Access the Alexa Shopping and To-Do Lists with Python3 request module

Question

In a nutshell, I am attempting to access my Amazon account's default Shopping List and To-Do List via Python request module. I feel like there must be step that I am overlooking after attemtpint to follow the developer documentations on this topic. I went over the steps provided by the Alexa developer post Access the Alexa Shopping and To-Do Lists and here are small commentaries from my experience from the steps provided:

1. Configure permissions to access the Alexa lists in your skill.
   This step was rather simple. I started with creating my custom skill as advised here , but I ended up actually making the skill provided here , so essentially only completing the fist two steps. Once the custom skill was created, I was able to enable the read and write permissions for the Skill (toggled Lists Read/Write), thus giving the skill list access.
2. Design a user intent model that uses customer Alexa lists.
   This step I assume is skipped?? I did not see any reference to this step anywhere on the page besides the beginning.
3. Handling customer missing permissions.
   I just went to my Alexa App and enabled access inside the settings of my custom "Dev" skill in this stage.
4. Get access the customer's Alexa lists.
   Here I followed the steps for Out-of-session interaction and obtained "token". I believe this is Skill Messaging API Access Token?
5. Implement the list management capabilities in your skill service code.
   This, I suppose, is where my disconnect is shown. After acquiring my token, I attempt to use the List Management REST API . The following Python code attempts to list out my current lists that I have with my client ID and secret values loaded from a json file in the same directory:

import requests
import json

def main():
    # Load client ID and Secret values
    with open("client_info.json", "r") as cred:
        clientInfo = json.load(cred)

    clientID = clientInfo["clientID"]
    clientSecret = clientInfo["clientSecret"]


    # Gettign token for api requests

    HEADERS = {
        "X-Amzn-RequestId": "d917ceac-2245-11e2-a270-0bc161cb589d",

        "Content-Type": "application/json"
    }

    DATA = {"client_id": clientID, "grant_type": "client_credentials",
            "client_secret": clientSecret, "scope": "alexa:skill_messaging"}

    url = "https://api.amazon.com/auth/o2/token"

    DATA = json.dumps(DATA)
    response = requests.post(url, data=DATA, headers=HEADERS)
    print("Response for token: %s " % response)
    info = json.loads(response.text)
    token = info["access_token"]


    # seeing a list of all lists

    endpoint = "https://api.amazonalexa.com"
    url = endpoint + "/v2/householdlists/"

    HEADERS = {
        "Authorization": "Bearer " + token,
        "Content-Type": "application/json",
        "Accept": "application/json"
    }
    new_response = requests.get(url, headers=HEADERS)

    print("Response for list info: %s " % new_response)
    print(new_response.text)

if __name__ == "__main__":
    main()

The print statements show the following

Response for token: <Response [200]> 
Response for list info: <Response [403]> 
{"Message":"Not all permissions are authorized."}

I am not sure if this is possible, or if there is a step that I have overlooked. Any help is much appreciated!

Answer 1

You're missing a step between your step 4 and step 5. The token you got in step 4 is for calling Skill Messaging API , which is not tied to any user. You cannot use it to call the List Management REST API which is user specific.

First, you need to grab the userId of your account from your Skill Lambda (by invoking a LaunchRequest or IntentRequest ). userId is persistent unless you disable/re-enable the skill.

Then, call Skill Messaging API with the token from step 4 and the userId to send a (dummy) message to your Skill, which allow you to pull the consentToken . Finally, call the list management API with the consentToken .

For reference, see step 2 in the Out-of-session interaction flow .