Skill Credentials REST API Reference

Note: Submit your skill and see it come to life.

Use the Skill Credentials REST API to get the client ID and client secret credentials for a skill.

You can also find the skill credentials in the Alexa developer console or by using the Alexa Skills Kit (ASK) Command Line Interface (CLI) get-skill-credentials command.

API endpoint

The endpoint of the Skill Credentials API is https://api.amazonalexa.com.

Authentication

Each API request must have an authorization header whose value is the access token retrieved from Login with Amazon (LWA). For details, see Get an Access Token for SMAPI.

Operations

The Skill Credentials API includes the following operations.

Operation	HTTP method and URI
Get skill credentials	`GET /v1/skills/{skillId}/credentials`

Get skill credentials

Get the client credentials for the skill.

Request

To get the skill credentials, you make a GET request to the credentials resource.

Request path and header example

Copied to clipboard.

GET /v1/skills/{skillId}/credentials
Host: api.amazonalexa.com
Content-Type: application/json
Authorization: Bearer {access token}
Accept: application/json

Request path and header parameters

Parameter	Located in	Description	Type	Required
`skillId`	Path	Identifies the skill. Valid values: 1 – 255 characters.	String	Yes
`access token`	Header	LWA token.	String	Yes

Request body example

The request has no body.

Request body properties

The request has no body.

Response

A successful response returns HTTP 200 OK, along with the skill credentials. On error, the response returns the appropriate HTTP status code and includes a response body with an error code and human readable message.

Response body example

The following example shows a response.

{
    "skillMessagingCredentials": {
        "clientId": "client.id.1",
        "clientSecret": "client.secret.1"
    }
}

Response body properties

Property	Description	Type
`clientId`	Unique identifier for the skill.	String
`clientSecret`	Unique token known only to Alexa and the OAuth 2.0 server.	String

HTTP status codes

Status	Description
`200 OK`	Response body contains the credentials.
`400 Bad Request`	Indicates that one or more properties in the request body are invalid. The following example shows the response body with the error and message. `{ "message": "The property is outside the allowed range.", "code": "INVALID_STRING_LENGTH" }`
`401 Unauthorized`	Request didn't include the authorization token or the token is invalid or expired. Or, the client doesn't have access to the resource.
`403 Forbidden`	Indicates that the authorization token is valid, but the requested operation isn't allowed.
`404 Not Found`	Requested resource not found.
`429 Too Many Requests`	Skill has exceeded the permitted rate limit (specified number of requests per unit of time). The skill can retry the request by using exponential back-off.
`500 Server Error`	Error occurred on the server. The skill can retry the request by using exponential back-off.
`503 Service Unavailable`	Server is down for maintenance, overloaded, or otherwise unavailable to handle the incoming request.

ASK CLI Reference