NAME

Net::Amazon::AlexaValidator - implements all security-related checks required for Amazon Alexa Skills.

SYNOPSIS

  my $alexa_validator = Net::Amazon::AlexaValidator->new({
    application_id => 'my_application_id_from_amazon_dev_site',
    echo_domain    => 'DNS:echo-api.amazon.com',
    cert_dir       => '/tmp/',
    });
  my $request = $c->req; # Requires a L<Catalyst::Request> object
  my $ret = $alexa_validator->validate_request($request);

DESCRIPTION

Highlights of the validation include:

Verifies the Signature Certificate URL. Amazon's requirements are listed here: https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/developing-an-alexa-skill-as-a-web-service#h2_verify_sig_cert
Downloads the PEM-encoded X.509 certificate chain that Alexa used to sign the message as specified by the SignatureCertChainUrl header value on the request.
Validates that the signing certificate has not expired (examine both the Not Before and Not After dates).
Validates that the domain echo-api.amazon.com is present in the Subject Alternative Names (SANs) section of the signing certificate.
Validates that all certificates in the chain combine to create a chain of trust to a trusted root CA certificate.
Base64-decodes the Signature header value on the request to obtain the encrypted signature.
Uses the public key extracted from the signing certificate to decrypt the encrypted signature to produce the asserted hash value. Generates a SHA-1 hash value from the full HTTPS request body to produce the derived hash value, and compares the asserted hash value and derived hash values to ensure that they match.
Checks the request timestamp to ensure that the request is not an old request being sent as part of a "replay" attack.

Configuration options

echo_domain

The echo domain that must be present in the Subject Alternative Names (SANs) section of the signing certificate

application_id

Application ID from your app's Amazon Alexa App settings

cert_dir

Directory in which to store your Alexa certificate, once validated

Subroutines

validate_request

Verifies this is a valid Amazon Alexa request. Checks things like application_id, certificates, timestamp.

returns { success, error_msg }

To install Net::Amazon::AlexaValidator, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Net::Amazon::AlexaValidator

CPAN shell

perl -MCPAN -e shell
install Net::Amazon::AlexaValidator

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)