Verify HTTP requests sent to an Alexa skill are sent from Amazon.
This module is framework-agnostic.
If you're using expressjs, you should check out alexa-verifier-middleware which is a lot easier to integrate.
Part of the certication process for alexa skills hosted on a generic web service (i.e., not AWS Lambda) is that your skill must validate requests are actually coming from Amazon. This is enforced by checking:
- the timestamp of the request
- the validity of the certificate
- the signature of the the request signed with the aforementioned certificate
This module provides a function to handle this validation.
arguments
cert_urlfull url of the certificate to verify (from HTTP request header namedsignaturecertchainurl)signaturesignature of the request (from HTTP request header namedsignature)requestRawBodyfull body string from POST requestcallback(optional) completion function. has 1 argument which indicates error. falsey when verification passes
You may include a callback function, in the standard node error argument-first format:
const verifier = require('alexa-verifier')
verifier(cert_url, signature, requestRawBody, function callbackFn(er) {
// if er, something went wrong
})cert_urlfull url of the certificate to verify (from HTTP request header namedsignaturecertchainurl)signaturesignature of the request (from HTTP request header namedsignature)requestRawBodyfull body string from POST requestcallbackcompletion function. has 1 argument which indicates error. falsey when verification passes
If you're hosting your web service behind a proxy, you may have trouble retrieving the Amazon cert from S3. As long as you have your http_proxy/HTTP_PROXY environment variable set, the https module will update the agent to use your proxy.
http_proxy=http://<your-proxy>:<port>
Ommiting a callback function returns a promise:
const verifier = require('alexa-verifier')
const verifyPromise = verifier(cert_url, signature, requestRawBody)