Support Topics Documentation Slack YouTube Blog

Alexa Skill: End-point validating error

Hi Backendless - I received the following message while publishing an alexa skill. I’m not code literate sufficiently to see what I’ll need to do to resolve this to successfully publish the skill. If this question is better placed in stack overflow, please do let me know.

Thank you.


The skill end-point is not validating the signatures for incoming requests and is accepting requests with an empty signature URL.

The skill end-point is not validating the signatures for incoming requests and is accepting requests with an empty signature URL. Please make sure that your signature validation is correct. To reject an invalid request with an invalid signature or certificate, the skill should respond with HTTP status code 400 (Bad Request) in the response.
Documentation Help:
Verifying the signature certificate URL: Click here

Are you looking for help?

This is a support forum for reporting issues related to Backendless services. Please note that due to our support policy we cannot provide you help with debugging your code, consulting in regards to any language or third-party library usage. For this kind of questions we recommend using more appropriate forums like Stack Overflow.

In order to suggest you a quality solution, we shall usually ask you to provide the details mentioned below first. Including them into your topic right away helps us to start investigating your issue much faster.

In case you have a suggestion or an idea, the details below are not always required, though still any additional background is welcome.

Backendless Version (3.x / 6.x, Online / Managed / Pro )

Client SDK (REST / Android / Objective-C / Swift / JS )

Application ID

Expected Behavior

Please describe the expected behavior of the issue, starting from the first action.

Actual Behavior

Please provide a description of what actually happens, working from the same starting point.

Be descriptive: “it doesn’t work” does not describe what the behavior actually is – instead, say “the request returns a 400 error with message XXX”. Copy and paste your logs, and include any URLs.

Reproducible Test Case

Please provide a simple code that could be run in a new clean app and reproduce the issue.

If the issue is more complex or requires configuration, please provide a link to a project on Github that reproduces the issue.

Hi @Rori_Hartnell,

does your skill works in test mode?

Hi sorry i thought i responded earlier. It does work in test mode. Thanks Grin.


Don’t you forget to validate request using appropriate block ‘verifyRequest’? If no, could you please provide us your appId?


Hi Stainslaw. My AppID is: EE3AA188-1CE7-444F-FFF7-B817C30ABA00

I’ve located the “verify request” code block but I’ll need to snap it into the right location. I’ve reconfigured the blocks how i think they need to be (but in all honesty I’m guessing a bit here).

Can you provide any feedback or comments that jump out at you?

Thanks in advance.


Hi @Rori_Hartnell,

thanks for info!
Let me take some time to check it please.
Will let you know once I’ll find something.


Hello @Rori_Hartnell,

I don’t see the usage of “verfiy request” block. You should place it at the very beginning of each logic block where the request comes. Just like in this article