question

Lior Nitzan avatar image
Lior Nitzan asked

address api 403 on some users only

HI guys!
I'm getting 403 on address api request for some users, and working great on others (same code).

Python 3

URL = f"https://api.amazonalexa.com/v1/devices/{device_id}/settings/address"
HEADER = {
   'Accept': 'application/json',
   'Authorization': f'Bearer {access_token}'
}

response = requests.get(URL, headers=HEADER)

Any idea why ?

Thanks!

apidevice address api
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

Andy Whitworth avatar image
Andy Whitworth answered

From the Amazon documentation:

Because apiAccessToken is included in all skill requests, you cannot use the presence of apiAccessToken to determine whether or not you have the needed permissions. Instead, call the API and check the response code. A 403 Forbidden response indicates that your skill does not have the permissions, so at that point you can include the AskForPermissionsConsent card in your response to Alexa.


https://developer.amazon.com/en-US/docs/alexa/custom-skills/device-address-api.html


So some of your users haven't granted permission to divulge their address information to the skill. You need to return some speech to that effect and include a permissions card in the response.

3 comments
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Lior Nitzan avatar image Lior Nitzan ·

Thank you for taking the time to help me Andy,

The strange thing is, i'm getting this 403 on users that allowed the full address permission + i've noticed that address permission is missing from the scopes on all users when i print this: handler_input.request_envelope.context.system.user.permissions.scopes

(even though this permission is defined in my skill build->tools->permissions)
I only get this: (without alexa::devices:all:address:read)

scopes: 
     {
          "alexa::devices:all:geolocation:read": { status: "GRANTED" },
     }

Shouldn't I get both permissions back in the handler_input.request_envelope.context.system.user.permissions.scopes ?

0 Likes 0 ·
Lior Nitzan avatar image Lior Nitzan Lior Nitzan ·

apparently, some permissions are not coming in the scopes response.
https://alexa.uservoice.com/forums/906892-alexa-skills-developer-voice-and-vote/suggestions/36665794-add-additional-permission-scopes-to-alexa-response

Developers are asking for it.

0 Likes 0 ·
Andy Whitworth avatar image Andy Whitworth Lior Nitzan ·
Yes, I mentioned that in my repsonse below.
0 Likes 0 ·
Lior Nitzan avatar image
Lior Nitzan answered

added permissions images.


1659260392563.png (57.2 KiB)
1659260414511.png (21.6 KiB)
1 comment
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Andy Whitworth avatar image Andy Whitworth ·

The geolocation scope data is only included when Location Services permissions have been granted. Nothing is supplied to indicate address permissions have been granted.

https://developer.amazon.com/en-US/docs/alexa/custom-skills/location-services-for-alexa-skills.html#detect-which-specific-permissions-are-needed

Are you 100% sure that the users who get the 403 error have definitely granted "device address" permissions and not just "location services" permission ?

0 Likes 0 ·