question

Hello Jeff, The Amazon Echo Cloud Service signs every request that we send to your application: { 'content-type': 'application/json; charset=utf-8', accept: 'application/json', 'accept-charset': 'utf-8', signature: 'XEFRND2AGayGdatgQnt0U9EfkIVVX4olHtVNsn4tSmgsZsj8 G5WRHD0jSwDyOzvk8WWsvPlsjXABK0iZJE6VTMjfqGz4 EFvbhqnwhjVocTH0cBTYCurhq+4vfOWhlFAg6PQmQwhyMBkS1Hc7UVJTaxBj6E+ l2ldE5na4rJ/C7ktPYoK5+koNfuKloQbFUvmD8tIooY UVmlNZgg6yPFXpkOzjrYEPMuZLG+PGiOJv/6nruSMu1O+qTCWyiIO5/ T6CeNyDSLp8zSU5cSEH1uDIqXXXetshRYOMGrYWQi4GRIAnPXvmQ2bdzVbhRy yfzCCk6XASyzWcPlQub3dnkKQldA==', signaturecertchainurl: ' https://s3.amazonaws.com/echo.api/echo-api-cert.pem', 'content-length': '286', host: ‘host', connection: 'Keep-Alive', 'user-agent': 'Apache-HttpClient/4.3 (java 1.5)', 'accept-encoding': 'gzip,deflate’ } You can validate the signature is coming from the Amazon Echo Cloud Service by using the certificate at the signaturecertchainurl above. With that said, if you are using Java for development this functionality is built into the helper library that provided with the Echo SDK. Please let me know if this helps and thank you very much for your feedback!! Message was edited by: rgr@amazon Message was edited by: rgr@amazon

I am actually using PHP on my endpoint. I just need to know what data I am validating against. See example here: http://php.net/manual/en/function.openssl-verify.php I have tried validating against the body of the request with no luck. $pubkeyid = file_get_contents(' https://s3.amazonaws.com/echo.api/echo-api-cert.pem'); $data = file_get_contents("php://input"); $ssl_check = openssl_verify($data, $_SERVER['HTTP_SIGNATURE'], $pubkeyid); But that keeps returning false.

Sorry, I figured this out. The signature was in base64 and had to be decoded.. Duh.. Sorry, I have a bit of a cold today.. Thanks for your help.

Great, good to hear that you are unblocked. Thank you very much for the feedback!!

Thanks, marked as answered. Message was edited by: Jeff Capron