> ## Documentation Index > Fetch the complete documentation index at: https://cloudinary.com/documentation/llms.txt > Use this file to discover all available pages before exploring further. # Verifying response signatures Cloudinary adds a signature value in the JSON response to various API methods. You can then compare the returned signature value in the JSON response with the value of a signature generated on your server side. The signature is a hexadecimal message digest (hash value) created with an SHA (Secure Hash Algorithm) cryptographic function on the following parameters: `public_id`, `version` and `api_secret`. > **NOTE**: By default, Cloudinary supports both SHA-1 and SHA-256 digests for validation, and you can use either. The SDK methods use the SHA-1 algorithm by default, but you can use the SHA-256 algorithm instead by setting the `signature_algorithm` SDK [configuration parameter](cloudinary_sdks#configuration_parameters) to `sha256`. If you want to limit your account to allow only the SHA-256 digest for all your validations, [submit a request](https://support.cloudinary.com/hc/en-us/requests/new). Use the Cloudinary SDK's `verify_api_response_signature` method to verify the signature in the response. ```multi |ruby Not supported by this SDK. Use api_sign_request to manually verify signature. |php_2 SignatureVerifier::verifyApiResponseSignature($publicId, $version, $signature); |python cloudinary.utils.verify_api_response_signature(public_id, version, signature) |nodejs Not supported by this SDK |java ApiResponseSignatureVerifier.verifySignature(String publicId, String version, String signature) |csharp cloudinary.Api.VerifyApiResponseSignature(string publicId, string version, string signature) |go Not supported by this SDK |cli cld utils verify_api_response_signature $publicId, $version, $signature ``` Alternatively, you can use the Cloudinary SDK's `api_sign_request` method to generate a signature on your back-end for comparison purposes. ```multi |ruby Cloudinary::Utils.api_sign_request(params_to_sign, api_secret) |php_2 ApiUtils::signParameters($paramsToSign, $apiSecret); |python cloudinary.utils.api_sign_request(params_to_sign, api_secret) |nodejs cloudinary.utils.api_sign_request(params_to_sign, api_secret) |java cloudinary.apiSignRequest(Map paramsToSign, String apiSecret) |csharp cloudinary.Api.SignParameters(IDictionary parameters) |go resp, err := api.SignParameters(ParamsToSign, APISecret) |cli cld utils api_sign_request $params_to_sign, $api_secret ``` For example, the signature for the asset with a public_id of "sample" and a version of "1312461204": ```multi |ruby Cloudinary::Utils.api_sign_request({ public_id: "sample", version: "1312461204"}, "my_api_secret") |php_2 ApiUtils::signParameters( ["public_id" => "sample", "version" => "1312461204"], "my_api_secret" ); |python cloudinary.utils.api_sign_request( dict(public_id: "sample", version: "1312461204"), "my_api_secret") |nodejs cloudinary.utils.api_sign_request( {public_id: "sample", version: "1312461204"}, "my_api_secret") |java cloudinary.apiSignRequest( ObjectUtils.asMap( "publicId", "sample", "version", "1312461204"), "my_api_secret") |csharp var checkParams = new SortedDictionary(); checkParams.Add("public_id", "sample"); checkParams.Add("version", "1312461204"); string expectedSign = cloudinary.Api.SignParameters(checkParams); |go params := make(url.Values) params["PublicID"] = []string{"sample"} params["Version"] = []string{"1312461204"} signature, err := api.SignParameters(params, "my_api_secret") |cli cld utils api_sign_request '{"public_id": "sample", "version": 1312461204}' $my_api_secret ``` ## Manually verifying a signature You can manually generate the comparison signature instead of using the Cloudinary SDK's `api_sign_request` method. 1. Create a string with the `public_id` and `version` parameters, in that order. Separate the parameter names from their values with an `=` and join the parameter/value pairs together with an `&`. 2. Append your *API secret* to the end of the string. 3. Create a hexadecimal message digest (hash value) of the string using an SHA cryptographic function. For example, if the asset has a public_id of "sample", a version of "1315060510", and your API secret is `abcd`: * Parameters to sign: * public\_id: `sample` * version: `1315060510` * Serialized sorted parameters in a single string: * `public_id=sample&version=1315060510` * String including the API secret that is used to create the SHA-1 signature: * `public_id=sample&version=1315060510abcd` * SHA-1 hexadecimal result: * `b4ad47fb4e25c7bf5f92a20089f9db59bc302313` An example of the above in Ruby on Rails: ```ruby public_id = "sample" version = "1315060510" secret = "abcd" to_sign = 'public_id=' + public_id + '&' + 'version=' + version signature = Base64.urlsafe_encode64(Digest::SHA1.digest(to_sign + secret)) ```