Certification failure

[tobiratzberger]

I was trying to submit my skill but it has failed the following initial phase of certification tests.

1. The skill end-point is not validating the signatures for incoming requests and is accepting requests when no signature URL headers are specified. Please make sure that your signature validation is correct. To reject an invalid request with an invalid signature or certificate, the skill should respond with HTTP status code 400 (Bad Request) in the response. Please refer to our documentation on how to build your Alexa Skill as a web service and validate requests and signatures.

2. The skill end-point is not validating the signatures for incoming requests and is accepting requests with an incorrect certificate URL. Please make sure that your signature validation is correct. To reject an invalid request with an invalid signature or certificate, the skill should respond with HTTP status code 400 (Bad Request) in the response. Please refer to our documentation on how to build your Alexa Skill as a web service and validate requests and signatures.

3. The skill end-point is not validating the signatures for incoming requests and is accepting requests with an invalid signature URL specified. Please make sure that your signature validation is correct. To reject an invalid request with an invalid signature or certificate, the skill should respond with HTTP status code 400 (Bad Request) in the response. Please refer to our documentation on how to build your Alexa Skill as a web service and validate requests and signatures.

4. The skill end-point is not validating the signatures for incoming requests and is accepting requests with an empty signature URL. Please make sure that your signature validation is correct. To reject an invalid request with an invalid signature or certificate, the skill should respond with HTTP status code 400 (Bad Request) in the response. Please refer to our documentation on how to build your Alexa Skill as a web service and validate requests and signatures.

Any idea how to fix this?

[smoore4moma]

I got this error feedback 5-6 times before I turned to this project. After changing it to match this repo, my skill passed. So please double-check your set-up and the actual cert and web service. It's probably not the code here.

[CarpDeus]

I'm getting this same issue with passing certification. I've got the 1.6.0 nuget package installed, I've set my application id in the Speechlet. I'm not sure what else to do.

[stefann42]

@ElvenMonky did you have a chance to test the request validation logic with 1.6.0?

@tobiratzberger @CarpDeus I will start by stating the obvious: make sure you did not override the request validation policy as described at https://github.com/AreYouFreeBusy/AlexaSkillsKit.NET#override-request-validation-policy

Assuming you didn't, start be reproducing the certification tests yourself to see how your skill responds. The easiest way is to setup ngrok to route incoming requests from Alexa service to the skill on your dev machine and use the Alexa Test Tool (from the Alexa developer portal) to send yourself a test invocation. When the Alexa Test Tool request comes in, ngrok captures the raw data so you can inspect it. Take that raw data, remove the header with the signature and play it back against your own skill and past the output in this issue.

The most common problem is that your skill responds with HTTP Status Code 500 instead of 400 because of some other error unrelated to this library.

[CarpDeus]

@stefann42 My bad. I was recording requests to the DB and wasn't handling a value correctly when none was supplied. I've fixed that and made it through. Thanks for all of your hard work in providing this framework.

[stefann42]

@CarpDeus thanks for letting us know.

@tobiratzberger any updates?