Hello. I’m trying to create a new album/gallery to my SmugMug account portal but for some reason, its not accepting the json string I set. I’m sending a POST request to this endpoint:
“https://api.smugmug.com/api/v2/folder/user/{**myusername**}/Private!albums”
This should create an album inside the folder called Private. I’ve set all my creds (ConsumerKey, ConsumerSecret, AccessToken, AccessTokenSecret) and they’re all correct). I’ve used the same previously to upload images fine. I also tested with Postman and works fine without any issues. I’m passing the jsonBody string var as such: “{”“NiceName”“:”“Big-Cats”“,”“Title”“:”“Big Cats”“,”“Privacy”“:”“Public”“}”
Body Type is set to application/json and Accept Response is set to JSON.
The error response I always get is misleading and says that the signature is invalid when in fact it is. Here’s the actual response:
{“Code”:401,“Message”:“oauth_problem=signature_invalid&debug_sbs=POST&https%3A%2F%2Fapi.smugmug.com%2Fapi%2Fv2%2Ffolder%2Fuser%2F/CENSORED/%2FPrivate%21albums&oauth_consumer_key%/CENSORED/%26oauth_nonce%3D73r1qkdl1lh0k5e2%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1739466051%26oauth_token%/CENSORED/%26oauth_version%3D1.0”}
I’m not sure where the problem lies I’m confused. The jsonBody seems right and my OAuth are correct.
401 → you are not authenticated
Reason → The token signature is invalid.
Check the documentation of your RestApi and retry.
If you cannot due with the HTTP Request activity, use a custom VB.Net or C# code where you have full control of its coding and parameters.
How can I not be authenticated when I used the same values on another HTTP request and it works fine. Used the same on Postman as well. I don’t think this has anything to do with the authentication but with the json not being sent properly.
Why does my request fail with “oauth_problem=signature_invalid”?
OAuth requests are signed to catch problems that corrupt your request, such as network errors or man-in-the-middle attacks. The signature you calculate must match the signature that SmugMug calculates, or the request fails.
The signing algorithm must be followed precisely, because even a small difference in the input to the algorithm will result in a different signature. For this reason, we highly recommend that you use an off-the-shelf library to make your OAuth requests.
If you are having trouble with signatures, here are some things to check:
- Is your
oauth_signature being percent-encoded? OAuth signatures use base64 encoding, which can produce some special characters that need to be percent-encoded in the Authorization header or in the URL query string.
- Does your request URI have an empty path? In the case of SmugMug, this would probably be
https://upload.smugmug.com. If so, use / as the path instead: https://upload.smugmug.com/.
- Does your request URI have any uppercase letters in the hostname? If so, change them to lowercase. For example, you should change
https://api.SmugMug.com/api/v2 to https://api.smugmug.com/api/v2.
- Are you making a
POST or PATCH request? If so, are you sending the right Content-Type header? For example, if you are sending JSON in the request body, the Content-Type header should be application/json.
Reference: SmugMug API
Like I said earlier, my signature is correct. Sending me a snippet from their documentation won’t quite help. The API response may be misleading and display as if its wrong, when in reality its right. If you can replicate the same on your own instance, then this would be better. Create a demo SmugMug free trial account, create a demo application, get the API Key and API secret and then in UiPath, you will have to get the Access Token and Access Token secret. If you need the process without building it, I can send it to you. If you get past that, then good luck trying to create an album.