How to reset or unlink account linking programmatically after 3 incorrect attempts
The Security Testing Checklist (reference: https://developer.amazon.com/docs/custom-skills/security-testing-for-an-alexa-skill.html ) includes a test 2.4.4, which requires: "After three consecutive incorrect voice code attempts, the skill instructs you to reset your voice code. Attempting a fourth request with the original, correct voice code now fails."
In order to comply with this requirement, I am currently instructing the user to unlink their account, as our account-linking page is where the user sets their unlocking PIN. However, I cannot find a way to unlink/request that Amazon unlinks the user's account programmatically. The most I can do is keep track of the number of times the user speaks an incorrect PIN and suggest that they disable the skill (to un-link their account) and re-enable the skill and then link their account with a new PIN. This is a less-than-ideal user-experience.