Lawrence, I don't think Amazon is expecting any particular status code. (I don't think I set one, come to think of it.) They are expecting your program to send a request of just the form you highlighted above. You'll have generated and stored an access token for the user, and plugged that in the access_token parameter in the URL (along with the state parameter which you receive from then when the user links their account.) Perhaps I missing your question, here...but that's all you have to do. You seem like you're on the track! Steve

@Steven Arkonovich -- "They are expecting your program to send a request of just the form you highlighted above" Thank you for the reply. So, this is a POST request? As if I am submitting a form? I never would have guessed that from the phrase "redirect URL". By the way, about this here: https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/linking-an-alexa-user-with-a-user-in-your-system "It must keep track of the state value passed in the query string." What is the "state"? Why do I need to track it? My scenario involves: 1.) user types username and password into a form 2.) I generate an access token for this user and then use the "redirect URL" I don't see what "state" I would be tracking, since the access_token is a separate item. My register form is here: https://alexa.salesvoiceapp.com/register I don't yet have it working, obviously.

Lawrence, You're almost there. When the user enables the skill with account linking, they are taken to your account linking page -- the one where, in your case, they are entering their username and password. Amazon will pass a "state" parameter in the URI when it directs them to your account linking page. You have to keep track of that, and pass it along unmodified, in the redirect URL. So, a typical flow goes like this: 1. User enables skill. 2. User is taken to your account linking page. In the URI taking them there will be a state parameter. So, in your case the URI would be something like https://alexa.salesvoiceapp.com/register?client_id=xxxxxx&state=xyz etc. 3. User submits the form with whatever information you need from them. 4. On your end you grab the state parameter (and do whatever you're going to do with the username and password) and generate/store an access_token for the user. You'll need to verify future requests from the user by making sure the access token present in those future requests matches the one you have stored. 5. Finally, you redirect to your Redirect URL, including (among other things) the state parameter and the access token. That's the example they gave: https://pitangui.amazon.com/spa/skill/account-linking-status.html? vendorId=AAAAAAAAAAAAAA#state=xyz&access_token=2YotnFZFEjr1zCsicMWpAA&token_type=Bearer You need to track the state to guarantee that the request you're sending to the redirect url originally came from Amazon before Amazon will store the access token you generated. Steve

@Steven Arkonovich -- again, thank you much. Regarding the Redirect URL, I'm still wondering if this is a POST or a GET? And what HTTP status code am I suppose to send? 200 or 303?

I believe 303. (But if that doesn't work, try something else!) Steve

Hmmm, Okay. So I tried a GET to the Redirect URL, and I got: "\n\n\n\n\n \n \n \n \n \n\n\n\n \n \n\n\n \n\n \n\n\n\n\n\n \n\n\n \n\n\n\n\n\n \n\n\n \n \n\n \n \n \n\n\n\n\n\n \n\n\n \n \n\n \n\n \n\n\n\n\n \n\n \n\n \n\n \n\n \n\n \n \n\n\n\n"

Looking at my logs, I send a POST request with a 302 code to the redirect URL. Don't know of that's any help. Seems like 303 should also work... Steve

I get the same error when I try a 303 redirect. I'll try POST. If anyone has any example code, I would love to see it.

@Steven Arkonovich -- " I send a POST request with a 302 code to the redirect URL." Thank you for that.

If I switch to using POST, I get a response that looks a bit like this: :request-time 44, :status 302, :headers {"Date" "Wed, 16 Dec 2015 23:10:31 GMT", "Content-Length" "20", "Access-Control-Expose-Headers" "Location", "Location" " https://www.amazon.com/ap/signin?showRmrMe=1&openid.return_to=https%3A%2F%2Fpitangui.amazon.com%2Fspa%2Fskill%2Faccount-linking-status.html%3FvendorId%3DM1BV122Z&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.assoc_handle=amzn_dp_project_dee&openid.mode=checkid_setup&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&;", "x-amzn-RequestId" "34e6bd14-a4a-11e5-a5e6-91a197eb"}, I changed a few numbers for security reasons, but you get the idea. I am not getting anything that makes me think the Account Linking was successful.