Verify HTTP requests sent to an Alexa skill are sent from Amazon.
This module is framework-agnostic.
If you're using expressjs, you should check out alexa-verifier-middleware which is a lot easier to integrate.
Part of the certication process for alexa skills hosted on a generic web service (i.e., not AWS Lambda) is that your skill must validate requests are actually coming from Amazon. This is enforced by checking:
- the timestamp of the request
- the validity of the certificate
- the signature of the the request signed with the aforementioned certificate
This module provides a function to handle this validation.
arguments
cert_url
full url of the certificate to verify (from HTTP request header namedsignaturecertchainurl
)signature
signature of the request (from HTTP request header namedsignature
)requestRawBody
full body string from POST requestcallback
(optional) completion function. has 1 argument which indicates error. falsey when verification passes
You may include a callback function, in the standard node error argument-first format:
import verifier from 'alexa-verifier'
verifier(cert_url, signature, requestRawBody, function callbackFn (er) {
// if er, something went wrong
})
Ommiting a callback function returns a promise:
const verifyPromise = verifier(cert_url, signature, requestRawBody)