I have built an application utilizing Python that I have integrated successfully with Alexa. Since this application is very specific to my household, I was not too concerned about the deployment process since you can run in development mode forever (or it would seem).
However, in reading about the deployment process, specifically the security requirements to verify that the requests are actually coming from Amazon and not someone else, I learned that those same requirements are a good idea regardless!
So in order to deploy, Amazon requires that you verify requests from Amazon to your Alexa App. Basically, it is broken down into two sections:
My entire application is built in Python, but the Alexa front-end is built in Flask-Ask and utilizes Apache2 and WSGI. There are plenty of resources around for learning how to verify Amazon requests utilizing Java, JS, and even some straight Python, but I could not find anything at all on how to accomplish this specifically utilizing Flask-Ask.
So my question is how do I accomplish this utilizing Flask-ask?
Thanks!
According to the source code (and also the documentation, which I cannot access right now because the site is down) there are these relevant config options:
The Ask instance is given the following configuration variables by calling on Flask's configuration:
ASK_APPLICATION_ID: Turn on application ID verification by setting this variable to an application ID or a list of allowed application IDs. By default, application ID verification is disabled and a warning is logged. This variable should be set in production to ensure requests are being sent by the applications you specify. Default: None
ASK_VERIFY_REQUESTS: Enables or disables Alexa request verification, which ensures requests sent to your skill are from Amazon's Alexa service. This setting should not be disabled in production. It is useful for mocking JSON requests in automated tests. Default: True
So, by default every request is verified already.
In addition, you can add ASK_APPLICATION_ID to make sure the request is from your skill:
app = Flask(__name__)
ask = Ask(app, '/')
app.config["ASK_APPLICATION_ID"] = ["skill-id-1", "skill-id-2"] # List of allowed IDs