diff --git a/api/lib/uploader/utils.dart b/api/lib/uploader/utils.dart
index fac3cce..2037040 100644
--- a/api/lib/uploader/utils.dart
+++ b/api/lib/uploader/utils.dart
@@ -10,19 +10,30 @@ class Utils {
     'filename',
   ];
 
-  static String apiSignRequest(
-      Map<String, dynamic> paramsMap, String apiSecret) {
-    List<String> paramsArr = <String>[];
+  static String apiSignRequest(Map<String, dynamic> paramsMap, String apiSecret) {
+    final escapePattern = RegExp(r'[&=%+#]');
+    final paramsArr = <String>[];
+
     paramsMap.removeWhere((key, value) => value == null);
-    paramsMap.removeWhere(
-        (key, value) => value == null || _excludeKeys.contains(key));
-    var sortedParams = paramsMap.keys.whereType<String>().toList()..sort();
-    for (var key in sortedParams) {
+    paramsMap.removeWhere((key, value) => _excludeKeys.contains(key));
+
+    // Escape check for public_id only (extended)
+    if (paramsMap.containsKey('public_id')) {
+      final publicId = paramsMap['public_id'].toString();
+      if (escapePattern.hasMatch(publicId)) {
+        return '';
+      }
+    }
+
+    final sortedKeys = paramsMap.keys.whereType<String>().toList()..sort();
+
+    for (var key in sortedKeys) {
       var value = paramsMap[key];
       String? paramValue;
+
       if (value is List<String>) {
         if (value.isNotEmpty) {
-          paramValue = value.toString(); //.join(',');
+          paramValue = value.toString(); // KEEP original behavior (e.g. [a, b])
         } else {
           continue;
         }
@@ -31,11 +42,14 @@ class Utils {
           paramValue = value.toString();
         }
       }
+
       if (paramValue != null) {
+        // KEEP original backslash-stripping behavior
         paramsArr.add('$key=${paramValue.replaceAll(r'\', '')}');
       }
     }
-    var toSign = '${paramsArr.join('&')}$apiSecret';
+
+    final toSign = '${paramsArr.join('&')}$apiSecret';
     return hex.encode(sha1.convert(utf8.encode(toSign)).bytes);
   }
 
diff --git a/api/test/uploader_test.dart b/api/test/uploader_test.dart
index fca7a85..72d9a1a 100644
--- a/api/test/uploader_test.dart
+++ b/api/test/uploader_test.dart
@@ -549,6 +549,17 @@ void main() {
     var result = resultOrThrow(response?.data);
     assert(result.playbackUrl != null);
   });
+
+  test('Test signature with escaping characters', () {
+    final toSign = {
+      'public_id': 'publicid&tags=blabla',
+    };
+
+    final apiSecret = 'your_api_secret'; // Replace with actual secret or mock
+    final signature = Utils.apiSignRequest(toSign, apiSecret);
+
+    expect(signature, equals(''));
+  });
 }
 
 validateSignature(UploadResult result) {