question

Lior Nitzan avatar image
Lior Nitzan asked

address api 403 on some users only

HI guys!
I'm getting 403 on address api request for some users, and working great on others (same code).

Python 3

URL = f"https://api.amazonalexa.com/v1/devices/{device_id}/settings/address"
HEADER = {
   'Accept': 'application/json',
   'Authorization': f'Bearer {access_token}'
}

response = requests.get(URL, headers=HEADER)

Any idea why ?

Thanks!

apidevice address api
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Andy Whitworth avatar image
Andy Whitworth answered

From the Amazon documentation:

Because apiAccessToken is included in all skill requests, you cannot use the presence of apiAccessToken to determine whether or not you have the needed permissions. Instead, call the API and check the response code. A 403 Forbidden response indicates that your skill does not have the permissions, so at that point you can include the AskForPermissionsConsent card in your response to Alexa.


https://developer.amazon.com/en-US/docs/alexa/custom-skills/device-address-api.html


So some of your users haven't granted permission to divulge their address information to the skill. You need to return some speech to that effect and include a permissions card in the response.

3 comments
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Thank you for taking the time to help me Andy,

The strange thing is, i'm getting this 403 on users that allowed the full address permission + i've noticed that address permission is missing from the scopes on all users when i print this: handler_input.request_envelope.context.system.user.permissions.scopes

(even though this permission is defined in my skill build->tools->permissions)
I only get this: (without alexa::devices:all:address:read)

scopes: 
     {
          "alexa::devices:all:geolocation:read": { status: "GRANTED" },
     }

Shouldn't I get both permissions back in the handler_input.request_envelope.context.system.user.permissions.scopes ?

0 Likes 0 ·
0 Likes 0 ·
Yes, I mentioned that in my repsonse below.
0 Likes 0 ·
Lior Nitzan avatar image
Lior Nitzan answered

added permissions images.


1659260392563.png (57.2 KiB)
1659260414511.png (21.6 KiB)
1 comment
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

The geolocation scope data is only included when Location Services permissions have been granted. Nothing is supplied to indicate address permissions have been granted.

https://developer.amazon.com/en-US/docs/alexa/custom-skills/location-services-for-alexa-skills.html#detect-which-specific-permissions-are-needed

Are you 100% sure that the users who get the 403 error have definitely granted "device address" permissions and not just "location services" permission ?

0 Likes 0 ·