POST request parameters/apache authentication sent from Skill kits
Hi, I've set up a home apache web server as an api endpoint for the Alexa skill kits. It works for me but I now use[found on the internet] an authentication for the server. And I have 2 similar questions: 1. I use apache authentication by creating a .htaccess file in root or some certain directories of /var/www/ (auth box pops up from browser when accessing the URL): AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/.htpasswd Require valid-user 2. I use a piece of PHP code inside the
api.php endpoint to authenticate, which use $_POST to get the values and do string comparison within the PHP file. In both cases, I don't know how to get pass the authentication from Echo skill kits with credentials, meaning where to put in my POST values. I actually prefer the apache authentication because it works with fail2ban
The answer is that you cannot tell alexa to pass you any special POST parameters - there's no mechanism for setting this up in and Alexa skill - but by default it already provides you everything you need as headers, and the link I gave you explains how to use those headers to validate that the request originated from Alexa. An alternate option would be to point your skill at a Lambda bucket, and then make your requests from Lambda to your webserver. From a Lambda you can control all of the aspects of the HTTP request, since it's just freeform Java or Node.js
Thanks for the answers, I'm not trying to do anything complicated here so I try to stay away from Lambda, all I want is to send some POST requests to my PHP endpoint so I can filter my instructions and run a certain script [inside the linux machine that holds the server] according to the command from the POST request, is there any simple way to achieve this?
Hi, There's no simple way to achieve this. If you only want the Alexa skill accessing certain parts of the server, you can have the server check the skill ID and signature of the request. However, the Alexa service will only send JSON encoded information to your server, and only expects JSON encoded information to be sent back, the rest is up to you. You could have a certain intent that triggers a POST request to be called on your own server, but you would need to implement that code yourself. -Nick