Alexa Skill Credentials API

Note: Watch the replay of Alexa Live ‘22 on demand. Catch the latest on ambient intelligence, smart home, and AI.

The Alexa Skill Credentials API returns the client credentials, in particular the clientId and clientSecret for the skill. These credentials can be used to get the customer authentication token that can be used to get the access token from the Skill Messaging API.

The workflow is as follows:

The skill service code calls LWA to get the access token.
This token is then used to authorize the calls to the SMAPI APIs.
After authorization, the SMAPI API returns the client credentials for a particular skillId. The response contains the skillMessagingCredentials which are used by the skill to get the customer authentication token which then enables the skill to access the approved permissions.

The API's endpoint is https://api.amazonalexa.com. Each API request must have an Authorization header whose value should be the access token retrieved from Login with Amazon.

GET

Obtain the skill credentials for the specified skill.

HTTP/1.1

GET /v1/skills/{skillId}/credentials

Field	Description	Parameter Type	Required?
skillId	Unique identifier of skill.	String	Yes

Request

Request headers

  Content-Type: application/json
  Accept: application/json
  Authorization: string

Request body

Empty body.

Response

Response header

Content-Type: application/json
X-Amzn-RequestId: string
X-Amzn-Authorization: string

Response body

{
  "skillMessagingCredentials": {
    "clientId": "<String>",
    "clientSecret": "<String>"
  }
}

Field	Description
clientId	Unique identifier for the client
clientSecret	A string known only to the application and the authorization server.

Error response handling–Status codes

Status	Code	Description
401	Unauthorized	The user/requester is not authorized to obtain skill credentials.
404	Not found	Either the specified skill does not exist, or the skill does not have skill messaging credentials.
429	Too many requests	Returned when the client has made more calls than the allowed limit. Limit is 25 tps per skill.
500	Internal server error	Returned when the Skill Credentials API encounters an internal server error for a valid request.
503	Service unavailable	The service is unavailable.