Invalid method signature supplied in radio.tune

  • Invalid method signature supplied in radio.tune

    So I'm fooling around with the API and have authenticated OK as explained in I get my Session Key and everything is ok.

    Then when I try to post even with a simple http form to I get the following:

    <error code="13">Invalid method signature supplied</error>

    method = radio.tune
    station = also tried lastfm://user/alefbetac/library
    api_key = my api key
    api_sig = the same one that is used for auth (and passes)
    sk= Session key resulting from auth

    What's the problem?

    Thanks in advance.

  • Solved

    I didn't realize that the api_sig had to be recreated for this and any specific method (its not clear in the documentation). Also the parameters used to generate the signature are the non- optional ones defined for that method.

    So in php that would be:

    $api_sig = "api_key". $api_key . "methodradio.tune" . "sk" . $key . "station" . $station . $secret;

    $api_sig = md5($api_sig);

    Hope someone finds this useful.

    • toc-rox ha detto...
    • Utente
    • Gen 1 2010, 21:27
    Maybe helpful - this works for me:

    Service URI ...:
    &station=lastfm%3A%2F%2Fuser%2Falefbetac%2Flibrary response:
    http status ...: 200 OK

    Fill in your api_key, api_sig and sk.

  • Glad you got it sorted. How could we make the documentation clearer for this?

  • Thanks for the help, I figured it out.

    What could be improved in the documentation is the following:

    The fact that in any calls that require signing, one needs to concatenate relevant parameters that are defined for the method used.

    For example (as mentioned in the auth section):
    For a call to auth.getSession

    You should sign your calls like this:

    Whereas for a call to radio.tune the signing has to be expressed as follows:

    where yyyyyy is my secret

    In other words one has to first check required parameters for the method used and then concatenate them in the signing.

    That wasn't clear to me but now it is :-)


    • toc-rox ha detto...
    • Utente
    • Gen 4 2010, 19:22
    Suggestions for an improvement of the API documentation:

    - show a complete example for a simple request (eg. method=user.getrecenttracks)
    - the example should be written in an abstract language (eg. pseudocode)

    What should be included:
    - base parameter list (eg. method=user.getrecenttracks user=toc-rox limit=10)
    - add api_key to parameter list
    - build hash string based on sorted parameter list
    - add api_secret to hash string
    - calculate md5 hash value (api_sig) for hash string
    - add calculated api_sig to parameter list
    - build URI based on sorted parameter list

    Resulting URI (example):
    http : //

    Further information:
    - when to use POST and when to use GET
    - some hints concerning utf-8 characters

  • Error: Invalid method signature supplied in radio.tune


    I am trying to tune to a radio station with the url:"my api key"&api_sig="method signature"&sk="session key"

    but I am always getting response as following
    Erro code:
    <error code="13">Invalid method signature supplied</error>

    I suspect the way I created my method signature (api_sig) something is wrong here.

    I followed the link to create the api_sig. But i always get the above error.

    Any inputs for me??
    Please share you learning on how to construct the url for radio.tune.

    Awaiting your reply.

    ~ Sreeni

  • Re: Error: Invalid method signature supplied in radio.tune

    kersken-ear said:
    I am trying to tune to a radio station with the url:"my api key"&api_sig="method signature"&sk="session key"

    but I am always getting response as following
    <error code="13">Invalid method signature supplied</error>

    Why are you putting quotes around your parameters? You shouldn't do that.

    • toc-rox ha detto...
    • Utente
    • Gen 22 2010, 12:29
    Maybe helpful:

    lfm CMD - Command Line Utility (for Windows, Linux and OS X)

    Modify the source / fill in your api_key and api_secret and try the radio.tune call again. Have a lock into the log file - compare the http request and the signature calculation with yours.

    Example (utility usage):
    ~/lfmUTIL2> perl method=radio.tune station="lastfm://user/kersken-ear/library" sk="3a5...30b"

    Fill in your session key (sk).

    Example ( http request):

  • Re: Error: Invalid method signature supplied in radio.tune

    Thank you toc-rox and thanks acreature for the quick response.

    @ toc-rox: I am not able to get any response from the link Is there any other link available where i can get the utility?

    @ acreature: i have not used the quotes it was just used to represent the key values.

    Awaiting your kind reply.

    ~ Sreeni

    • toc-rox ha detto...
    • Utente
    • Gen 25 2010, 10:46
    Here is an alternative link: lfmCMD

    • [Utente eliminato] ha detto...
    • Utente
    • Apr 9 2010, 2:21

    method not in package

    I am trying to make a call to radio.tune and am constantly returned a error code 3 - <error code="3">Invalid Method - No method with that name in this package</error>

    I am calling to the root api and am passing the params in the body like the api says. Can you see anything I am doing wrong? Here is the setup of the call:

    Sending to the below url as a post

    in the post body is
    api_sig=md5 hash of api_keyKEYmethodradio.tuneskSESSIONKEYstationlastfm://user/milkaxor/personalSECRETKEY

    I have a session key for a user that I got from auth.getSession. I have made calls to the scrobble API for this user and those work fine. I don't think I am doing anything wrong but I may be mistaken. I have checked over and over to see if I may have made a typing mistake. I don't see any.


  • [spam]


    Modificato da un utente eliminato in data Apr 16 2010, 23:04
  • Just for future reference, we solved this problem. The problem was the post body; we presumed that it had been formatted above for ease of debugging. Not so; the user was sending the POST body with each parameter on one line, instead of sending them all on one line and separated by ampersands. You can find more about this in this Wikipedia article.

    • eaigner ha detto...
    • Utente
    • Giu 28 2010, 12:58
    I still don't get it. My generated signature is valid when i use non-write services with GET, but as soon i try it on the writable services like radio.tune (POST) it won't accept my signature.

    I even calculated it by hand twice now and my signature is 100% correct for the post parameters.

    Here the steps in detail:

    XXX...XX == my api key
    YYY...YY == my session key
    ZZZ...ZZ == my secret

    0.) This is the original POST body of my request (without the newline of course)


    1.) Now when we split this up we get


    2.) Remove the equal signs and ampersands and the api_sig parameter (we recalculate it now, to prove correctness)


    md5(sorted + secret) =? 8ac82fc2b5cba56ffd0484008b2c724e

    3.) Merge it into one alphabetically sorted string (without newline)


    md5(this + secret) =? 8ac82fc2b5cba56ffd0484008b2c724e

    4.) Append the secret and md5 it


    md5() = 8ac82fc2b5cba56ffd0484008b2c724e

    sig = 8ac82fc2b5cba56ffd0484008b2c724e

    The signature is exactly what i would expect, but rejects it? What did go wrong here?

    • eaigner ha detto...
    • Utente
    • Giu 28 2010, 15:10
    Turns out you probably have undesired behavior in your API. I don't think escaping the station URL parameter should fail the request. if i don't percent encode the url, radio.tune accepts my method signature.

    Guys, get your API thing together :)

    • toc-rox ha detto...
    • Utente
    • Giu 28 2010, 21:33
    Maybe helpful - this works for me:

    perl method=radio.tune station="lastfm://user/eaigner/personal" sk="3a...0b"

    <?xml version="1.0" encoding="utf-8"?>
    <lfm status="ok">
    <name>eaigner’s Library</name>

    Remark: Have a look at your station parameter.

    • arestic ha detto...
    • Utente
    • Gen 3 2011, 20:19
    I got same problem, when I try to tune the radio with url like:

    everything is fine, but when the station url has spaces and it looks like


    API throws error #13

  • [Message deleted]

  • Invalid method signature supplied

    I have to mark a track as loved
    The method i am using is
    It requires 4 parameters
    Lets say,
    1) track = Back Together(title)
    2) artist = Time In Motion
    3) api_key = $(api_key)
    4) api_sig = ?
    5) sk = $(session_key)

    I am computing api_sig like this :
    api_sig = md5 operation of(api_key$(api_key)methodtrack.lovetrack$(track)artist$(artist)sk$(session_key)$(secret)

    I post the request like this : Together&artist=Time In Motion&api_key=$(api_key)&api_sig=$(api_sig)&sk=$(session_key)

    but i am getting the error as "Invalid method signature supplied"
    Could any one tell me what is wrong in computing the api_sig?

    • tburny ha detto...
    • Forum Moderator
    • Apr 27 2011, 22:53
    You have to sort the parameter names alphabetically first :)
    so you'd get api_key$(api_key)artist($artist)methodtrack.lovesk$(session_key)track$(track)$secret Combine your favourite radio stations! | My Blog | scala-lastfmapi | Cache2k - A high performance Java in-memory cache
    P.S.: Do not click here
    throw new PokemonException(); //Gotta catch 'em all
    My forum post reflects my personal opinion :)
  • Invalid method signature supplied

    Thanks for the reply
    I am coding in c,Linux

    But even with the above mentioned changes i am still getting the same error. :(

    for example let me take a simple method auth.getsession

    api_sig would be
    api_sig = get_md5_hash("api_keya3bfdecc21f431e4d8cc8ee254eccd97methodauth.getsessiontoken586842c5bf06f8000a5a64756713852517e1f9de19cb6ba2b0c062dedabfcee6")

    char *
    get_md5_hash(const char *str)
    return g_compute_checksum_for_string(G_CHECKSUM_MD5, str, -1);

    could you please suggest where i am going wrong?!


  • api_sig = get_md5_hash("api_keya3bfdecc21f431e4d8cc8ee254eccd97methodauth.getsessiontoken1d481b1950162f773d90834285e5f82f17e1f9de19cb6ba2b0c062dedabfcee6

    In other terms:
    md5 hash operation of (api_key$(api_key)methodauth.getsessiontoken$(token)$(secret)).

  • waiting for the reply!


    • tburny ha detto...
    • Forum Moderator
    • Mag 6 2011, 17:11
    hmm looks correct. the casing of parameter names is the same and everything is odered alphabetically.
    You did grant permissions via the browser before? Combine your favourite radio stations! | My Blog | scala-lastfmapi | Cache2k - A high performance Java in-memory cache
    P.S.: Do not click here
    throw new PokemonException(); //Gotta catch 'em all
    My forum post reflects my personal opinion :)
Gli utenti anonimi non possono inviare messaggi. Per inserire messaggi nei forum, accedi o crea il tuo account.