Your Alexa Dashboards Settings

Skill Messaging API Reference

The Skill Messaging API is used to send message requests to skills.

See also: Skill Events in Alexa Skills, List Events in Alexa Skills and Configure an Application or Service to Send Messages to Your Skill

North American (NA) and European (EU) POST commands

The final POST command, constructed from the apiEndpoint value, takes the form shown, with the first being the US endpoint, and the second being the EU endpoint.

    POST api.amazonalexa.com/v1/skillmessages/users/{userId}

    POST api.eu.amazonalexa.com/v1/skillmessages/users/{userId}

For a skill that consumes skill events, the endpoint to use is based on the apiEndpoint value sent in the events for this user.

Skill Messaging API Usage

Use the Skill Messaging API to send a message request to a skill for a specified user.

The Skill Messaging API is asynchronous. A successful response denotes that the message has been accepted, and will be enqueued to be sent to the skill. The skill endpoint must be available for an accepted message to be successfully delivered to the skill. If the skill endpoint is unavailable, the message will be retried periodically for as long as the expiresAfterSeconds field allows (or a default expiry if not provided). A successful delivery requires the skill to acknowledge the message by succeeding the context.

If the skill is online, the message will be delivered as it is processed. There is no guaranteed timing or ordering of the delivery of messages. Since the caller also owns the skill being messaged, the caller is responsible for determining whether a message has been delivered to the skill. There is no receipt or confirmation of the delivery mechanism. The caller is also responsible for handling duplicate messages in the skill in case multiple requests are sent.

Sample cURL Message Request for the Skill Messaging API

ALEXA_USER_ID='ReplaceWithUserId'
SKILL_MESSAGING_TOKEN='ReplaceWithToken'
MESSAGE='{"data":{ "sampleMessage": "Sample Message"}, "expiresAfterSeconds": 60}'
API_URL=https://api.amazonalexa.com/v1/skillmessages/users/$ALEXA_USER_ID

 curl -v -s -k -X POST \
      -H "Authorization: Bearer $SKILL_MESSAGING_TOKEN" \
      -H "Content-Type: application/json" \
      -d "$MESSAGE" \
      $API_URL

 

Parameters for the Skill Messaging API

 
Name Location Type Required? Description
userId path string Required The ID of the skill user. This ID is the same as the userId provided in requests sent by Alexa. It must correspond to a valid user for the specified skill.
skillMessagingToken head string Required The token provided from the authorization API. This is a Bearer type token. For example: Authorization: Bearer Atz|zzzzbbbccc
message body object Required

The message you want to send to the skill, in the following format:

{
    data:{ },
    expiresAfterSeconds: integer                                                                 
}

Message Object

Parameter Type Description
data JSON Required. The payload data to send with the message. The data must be in the form of JSON-formatted key-value pairs. Both keys and values must be of type String. The total size of the data cannot be greater than 6KB. For calculation purposes, this includes keys and values, the quotes that surround them, the “:” character that separates them, the commas that separate the pairs, and the opening and closing braces around the field. However, any whitespace between key/value pairs is not included in the calculation of the payload size. If the message does not include payload data, as in the case of a sync message, you can pass in an empty object, such as "data":{}
expiresAfterSeconds integer Optional. The number of seconds that the message will be retained to retry if message delivery is not successful. Allowed values are from 60 (1 minute) to 86400 (1 day), inclusive. The default is 3600 (1 hour). Multiple retries may occur during this interval.
The retry logic is exponential. The first retry executes after 30 seconds, and this time period doubles on every retry. The retries will end when the total time elapsed since the message was first sent has exceeded the value you provided for expiresAfterSeconds.
Message expiry is rarely a problem if the message handler has been set up correctly. With a correct setup, you will receive the message once promptly. This mechanism for retries is provided as a safeguard in case your skill goes down during a message delivery.

Response (to a Request to the Skill Messaging API)

 
Code Description Headers
202Message has been successfully accepted, and will be sent to the skill.X-Amzn-RequestID

X-Amzn-RequestID Object

Name Type Description
X-Amzn-RequestIDstringA value created that uniquely identifies the request. If you have problems, Amazon can use this value to troubleshoot the problem.

 

Error Codes

Code Error Description
400 Bad request Data is missing or not valid.
403Forbidden requestThe skillmessagingToken is expired or not valid.
404Not found.The userId does not exist.
429Message rate exceeded.The requester has exceeded their maximum allowable rate of messages.
500Internal service exception

Receiving Messages in Your Skill

After you enable your skill for permissions and configure the corresponding application for your skill, make sure that the service for your skill (AWS Lambda or web service) knows how to handle a message it receives. Messaging.MessageReceived is a request type similar to other requests that skills receive. For details on the standard request format, see JSON Interface Reference for Custom Skills.

Skill Service Must Send Acknowledgments to the Skill Messaging API

For an out-of-session message, the service for your skill (AWS Lambda or web service) must send an acknowledgement to the Skill Messaging API that it received the message. Otherwise, the API continues to send the message until it expires. Send the acknowledgement by calling context.succeed(*response*); after you handle the message. When you are making other API calls upon receiving messages, it is important to succeed the context after those API requests synchronously return. For more information, see The Context Methods in Node.js Runtime v0.10.42 in the AWS Lambda documentation.

Messaging.MessageReceived Request Type

The Messaging.MessageReceived request type should be handled by the skill endpoint (whether that is AWS Lambda or web service). The request is a type of intent, so your skill will require an additional handling method for this type of request. See Request Format in JSON Interface Reference for Custom Skills.

RequestMessageRequest
InterfaceMessaging
Definition
"request": {
    "type": "Messaging.MessageReceived",
    "requestId":"string",
    "timestamp":"string",
    "message": <object>
	}
Attributesmessage: A message blob provided by a third-party application back end. The message blob has a limit of 6 KB within our system.

The Messaging.MessageReceived request sample shown below uses a consentToken in the permissions object. For out-of-session messaging requests, a consentToken, which contains the user’s consent, is provided to the skill, if the user has provided that consent. See Context Object in JSON Interface Reference for Custom Skills for more information.

A consent token is valid for 60 minutes, and should not be persisted. A consent token is refreshed automatically every time the Skill Messaging API receives a new in-session request or out-of-session request.

Each userId lasts for the lifetime of the skill enablement for the skill user. If a user disables and re-enables a skill, the userId will change. Thus, when this user next uses the skill, the user will be seen as a new user. As with a new user, the userId must be noted in-session so that it can be used to send a message out-of-session. If the Skill Messaging API is used to call the skill messaging endpoint (/skillmessages/users/{userId}), and a 404 error (userId not found) occurs, then the userId is no longer valid in the system.

apiEndpoint Value in Context Object in Requests

The IntentRequest sample shown below uses an apiEndpoint value in the System object. The value varies depending on the location of the user. See Context Object in JSON Interface Reference for Custom Skills for more information.

North American (NA) userEuropean (EU) user
https://api.amazonalexa.comhttps://api.eu.amazonalexa.com

Include Permissions Field in Each Messaging.MessageReceived Request

If you have Permissions enabled in the Amazon Developer Portal, the permissions field is included in each Messaging.MessageReceived request. If the user has not consented to permissions, this field will not include a nested consentToken field. However, if the skill requires a consent token, the skill must prompt the user to accept permissions by throwing a permissions card, as discussed in New Permissions Card for Requesting Customer Consent.

Sample Messaging.MessageReceived Request

The IDs have been altered and truncated in this example.

{
  "version": "1.0",
  "context": {
    "System": {
      "application": {
        "applicationId": "amzn1.echo-sdk-ams.app.b4277435"
      },
      "user": {
        "userId": "amzn1.ask.account.AGQ3PQ"
      },
      "apiAccessToken": "AxThk...",
      "request": {
        "type": "Messaging.MessageReceived",
        "requestId": "amzn1.echo-api.request.0000000-0000-0000-0000-00000000000",
        "timestamp": "2015-05-13T12:34:56Z",
        "message": {
          "notice": "<< text of message >>"
        }
      }
    }
  }
}

Sample IntentRequest with Permission Support

{
  "version": "1.0",
  "session": {
    "new": false,
    "sessionId": "amzn1.echo-api.session.0000000-0000-0000-0000-00000000000",
    "application": {
      "applicationId": "amzn1.echo-sdk-ams.app.000000-d0ed-0000-ad00-000000d00ebe"
    },
    "attributes": {
      "supportedHoroscopePeriods": {
        "daily": true,
        "weekly": false,
        "monthly": false
      }
    },
    "user": {
      "userId": "amzn1.account.AM3B00000000000000000000000"
    }
  },
  "context": {
    "System": {
      "application": {
        "applicationId": "amzn1.echo-sdk-ams.app.000000-d0ed-0000-ad00-000000d00ebe"
      },
      "user": {
        "userId": "amzn1.account.AM3B00000000000000000000000"
      },
	  "apiAccessToken": "AxThk...",
      "apiEndpoint": "https://api.amazonalexa.com"
    }
  },
  "request": {
    "type": "IntentRequest",
    "requestId": " amzn1.echo-api.request.0000000-0000-0000-0000-00000000000",
    "timestamp": "2015-05-13T12:34:56Z",
    "intent": {
      "name": "GetZodiacHoroscopeIntent",
      "slots": {
        "ZodiacSign": {
          "name": "ZodiacSign",
          "value": "virgo"
        }
      }
    }
  }
}

 

New Permissions Card for Requesting Customer Consent

The apiAccessToken is included on all requests to your skill, regardless of whether the user granted your skill the permissions needed to fulfill the request. Therefore, the token may not contain the right set of permissions for your skill to fulfill the request. Your skill can display a special permissions card to ask customers for consent dynamically.

New CardAskForPermissionsConsentCard
InterfaceCardRenderer
Definition
{
    "type": "AskForPermissionsConsent",
    "permissions": << list of scope strings >>
}
Attributespermissions: this contains a list of scope strings that maps to Alexa permissions. Include only those Alexa permissions that are both needed by your skill and that are declared in your skill metadata on the Amazon Developer Portal.

Because apiAccessToken is included in all skill requests, you cannot use the presence of apiAccessToken to determine whether or not you have the needed permissions. Instead, call the API and check the response code. A 403 Forbidden response indicates that your skill does not have the permissions, so at that point you can include the AskForPermissionsConsent card in your response to Alexa.

Sample Response with Permission Card

An in-session interaction can return a response that includes the new AskForPermissionsConsent card. Here is a typical response for a card with a request for write permissions.

{
  "version": "1.0",
  "response": {
    "card": {
      "type": "AskForPermissionsConsent",
      "permissions": [
           "write::alexa:household:list" 
      ]
    }
  }
}

The permissions value will match the scope that you declared for the skill on the Configuration page in the Amazon Developer Portal.