This repository contains a Python script for managing devices connected to the Amazon Alexa API. The script provides functionality to retrieve and delete entities and endpoints related to an Amazon Alexa skill.
I do not know anything about how the Alexa API works. I just reverse engineered the API calls the Alexa app makes and wrote a script to automate them. I do not know if this script will work for you. I left as many comments as possible here and in the script itself, so you can try and debug and use it yourself. If you have any questions, feel free to open an issue or write a comment in the r/AmazonEcho or r/HomeAssistant subreddit posts or alternatively create an issue in the Git repo. I will try and answer all of them as soon as possible.
The script is written in Python 3.11 and requires the following packages:
- requests
see requirements.txt for more details
Runpip install -r requirements.txtto install required packages
To get the needed HTTP headers and cookie information, you will need to download some kind of HTTP traffic sniffer.
I used HTTP Catcher, which is only available for iOS.
Tools like HTTP Toolkit should work for Android-based devices, but this app requires a rooted device.
(For this, there is a workaround, somewhat at least. If you install Windows Subsystem for Android on your device with Google apps and Magisk following this guide, you can simulate a rooted Android device and don't have to backup (or delete) any data. Make sure you install a version with the Nightly-with-Magisk-canary-MindTheGapps-RemovedAmazon tag for the same setup as I used in my testing. This is probably the version you want to install anyways).
Note: For using an HTTP Sniffer on Android, you will need to install the certificate of the sniffer app on your device. Proxy-based sniffers will not work, as the Alexa app (and most other ones like Google and PayPal) uses certificate pinning.
You also need to have a valid Amazon account and access to the account you want to delete entities from.
- Download and install an HTTP Sniffer on your device.
- Open the Alexa app and log in with the account you want to delete entities from.
- Navigate to the
Devicestab. - Open the HTTP Sniffer and start a new capture.
- In the Alexa app, refresh the device list by pulling down.
- Let the page load completely.
- Stop the capture in the HTTP Sniffer.
- Search for the
GET /api/behaviors/entitiesrequest in the HTTP Sniffer. - Copy the value of the
Cookieheader and paste it into theCOOKIEvariable in the script (Most likely, you will find the cookie value to be very long). - Copy the value of the
x-amzn-RequestIdheader and paste it into theX_AMZN_REQUESTIDvariable in the script. - Copy the value of the
x-amzn-alexa-appheader and paste it into theX_AMZN_ALEXA_APPvariable in the script. - You can now try and run the script. If it works, you should see a list of all devices connected to the account you are logged in with. If you get an error, see the Troubleshooting section for more information.
- Try and change the
HOSTaddress in the script to your local Amazon address. You can find it in the HTTP Sniffer in both the requests you copied the headers from. - Try and change the
USER_AGENTvariable in the script to the one you find in the HTTP Sniffer in both the requests you copied the headers from. - If you used step 11.1, try and change the
CSRFvariable in the script to the one you find in the HTTP Sniffer in theDELETErequest. - If you used the script some time ago, try and update the
COOKIEvariable in the script to the one you find in the HTTP Sniffer in theGETand/orDELETErequest.
An Amazon employee told me "have fun with that" when I asked him how to delete devices connected to an Alexa skill. So I did.
Thanks to the original author @Pytonballoon810.
Thanks to @HennieLP for helping me with the script and the README (also thanks to him I didn't have to root my phone to get an HTTP Sniffer running <3).