dottxado
commented
3 years ago Sorry for the mess, the Amazon validation can't be done inside botman because it is too late to send the Bad Request to the client.
Closed dottxado closed 3 years ago
dottxado
commented
3 years ago Sorry for the mess, the Amazon validation can't be done inside botman because it is too late to send the Bad Request to the client.
Added all the necessary to pass the automatic validation done by the Alexa developer portal when requesting the skill certification to go out in production.
The Alexa developer portal enforces some security practices that the skill must do to check that the request is really coming from Amazon, otherwise the skill must return a 400 response. In order to configure this new feature, the skill developer has to add to the config array of the driver:
The enablement is a way to develop the skill without falling into the checks: disable the validation and the skill will act as usual accepting every request, enable the validation and all the messages will be filtered to do the required checks. One of these required checks is on the skill id (given by the Alexa developer portal), so if the validation is enabled the developer must also add the skill id to the configurations.
I have also changed the unit tests to adapt to the new configuration. The private methods added to validate every single piece are a result of lots of Alexa skills developed in PHP that have passed the certification test by Amazon.