alexa-verifier-middleware

alexa-verifier-middleware

An express middleware that verifies HTTP requests sent to an Alexa skill are sent from Amazon.

Version 3.x is now a pure ES module, and requires node 12.17 or higher. If you want to run this via an older version of node, use alexa-verifier-middleware@1.x

Usage

It is recommended that you attach all Alexa routes to an express Router.

import express  from 'express';
import verifier from 'alexa-verifier-middleware';


const app = express();

// create a router and attach to express before doing anything else
const alexaRouter = express.Router();
app.use('/alexa', alexaRouter);

// attach the verifier middleware first because it needs the entire
// request body, and express doesn't expose this on the request object
alexaRouter.use(verifier);

// Routes that handle alexa traffic are now attached here.
// Since this is attached to a router mounted at /alexa,
// this endpoint will be accessible at /alexa/weather_info
alexaRouter.get('/weather_info', function (req, res) { ... });

app.listen(3000);

Common errors

The raw request body has already been parsed.

• This means that you're probably using one of the body-parser middlewares and it is loaded before this one. To fix it, you should load the body-parsers after this one.

Before:

const alexaRouter = express.Router();
app.use('/alexa', alexaRouter);

// INCORRECT
alexaRouter.use(bodyParser.json());
alexaRouter.use(verifier);

After:

const alexaRouter = express.Router();
app.use('/alexa', alexaRouter);

// CORRECT
alexaRouter.use(verifier);
alexaRouter.use(bodyParser.json());

Mentions

• mreinstein for his alexa-verifier module, which allows you to verify any Amazon requests from any web service

Changelog

2.1.0

• Updated to check against SHA-256 signature of request body (#47)