Call Alexa SKill over API request - alexa

Is possible to call a skill from Alexa using an API?
When I search about this i find things about use API inside skill code from developer.amazon.com, but in this case we use API in skill. Not the API calling this skill from a request
Is possible to do this?

Short answer: Not today
Why? Because using Alexa requires an account and no API is available to login as a user on Alexa. Maybe one day, that would be helpful.

Related

How can I create Coinbase oauth application on behalf of the user?

I have the following goal - I want to integrate my application users with Coinbase. All users should be able to connect their own Coinbase accounts with my application so I can grant read permissions. In order to do that I have to use oauth api, but the problem is, I do not want to ask users to first create oauth application through the Coinbase UI themselves and then provide me the application ID and secret so I can initiate a coinbase oatuh integration. I need a seamless, one click integration. Do you have any suggestions how to achieve that?
Thanks....
The whole point of oAuth to not need the api key.
this is the documentation that says how to do it. future questions need to be programming specific or stack overflow will eat you up for dinner.
https://docs.cloud.coinbase.com/sign-in-with-coinbase/docs/sign-in-with-coinbase-integration

Is possible to send OTP only with ReactJS(only with plain JS, without NodeJS)

Is there any way to send OTP only using React(with Vonage or Twilio)?
Twilio developer evangelist here.
If you are looking to send an OTP via SMS using a service like Twilio then you will need a back-end of some sort. That back-end does not have to be written in Node.js, you just need a server-side component.
The reason for this is that Twilio, and other APIs, give you a secret, in Twilio's case it is called an Auth Token, that authenticates you with the API and lets your account send those messages. If you try to make calls to the API directly from within your React application, you would expose that Auth Token and a malicious user could take it and use it to abuse your account.
I wrote a post on how to send SMS messages using React, Twilio and Node.js that might help you.
If you are trying to send OTP codes, you might find that the Twilio Verify API is actually better suited for this. It is a dedicated API for sending and verifying OTP codes. This blog post shows you how to build your own Verify service using Twilio Functions. The benefit of Twilio Functions is that you don't need to run your own servers, you can host the functions in Twilio's infrastructure.
Let me know if this helps at all.

Exporting Google action to Alexa skill

I have a google action which I am trying to export as an Alexa skill using these instructions. https://dialogflow.com/docs/integrations/alexa-exporter
The Alexa Skills Kit console asks for an HTTPS service endpoint, but I don't know what to set here
Is it the same as the Webhook fulfillment URL in dialogflow ?
Also when I try opening the https webhook url in the browser I get this error -
Action Error: no matching intent handler for: null
This does not "export a Google Action" for use as a Skill.
What it does is let you use Dialogflow to help define the user Intents, phrases, and Slot Entities that the legacy Skill Console expected. In particular it does not send your Alexa voice commands to Dialogflow for processing. The "fulfillment" section for Dialogflow is not used for Alexa handling.
Alexa still expects either an AWS Lambda or an HTTPS webhook to be specified where you will do the processing using its JSON format.

AWS API Gateway Method Authorization

I have domain with aws example.com, currently I have record set so that when user goes to example.com, it serves static website from S3 (done with angular) and backend api (Lambda and API gate way). And I don't have sign in process, as the purpose of site is public facing.
I can use apikey on method to authorize the http call, but I still have to save it in js code somewhere, which I don;t want to do. And I am not sure how IAM role can help me in this scenario.
Is there any way I can let api allow calls from specific domain ?
You can use IAM Role defined for Unauthenticated user in AWS Cognito Federated Identities. The AWS document will guide through the process assigning IAM Role to the Unauthenticated user.
Then you can enable "AWS_IAM" Authorizer option in the API Gateway for any specific API's resources.
This question has similar approach in implementing the IAM Role - based to access API, in which the implementation is using External Federated Identities (Google) instead of unauthenticated user identities.
There are a few ways to skin this cat.
The least painful way is likely to be using AWS Signature V4-- unfortunately, there's no great answer for a site that doesn't have an auth system built in already. Someday they'll let us park API Gateways inside of VPCs, but that day isn't today.

Google Cloud Pub/Sub Publishing from Browser - How does Auth work?

I have a requirement to use Google Cloud Pub/Sub API directly from Browser ( similar to GA script). I was wondering how can in handle Auth without requiring going through a back-end server.
I want to invoke the Cloud Pub/Sub API directly from the browser. I tried and it says i need to authenticate first , my issue is how to secure the Auth Token.
Is there any javascript library that is available which i can use in Browser ( not backend) to invoke the Google Pub/Sub API.
Thanks in advance
The general approach in Javascript for authorizing and making authorized requests to Google APIs is shown at https://developers.google.com/api-client-library/javascript/samples/samples#AuthorizingandMakingAuthorizedRequests -- it's not specific to the Cloud Pubsub API, but it should work for all Google APIs. Similarly, https://developers.google.com/api-client-library/javascript/start/start-js for general Javascript access to Google APIs.
This is quite an old topic, but I've been recently assessing if it's possible. The simple answer is - yes, it is possible to send messages into PubSub topics directly from a browser application. The solution is as follows:
You need to post a message via REST API using fetch()
You need to send the Authorization header
Authorization header has to contain oAuth2.0 token identifying the user; it can be an anonymous authenticated user or fully authenticated, using firebase authentication library for example.
To have all three above working perfectly, you'd have to write a lot of code. It is not practical at all and architecturally not nice. Unless you absolutely need to do it that way, not another (I can't see why though), the simplified but involving a bit more components solution is as follows:
Authenticate user in-browser via firebase - can be either anonymous or full user
Do simple GET or POST to your cloud/firebase function with the required payload
In function validate the incoming request which will have authenticated user token
If validation is good then publish message into the topic
This way it's still secure, much more maintainable and clearly separated into functional components. Less code, a bit more infrastructure.

Resources