protect the endpoint based on application_id
xgess opened this issue · comments
Alex Gessner commented
it seems to be best practice to have something like this in your lambda-based alexa application:
if (event['session']['application']['applicationId'] != "amzn1.echo-sdk-ams.app.[unique-value-here]"):
raise ValueError("Invalid Application ID")