Error when using the Upload API: "The remote server returned an error: (401) Unauthorized."

JakeC

I am trying to use the https://upload.smugmug.com/ API to upload an image to a gallery, but I'm getting a "The remote server returned an error: (401) Unauthorized." error message when sending the POST request. I have an access token and I'm building the authorization header like so:

HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://upload.smugmug.com/");
authString = "oauth_consumer_key=[CONSUMER_KEY], oauth_nonce=" + GetNonce() + ", oauth_signature='[CONSUMER_SECRET]', oauth_signature_method='HMAC-SHA1', oauth_timestamp=" + GetTimeStamp() + ", oauth_token='[ACCESS_TOKEN]', oauth_token_secret='[ACCESS_TOKEN_SECRET]', oauth_version='1.0'"; request.Headers.Add("Authorization", authHeader);

I'm also building the rest of the headers like so:

request.Headers.Add("X-Smug-AlbumUri", "/api/v2/album/ABLUMKEY");
request.Headers.Add("X-Smug-AlbumID", "ALBUMID");
request.Headers.Add("X-Smug-ResponseType", "JSON");
request.Headers.Add("X-Smug-Version", "v2");
request.Headers.Add("X-Smug-Caption", tbCaption.Text); //Caption
request.Headers.Add("X-Smug-FileName", Request.Files[0].FileName);

request.ContentType = "application/x-www-form-urlencoded";
request.Method = "POST";
request.Headers.Add("Authorization", authHeader);
request.Accept = "application/json";

try
{
//Get Request Stream
var image = System.Drawing.Image.FromStream(Request.Files[0].InputStream);
var dataStream = ConvertImageToByteArray(image);

Stream newStream = request.GetRequestStream();
newStream.Write(dataStream, 0, dataStream.Length);
newStream.Close();
//END - Get Request Stream


var httpResponse = (HttpWebResponse)request.GetResponse();

string output = string.Empty;

using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
{
var result = streamReader.ReadToEnd();
}
}

JakeC

Also, The purpose of my project is be able to upload images from my desktop via the API to an existing album. Does it look like I'm missing anything?

giberti

I realize this is probably too little too late, but your signature process is incorrect. The parameters that are included and the order they are in matters when generating the signature hash (which is then added to the authorization) all matter.

There is a lot of documentation about Oauth 1.0a and how to create a signed authorization header for a request, but it's often easier to use an existing open source library for the language you are developing on instead of trying to create one yourself since minor variations will result in an invalid signature.