Alexa skill accessing data from inside the company network

0
votes

Use case: When coming to work I want to ask Alexa things like "Alexa, which employees are ill today?" or "Alexa which project managers are already at work?"

So essentially the Alexa Skill has to access sensitive (employee-)data from inside the company's network. As far as I know Alexa Skills only works with HTTPS and Amazon Lambda(ARN) endpoints. So to enable the Alexa-Skill to access the data we would have to publish some sort of endpoint exposing the data to the web. But this would obviously violate several security/privacy policies. I'm not really into authentication/authorization of API requests so I would really appreciate some suggestions on how I to make sure only authorized users have access to the employee-data.

Thanks in advance.

1
apiauthenticationauthorizationaws-lambdaalexa

1 Answers

0
votes

You could have an API which Alexa talks to. Your API should handle the collection of sensitive data from your organization. Whatever authentication is required by your organization that can be done through Alexa as well (eg Account Linking) which can basically link the user's organization account. If that is done then we can authenticate the user and they only will be able to ask for sensitive data through Alexa. Your API would be the main point of control between Alexa and accessing sensitive data. Hope this makes sense.