Alexa Request Verifier is a library that handles all of the certificate and request verification for Alexa Requests for certified skills. (See the Alexa Skills Documentation for more information)
Specifically, it will:
- Confirm the URL for the certificate is a valid Alexa URL
- Validate the certificate is valid
- Confirm the request is recent (to avoid playback attacks)
- Validate the message signature
Alexa Request Verifier uses ConCache to cache certificates once they have been verified.
- If available in Hex, the package can be installed
by adding
alexa_request_verifierto your list of dependencies inmix.exs:
def deps do
[{:alexa_request_verifier, "~> 0.1.7"}]
end2.You will need to add AlexaRequestVerifier as an application in the same mix.exs file.
applications: [..., :alexa_request_verifier] - You will also need to modify your endpoint.ex file by changing the parser as follows:
parsers: [AlexaRequestVerifier.JSONRawBodyParser, :urlencoded, :multipart, :json],- You will need to add the verifier plug to your pipeline in your router.ex file
pipeline :alexa_api do
plug :accepts, ["json"]
plug AlexaRequestVerifier
endA big thanks to the Elixir Forum for helping me navigate all of the semi-documented Erlang :public_key libraries. Forum thread.
The Hex documentation can be found at https://hexdocs.pm/alexa_request_verifier.