Alright I can call the Mobile API api_init method successully, but when I try to login I get an Invalid API Signature Response everytime. Here is what my code looks like:

String login = "http://www.test/cp,/support/api.php?api_m=login_login"+
"&api_c="+ apiClientId +
"&api_s="+ apiAccessToken +
"&api_sig="+apiSignatureSignature +
"&api_v=6"+
"&vb_login_password=mypassword"+
"&vb_login_username=myuser"
;

api signature is built like this:

StringBuilder apiSignature = new StringBuilder();
apiSignature.append("api_m=login_login");
apiSignature.append("&vb_login_password=mypassword");
apiSignature.append("&vb_login_username=mylogin");
apiSignature.append(apiAccessToken);
apiSignature.append(apiClientId);
apiSignature.append(secret);
apiSignature.append(apiKey); <-- I get this from the admin section my forum

and then hashed using MD5

Does this look right?

Couple questions:

I have seen some examples where the last bit apiKey was not added - is this necessary and does this come from the admin console?

The apiClientId I get back is 1 - is this as expected?

At one point I was using my admin user name as my client id, per an example I saw - which when I was doing that I was getting a bad login response - what would come first with in terms of errors and Invalid API Signature or Bad Login.

Any help would be greatly appreciated.