newuser-668c7375-440f-4cd6-a1f3-136c3bb947ca avatar image

Skill validation issues with endpoint

Hello Everyone,

We have recently started working on Alexa's skills. Now we have completed the development and testing of the skill. But while validating we are facing issues with security. The issue is as shown below.

"The skill end-point is not validating the signatures for incoming requests and is accepting requests with an empty signature URL. Please make sure that your signature validation is correct. To reject an invalid request with an invalid signature or certificate, the skill should respond with HTTP status code 400 (Bad Request) in the response."

Now, we have tried the documentation options for custom skills with a web-based hook. But, still, we are facing the same issue.

We have already followed both ways from the below document:

If we are implementing as shown in the above document, then our skill stops working.


Code from webhook:

const app = express();

var skill = Alexa.SkillBuilders.custom()












const adapter = new ExpressAdapter(skill, true, true);"/alexa", adapter.getRequestHandlers());


We are using nodeJS for our webhook and express framework for API routing.

We are also doing the tunneling through our Apache tomcat server. We have tried both the options from the documentation and still facing the issue. Request you guys to kindly provide more documentation on the same if possible and guide us to resolve the above issue.

alexa skills kitalexa voice servicealexaalexa for businessalexa simulator
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

Jason@Amazon avatar image
Jason@Amazon answered

I'm not sure if this is all of your code, as it is missing a few lines from the sample code as per this link:

You did mention that your skill stops working if you implement it as per the documentation, but didn't specify what the exact errors you are seeing when following the documentation?

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.