New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More

alexa-verifier

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

alexa-verifier

Verify HTTP requests sent to an Alexa skill are sent from Amazon


Version published
Weekly downloads
889
decreased by-14.19%
Maintainers
2
Weekly downloads
 
Created

alexa-verifier

tests

Verify HTTP requests sent to an Alexa skill are sent from Amazon.

This module is framework-agnostic.

If you're using expressjs, you should check out alexa-verifier-middleware which is a lot easier to integrate.

motivation

Part of the certication process for alexa skills hosted on a generic web service (i.e., not AWS Lambda) is that your skill must validate requests are actually coming from Amazon. This is enforced by checking:

  • the timestamp of the request
  • the validity of the certificate
  • the signature of the the request signed with the aforementioned certificate

This module provides a function to handle this validation.

usage

arguments

  • cert_url full url of the certificate to verify (from HTTP request header named signaturecertchainurl)
  • signature signature of the request (from HTTP request header named signature)
  • requestRawBody full body string from POST request
  • callback (optional) completion function. has 1 argument which indicates error. falsey when verification passes

You may include a callback function, in the standard node error argument-first format:

import verifier from 'alexa-verifier'


verifier(cert_url, signature, requestRawBody, function callbackFn (er) {
    // if er, something went wrong
})

Ommiting a callback function returns a promise:

const verifyPromise = verifier(cert_url, signature, requestRawBody)

FAQs

Package last updated on 14 Dec 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts