I want to upload pictures to Flickr with my little Android-App. So the user have to log in and accept the permissions.
My problem is, that I don't know what the parameters are to create the signature. This is written on the Flickr Website:
The base string is constructed by concatenating the HTTP verb, the request URL, and all request parameters sorted by name, using lexicograhpical byte value ordering, separated by an '&'.
What are the "request parameters"? I've tried it several times with different parameters, but got always that error: "Invalid api key or signature".
Thank you so much for your help!
Lets break it down.
You need to start with the HTTP verb. Lets say that you are doing a GET request. Part 1 of the signature base string is:
GET
Then lets say you are calling the URL http://www.example.com/api/?filename=hello.jpg. Ignore the parameter and you have part 2:
http://www.example.com/api/
Then lets say you have the following parameters, filename is from the URL above. The ones prepended with oauth_ are needed for the request to be allowed by the server.
All of the parameters above need to be sorted in lexicographical byte value order (basically alphabetically), separated by an '&'. Now you will have the third part part:
filename=hello.jpg&oauth_consumer_key=9djdj82h48djs9d2&
oauth_nonce=7d8f3e4a&oauth_signature_method=HMAC-SHA1&oauth_timestamp=
137131201&oauth_token=kkk9d7dh3k39sjv7
Now you need to URL encode part 2 and part 3. Then concatenate the three parts, resulting in:
GET&http%3A%2F%2Fwww.example.com%2Fapi%2F&filename%3Dhello.jpg%26oauth_consumer_key%3D9djdj82h48djs9d2%26%0Aoauth_nonce%3D7d8f3e4a%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D%0A137131201%26oauth_token%3Dkkk9d7dh3k39sjv7
This is the base string. Now you need to sign it using the HMAC-SHA1 algorithm, the resulting signature has to be sent with the request as well.
