In part 4 of this series on Alexa Account Linking we call the protected API of the linked account.

If the API requires a user context, it should be connected via account linking and OAuth. After the user has linked the account, and an access token has been created, all request handlers receive the granted access token in the field


We can use it as a parameter when making API calls inside a request handler. For example, we can call the Spotify API. The following function actually calls the Spotify API using the OAuth access token to get the user_id.

async function getId(accessToken){
var user_url = "";
return request({url:user_url, headers:
{"Authorization":"Bearer "+accessToken}})
var user_id = JSON.parse(res).id;
return user_id;

Check out the other posts in this series on Alexa Account Linking:

In my new book “Making Money with Alexa Skills – A Developer’s Guide” I describe not only how to develop, but also how to monetize Alexa Skills. Account linking is one of the possibilities for personalizing a Skill and make it unique – more practical approaches for personalizing Skills are described in the book.

In the OAuth 2.0 book you can find a simple and understandable explanation of all the standard OAuth Flows (such as those supported by Alexa). What makes this book unique is that the complicated OAuth interactions are visualized as easy-to-understand Sequence Diagrams.

Part 4 of Alexa Account Linking with OAuth: Call Protected API from Skill Service
Tagged on: