Hello Everyone,
We have recently started working on Alexa's skills. Now we have completed the development and testing of the skill. But while validating we are facing issues with security. The issue is as shown below.
"The skill end-point is not validating the signatures for incoming requests and is accepting requests with an empty signature URL. Please make sure that your signature validation is correct. To reject an invalid request with an invalid signature or certificate, the skill should respond with HTTP status code 400 (Bad Request) in the response."
Now, we have tried the documentation options for custom skills with a web-based hook. But, still, we are facing the same issue.
We have already followed both ways from the below document:
https://developer.amazon.com/en-US/docs/alexa/alexa-skills-kit-sdk-for-nodejs/host-web-service.html
If we are implementing as shown in the above document, then our skill stops working.
------------------------------------------------------------------------------------------------------------------
Code from webhook:
const app = express();
var skill = Alexa.SkillBuilders.custom()
.addRequestHandlers(
alexaLaunch,
PageOrderHandler,
HelpIntentHandler,
CancelAndStopIntentHandler,
FallbackIntentHandler,
SessionEndedRequestHandler,
IntentReflectorHandler
).addErrorHandlers(
ErrorHandler)
.create();
const adapter = new ExpressAdapter(skill, true, true);
app.post("/alexa", adapter.getRequestHandlers());
------------------------------------------------------------------------------------------------------------------
We are using nodeJS for our webhook and express framework for API routing.
We are also doing the tunneling through our Apache tomcat server. We have tried both the options from the documentation and still facing the issue. Request you guys to kindly provide more documentation on the same if possible and guide us to resolve the above issue.
