Mediafire API help

[toxicious]

I'm trying to use mediafire's new REST API, but I can't get the signature for the session_key right.

Here's their wiki: http://developers.mediafire.com/index.php/REST_API

According to them, this format should work:

Code:

email + password + application_id + API Key

But it doesn't. So I tried removing the spaces between the pluses, didn't work. Also tried removing the pluses too, didn't work. Anyone that's familiar with hashing stuff like this that maybe know what they mean?

EDIT: yeah I also asked their support about it, the first answer I got was to check their wiki (even though I wrote that the format on their wiki didn't work). The second answer I got was the format, copied from the wiki, with no example nor any clarification. Now I am waiting for the third answer....

[dilettante]

I'd suspect that they are telling you to concatenate those 4 strings (UTF-8 encoded) together, then calculate the SHA1 hash, then convert that to hex digits. Those "+" signs are probably concatentation because these kinds of people tend to be very JavaScript-centric in their thinking.

They don't mention hex but they don't mention base64 either. The worthless "examples" just show a string of decimal digits and that seems entirely unlikely.

[toxicious]

Indeed, worthless example. The signature in their example isn't even real I think, they just put together some numbers. I'll try with hex.

[penagate]

I agree with dilettante's suspicion, although I would suggest that the last step is unnecessary because the SHA1 function doesn't produce characters which require URL encoding.

Why they bother with such a stupid parameter is another question.

[toxicious]

I tried hex encoding it, didn't work. Tried base64, didn't work.
I've finally gotten an answer from their support that their dev team is going to take a look at my question...sigh. Hopefully they will give me a correct answer asap.

Worthless documentation is worthless...

[rabie80]

Hi. I am the Lead Web Developer at MediaFire and the MediaFire API engineer.

The signature is a sha1 of the 4 elements concatenated with NO spaces nor + signs

Example: email: name@domain.com
password: 123456
application id: 1200
api key : c1d62nzqu7z4rig15axe72jvczib53682kapu7lk

the signature would be: SHA1(name@domain.com1234561200c1d62nzqu7z4rig15axe72jvczib53682kapu7lk)
which is: f772724acc14117f3f69784a2f505d1560afaf64

So the API call would look like (this is just an example): https://www.mediafire.com/api/user/g...505d1560afaf64

Make sure the the application exists and that the app id corresponds to the api key. To create an App, visit your MediaFire account and go to "My Account > Developers" section. The API key is a secret key. Make sure you keep it private.

Thank you.