question

The SDK does it for you. And you can also set a system variable to get it not to. For example, if you are unit testing from curl or EchoSim.

I put together this Clojure function to check the signature of the request: (defn check-amazon-signature "An explanation of what should happen is described here: https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/developing-an-alexa-skill-as-a-web-service" [request] (let [ ;; this line gets the signature, as a string, out of the request signature (get-in request [:headers "signature"]) ;; I get the signaturecertchainurl as a string out of the request signaturecertchainurl (get-in request [:headers "signaturecertchainurl"]) ] (println " the signature " signature) (println " the signaturecertchainurl " signaturecertchainurl) (com.amazon.speech.speechlet.authentication.checkRequestSignature serializedSpeechletRequest signature signaturecertchainurl))) However, I am not really sure what they mean by serializedSpeechletRequest. Is this simply the body of the request, after I've called .getBytes on it? So for instance, this (I smudged some ids here for safety's sake): :body {:version "1.0", :session {:new true, :sessionId "amzn1.echo-api.session.16-fe0c-4627-87d1-cbfc74467500", :application {:applicationId "amzn1.echo-sdk-ams.app.b9ad2f-2233693c4fbd"}, :user {:userId "amzn1.echo-sdk-account.AFXBXXBVHI74YCY6SZPGO666NB7I22OLG", :accessToken "af1af1fc-682e486e8b2"}}, :request {:type "IntentRequest", :requestId "amzn1.echo-api.request.2a5188e-14ab4c63a5a0", :timestamp "2016-01-10T20:57:02Z", :intent {:name "GetCompany", :slots {:Company {:name "Company", :value "big steak grill"}}}}}, :scheme :http, :request-method :post} Nevermind the Clojure formatting, they basically mean this as a string? Or do they mean something else?