I there an easy way to verify request signatures?

#1

Hi,
I’m making an Alexa skill through Losant and am trying to publish it, but I do not have a way of verifying Alexa signature URL’s to prevent from hackers, which is a required feature. Is there a way to write some JavaScript code to include in a conditional node so that I can check the key parts of the signature?

#2

Unfortunately the process required to verify the request is quite complicated. It involves downloading and verifying signatures in certificate files from Amazon.

We’ll be implementing this verification as part of an Alexa specific webhook in a future release. I don’t have a timeline for when we’ll be releasing that.

For the moment, if you want to publish a skill, we recommend using Lambda to avoid the verification complexity.

#3

@Brandon_Cannaday I am just curious if you ever got around to this. I have a terrific application for integrating Alexa with Project Canary (air quality monitoring), but I would love to avoid the added complexity of a Lambda function if possible.

#4

Yes we did! When you create a webhook in Losant there is now an option for Alexa verification.