403 with error "Wrong api_key or signature". So
> it seems my method for getting the signature is wrong or the API key I'm
> using is inactive/invalid. Is there a way of determining if my API key is
> Also, the docs mention the email and password parameters are integers. Is
> this a typo and they should really be strings?
> I'm really at a loss and would appreciate any guidance. Hopefully I'm
> overlooking something simple.