You're probably double-encoding the token here, I'll bet that whatever library you're using will transmit this as "a25a....c2%252B%252C". So try using a literal +\ in the token parameter and let the library handle the escaping for you.
Roan, thanks for the reply. This is what I've observed when I printed $_POST variable.
1. When I let the token be sent as +, the post parameters were Array ( [action] => upload [url] => http://www.google.com/intl/en_ALL/images/logo.gif [token] => a25a10589a377fc4d75e5e0dcfb209c2 \ [format] => json )
2. When I encode +\ and send the token, the post parameters were Array ( [action] => upload [url] => http://www.google.com/intl/en_ALL/images/logo.gif [token] => a25a10589a377fc4d75e5e0dcfb209c2+\ [format] => json )
Thus, I started using them. This was just a curl call made through php.
Thanks,