Struggling to get auth token based on client documentation

[PuffinMojo]

Hi, I'm really struggling with your API documentation over at https://www.rememberthemilk.com/services/api/authentication.rtm

I am trying to write a client app to bulk migrate from an old GTD provider into RTM. I can't even get as far as getting an auth token back.

These are the steps I'm performing

Let's say the API key you game me is key123 and the secret is secretxyz.

Say that running MD5 sum on ubuntu yields the following hash:
$ md5sum <<< secretxyzapi_keykey123permsdelete
9aa7a357743f3972ab5f0c02ff80b0da -

I'm using postman with
https://www.rememberthemilk.com/services/auth/?api_key=key123&perms=delete&api_sig=9aa7a357743f3972ab5f0c02ff80b0da

I get back an html page with a 200 status but of note is the message:

<p>Uh oh... something went wrong. Don't worry though; it's not your fault. The application you're using to interact with Remember The Milk made an error. It might be worthwhile contacting the author of the application and telling them you encountered this page.</p>

<p>Alternatively, you might like to wait a little while and then try again.</p>

Can you help me work out where I'm going wrong? It would also be really handy if your samples included examples of the requests, it helps us get a context. Responses aren't nearly as important, since we can discover those once we make a successful request.