Hello ,
I wanted to cross off all the guidelines for skill certification . In the second point it said to verify the requests sent by Alexa if the lambda ARN is compromised . In Lambda , we specifically associate with our particular skill so why do we have to recheck again .
https://developer.amazon.com/docs/custom-skills/handle-requests-sent-by-alexa.html
For now i have my SkillID as one of the variables and checking if the request's SKill ID matches and only then register handlers and if it does not match we need to send a HTTP 400 (How to do that ?). Is it okay to leave the skillID in the code ? Whats the approach i ll have to take for this.
For now , this is my code
if(event.context.System.application.applicationId === config.skillID)
{ alexa.execute(); }
// Where config.skillID is the variable i hardcoded .
Is this needed and is this the right approach ? Any help is appreciated , thanks!