The skill end-point is not validating the signatures for incoming requests and is accepting requests when no signature URL headers are specified

Hey when i try to submit my skill for validation i am getting this error. but couldn’t figure out how to resolve it. can someone point out what actions i could do next?

The skill end-point is not validating the signatures for incoming requests and is accepting requests with an empty signature URL. Please make sure that your signature validation is correct. To reject an invalid request with an invalid signature or certificate, the skill should respond with HTTP status code 400 (Bad Request) in the response.

there seems to be issues with jovo’s handling of verifying the signature urls. i want to add a custom middleware and verify the request. but the raw body is not available there. is there a way we could do the verifying the signature from our end?

Appreciate any leads on this issue

Hello there

To fix the signature confirmation issue, make sure your skills endpoint correctly verifies incoming request signatures. Change your web server to check the signature header and reject requests with blank and incorrect signatures, giving http status code 400. Jovo allows you to add software that captures the raw request message and implements signature verification procedures. If the request signature is invalid, the software behind it should terminate it.
Check Jovo guidelines for processing raw request bodies and modify the software accordingly. This ensures that your skill accurately verifies signatures before processing requests.

I hope this will helpful for you