ForumsDevelopersInvalid signature - but not really?


Invalid signature - but not really?
Author Message
gojensen

Posted: Feb 01, 2012
Score: 1 Reference
Hi, I'm just getting started looking into this API stuff for toodledo. And right off the bat I run into problems :)

I can't seem to authenticate, it says invalid signature (error 9)... even though I'm almost 100% sure it's not invalid.

I have my API2 app registered, I have it's AppID (letters only) and it's Token (numbers and letters that start with api...)

I'm then trying to authenticate and get a session token. From your docs I simply use the included signature calculator to generate my signature.

For userid I enter the userid of my account (td...something).
For App Token I enter the Token of my app (api...something).

I then get a md5 hash (04f2e07dc15264cafe6edcaf3ec7ba20). Just to verify I tried to simply do a URL request in my browser...

http://api.toodledo.com/2/account/token.php?userid=tdsomething;appid=MyAppID;sig=04f2e07dc15264cafe6 edcaf3ec7ba20

And I get the error 9 in return:
{"errorCode":9,"errorDesc":"Invalid Signature"}

I'm almost sure this shouldn't happen, and I'm not quite sure where to proceed :) I also verified that the sig is "correct" by using md5hashgenerator.com to make a hash of "userid"+"apptoken".

I also tried the "Account Lookup" supplying my users registered email and password with the sig and appid, but with the same results... :/
Jake

Toodledo Founder
Posted: Feb 01, 2012
Score: 1 Reference
On our API documentation page, there is a form where you can enter your userid and appid and we will generate a signature for you. Does this match what you are generating in your code?

http://api.toodledo.com/2/account/index.php


This message was edited Feb 01, 2012.
gojensen

Posted: Feb 03, 2012
Score: -1 Reference
Yup, the generated signature is the same as the one I calculated in my code (md5(userid+apptoken)) where the userid is my userid-string from my settings page and the apptoken is from the api register&stats page for my app...

Really confused :)
Jake

Toodledo Founder
Posted: Feb 03, 2012
Score: 1 Reference
You must be sending the userid and appid to token.php incorrectly. Perhaps you are adding an extra space character?
gojensen

Posted: Feb 06, 2012
Score: 1 Reference
I don't think so... the only solution I can think of is that I'm using the wrong userid or apptoken? Is there any way to verify these?

The Apptoken starts with api and is followed by a hexadecimal number that is 12 bytes long. (api0123456789abc)

The userid starts with td and is followed by another hexadecimal number that is 13 bytes long... (td0123456789abc).

It is not case sensitive right? (I shouldn't use upper case letters?)
Jake

Toodledo Founder
Posted: Feb 06, 2012
Score: 0 Reference
I think you are using the apptoken in place of the appid. They are two different things. The Appid is a public human readable name that you picked. The token is a secret that we assigned. If you read the documentation carefully, it will say where to use the appid and where to use the token.
You cannot reply yet

U Back to topic home

R Post a reply

To participate in these forums, you must be signed in.