Skip to content

alexa-js/alexa-verifier

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

80 Commits

test

test

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

fetch-cert.js

fetch-cert.js

 
 

index.js

index.js

 
 

package.json

package.json

 
 

validate-cert-uri.js

validate-cert-uri.js

 
 

validate-cert.js

validate-cert.js

 
 

Repository files navigation

alexa-verifier

Build Status

Verify HTTP requests sent to an Alexa skill are sent from Amazon.

This module is framework-agnostic.

If you're using expressjs, you should check out alexa-verifier-middleware which is a lot easier to integrate.

motivation

Part of the certication process for alexa skills hosted on a generic web service (i.e., not AWS Lambda) is that your skill must validate requests are actually coming from Amazon. This is enforced by checking:

  • the timestamp of the request
  • the validity of the certificate
  • the signature of the the request signed with the aforementioned certificate

This module provides a function to handle this validation.

usage

const verifier = require('alexa-verifier')


verifier(cert_url, signature, requestRawBody, callback)
  • cert_url full url of the certificate to verify (from HTTP request header named signaturecertchainurl)
  • signature signature of the request (from HTTP request header named signature)
  • requestRawBody full body string from POST request
  • callback completion function. has 1 argument which indicates error. falsey when verification passes

About

Verify HTTP requests sent to an Alexa skill are sent from Amazon

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

5 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 100.0%