INVALID_SIGNATURE error while trying to retrieve list of assemblies in transloadit

Question

I am using Transloadit API to merge audio file and series of images.

At some point, I need to retrieve list of assemblies (videos generated till now) for which transloadit provides a get API endpoint but that endpoint accepts two query strings, signature and params(to configure the list)

I am generating signature of the same params which is being sent as query string to the API along with it's signature but it is returning an error that signature doesn't match.

Transloadit have proper docs of how to create signature for each major language here https://transloadit.com/docs/#signature-authentication

Also the docs (https://transloadit.com/docs/api/#assemblies-get) doesn't state whether the signature will be generated of the same params or not.

Please help if anyone have used transloadit and had a same problem before and solved it now

Answer 1

I believe what your problem may be is that you're not URL encoding the JSON before passing it in your GET request. Here's a small snippet in Python showing how to turn a dictionary of values into JSON to generate a signature, and then into a URL encoded object for the GET request.

params = {
    'auth': {
        'key': auth_key,
        'expires': expires
    },
    'template_id': template_id
}

# Converts the dictionary into JSON
message = json.dumps(params, separators=(',', ':'))
signature = hmac.new(auth_secret.encode('utf-8'),
                    message.encode('utf-8'),
                    hashlib.sha1).hexdigest()

# URL encodes it
params_encoded = urllib.parse.quote_plus(message)

url = f'https://api2.transloadit.com/assemblies?signature={signature}&params={params_encoded}'

response = requests.get(url)