Error authenticating user and obtaining token

[Cory Deppen]

Just getting the token for a user has been a challenge so far. If I understand the API, the signature string should be "api_key[api_key_here]email[email_here]password[password_here]" if I'm calling users/login. I'm confused, though, since the docs say "your_signature is a signature of all the parameters sent to the call. Signatures are created by concatenating every scalar argument (ie: non array) listed in alphabetical order with your api secret". So should the secret be part of the signature string or not, since it's not an argument being passed? I've tried including it in the signature string and excluding it, but I continue to get a 403 with error "Wrong api_key or signature". So it seems my method for getting the signature is wrong or the API key I'm using is inactive/invalid. Is there a way of determining if my API key is active/valid?

Also, the docs mention the email and password parameters are integers. Is this a typo and they should really be strings?

I'm really at a loss and would appreciate any guidance. Hopefully I'm overlooking something simple.

[Cory Deppen]

I discovered what I was doing wrong. I thought the api_secret was included in the signature string like the other params, but it just needs to be appended to the end of the string prior to creating the MD5 hash. So the signature string ends up looking like "api_key[api_key_here]email[email_here]password[password_here][api_secret_here]".