question

Voiceflow avatar image
Voiceflow asked

How to get an out-of-session consent token and set the callback URL?

I successfully get a consent token from a user when they issue a voice-request. Using that, I can create and update a custom list according to the docs.

However, my application also needs the ability to be informed of changes to the custom list - or to update the Alexa custom list if the user changes data via a mobile app. This is supposedly described in the Alexa docs on out-of-session list management.

I have successfully retrieved the SMAPI access token (eg. "Atc|XXXXXXXUSyLA")

But how do we (a) get the consent token and (b) set the callback URL for Alexa to update my application of changes?

There is a question in the FAQs ("What are some sample calls to get an out-of-session consent token to call List APIs?") which suggests POSTing soemthing like the following for the out-of-session consent token:

POST /v1/skillmessages/users/amzn1.ask.account.XXXXXXXXXXXXXX HTTP/1.1
Host: api.amazonalexa.com
Authorization: Bearer Atc|XXXXXXXXXX
Content-Type: application/json
Cache-Control: no-cache
Postman-Token: 98b62082-ff25-a7de-f33b-95d9424beb22
{"data":{"notificationTitle":"NewMessagefromBackend","spokenOutput":"Hi,This is the message sent from Backend."},"expiresAfterSeconds":60}

But the response from this lacks a consent token:

{
  'cookies': <<class 'requests.cookies.RequestsCookieJar'>[]>, 
  '_content': '', 
  'headers': {
      'X-Amzn-RequestId': 'c07009f5-4aff-4987-a7b3-bd389df28ce3', 
      'Content-Length': '0', 
      'Vary': 'Accept-Encoding,User-Agent', 
      'Server': 'Server', 
      'Connection': 'keep-alive', 
      'Date': 'Sat, 28 Oct 2017 16:09:02 GMT'
  }, 
  'url': u'https://api.amazonalexa.com/v1/skillmessages/users/amzn1.ask.account.AE44DX3XJBMRYYSSQZM7XFP5AM3T4WVA7QKGXMVK5XLCFE5SHIS4TKUIIAOBC7DNLWRMMB7GGVIY5AGA2KWXVL4RQJWD3675EE66FVL5U2O4JVHIKRE6OZNCVFGLUE32EDCRZBU4QU6436KKUPJRPHOWSBKJVF6YBL2HKXQLQ3NM5A5C3DTYCZR3XIUKUF3FU67FJNLQWHWI4DQ', 
  'status_code': 202, 
  '_content_consumed': True, 
  'encoding': None, 
  'request': <PreparedRequest [POST]>, 
  'connection': <requests.adapters.HTTPAdapter object at 0x10d7aef50>, 
  'elapsed': datetime.timedelta(0, 1, 444577), 
  'raw': <urllib3.response.HTTPResponse object at 0x10d7d95d0>, 
  'reason': 'Accepted', 
  '_next': None, 'history': []}  

(That's the Flask-ask Python response object for the call)

No consent token, and where do I set the callback URL ???

I'm pretty sure I've scoured every single piece of documentation online on this and no dice.

Thanks,

alexa skills kitsmapialexa lists
1 comment
10 |3000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

HI, were you able to figure this out?


0 Likes 0 ·
KAIYIN@AMAZON.COM avatar image
KAIYIN@AMAZON.COM answered

It seems to me that in this documentation: https://developer.amazon.com/docs/custom-skills/list-faq.html, you need to obtain the out-of-session token by:

POST /auth/o2/token HTTP/1.1

Host: api.amazon.com

Content-Type: application/x-www-form-urlencoded

Cache-Control: no-cache

client_id=amzn1.application-oa2-client.e8621d747d6742d4a7aff2bbc614fc0d&client_secret=9ef36f40378fa1a7XXXXXXXXXXX12acd650030b07bb0fcc7e467&grant_type=client_credentials&scope=alexa%3Askill_messaging

And you can use the token from response to authorize the API call, such as the Post call example shows in the doc, and looks like you already got the correct response?:

{

"access_token": "Atc|XXXXXXXXXXXXXXXXXUSyLA",

"scope": "alexa:skill_messaging",

"token_type": "bearer",

"expires_in": 3600

}

I hope I didn't missunderstand your problem. Please let me know!

10 |3000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Voiceflow avatar image
Voiceflow answered

Hi @KAIYIN@AMAZON.COM

Thank you very much for taking a look into my question & problem. That code which you posted is the first step - it provides the "Skill Messaging API access token" which will allow other applications/services to send messages to my Skill, as I understand it. (Please do correct me if I'm wrong).

So, I too am able to retrieve this Skill Messaging API token of the form "access_token": "Atc|XXXXXXXXXXXXXXXXXUSyLA",

The question though is how do we get a "consent token" ? This is described in step 2 of "Out-of-session interaction" on that page you referenced:

Once the access token is obtained, the app makes an asynchronous call to the Skill Messaging API using the Skill Messaging API access token and the userId value, which was obtained during an earlier customer voice interaction. The Skill Messaging API calls the skill back with the customer consent token.

It seems from this that the 'customer consent token' will be sent back following an async call. But sent back to where? i.e. how do I configure the callback endpoint and what request format am I expecting ?

Thank you.

10 |3000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Voiceflow avatar image
Voiceflow answered

OK, I stumbled across a reference to how we set the callback URL - via a Skill manifest file.

https://developer.amazon.com/docs/smapi/skill-manifest.html#list-no-custom

Now to work out how to do that with Flask-ask (Python) as opposed to Node

10 |3000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.