Almost there - Alexa skill unable to link account

I think I’m at the goal line, but my Alexa skill is unable to link to my account.
I followed the documentation guide. When I try to link my new skill (from the Alexa app) - I enter my HA credentials on the login page, and then get an error from Alexa “Unable to link Home Assistant with Alexa.”
I’m able successfully log into from a browser without any issues using the same credentials. It seems like I’m missing something obvious.

Other details:

  • I’m new, converting off of SmartThings to Home Assistant.
  • Installed HA without any issues - pi4b, HassOS 4.14, duckdns, zwave, zigbee
  • only have two devices - Ecobee 4 thermostat and a lamp (zigbee bulb) configured so far.
    • The 2 devices show up in the Lambda Discovery test execution results (with DEBUG = true)
    • Without the debug variable I get
      “event”: {
      “payload”: {
      “message”: “401: Unauthorized”
    • For now I’m using a LONG_LIVED_ACCESS_TOKEN

I need to get this resolved before I decommission my SmartThings hub or Management will send me to the garage. I appreciate any suggestions!!

1 Like

I am using the LONG_LIVED_ACCESS_TOKEN variable and populated it with the generated value. Unfortunately it doesn’t seem to make a difference. When I get to the Alexa mobile app and attempt to link my account, it takes me to my Home Assistant login page. Entering username/pw is where it fails on me (alexa mobile app: “Unable to link Home Assistant with Alexa”). Though I can login through a browser using the same url ( and login credentials.

In the HA logbook there is an entry:
Login attempt or request with invalid authentication from Wireless_Broadband_Router (50.54…

This is so strange, I can’t figure out why it still isn’t working. I’ve even cleared the entire setup and started over and still get the same problem linking the Alexa skill.

I’m going back to SmartThings if I can’t get Alexa enabled without a monthly fee. But I’m out of ideas and have wasted way too many days on this one seemingly small issue :confused: Everything else was fairly easy to get set up.

1 Like

I have nothing to contribute except that I’m facing the same issue.

I’ve attempted to configure using haaska function and the default function in the main how to guide (

I had this working in the passed but had to re link after restructuring my home network. The last step I was going to try was to revert back to duckdns with let’s encrypt as I’m currently using my own registered domain with my own SSL cert that I purchased through namecheap (signed by DigiCert CA) but after seeing your post I’m not sure it’s worth the hassle.

I’ve seen post saying that you must forward port 443 from the outside to your HA instance. Maybe try that ? It didn’t solve my issue but who knows maybe will work for you.

I wanted to post the solution I found after messing with this for a few hours. The part where others are saying you need to run home assistant on port 443 is only sorta correct. Specifically Alexa needs to be able to reach out and receive a token on 443.

So the working config for me was:

  1. Setup a forward rule on my router for 443 → 8123 (keeping the 8123 → 8123 rule that existed already)
  2. Set the Access Token URI to
  3. Leave Your Web Authorization URI as

edit: Here is the doc link that shows token uri must be on port 443. Requirements for Account Linking for Alexa Skills | Alexa Skills Kit

It’s also at the top of the instructions, but I glossed over that thinking it was just generic for accessible via a public IP.


thank you so much for this, i’ve been pulling my hair out with this for a while and gone through the whole process to creating in AWS a few times now.

So to be clear. once the account is linked, I can get rid of port 443 access to my HA? (i would rather be on an obscure port, not an obvious one, and i sometimes need 443 so that letsencrypt can renew)

Thank you @magic7s , your answer totally helped explain what’s been happening!

What worked for me was

Your Web Authorization URI* →
Access Token URI* →

Tried using magic7’s suggestions but they didn’t work, even though I am using the same domain name + HA hostname. Also had to remove the 8123 port from the Web Authorization URI

1 Like

Yup, that’s the ticket.

Thing is, port 443 is already in use on my router. It hosts my private eBook library so I can access it wherever I am. Now to figure out how to get the router to do some magic. At least it’s a capable router.

Thanks, that worked for me.

Thank you so so much!

I also tried this fix and it initially didn’t work for me, resulting in an OAuth error page. If you run into this OAuth issue and you’re using trusted_networks in your auth_provider, the fix re-add homeassistant as a type in the configuration.yaml file:

    - type: trusted_networks
      - fd00::/8
  - type: homeassistant

Hope that helps.



Removing the “:8123” from the “Access Token URI” worked for me with the linking problem.
I’ve linked my Smart-Home setup now with my HASS configuration as it seems (I guess).

But now I’m getting the following error in the Alexa app :frowning:

Annyone an idea about that one?

I have the same issue.
I linked on euwest ireland server (with ireland lambda function ARN)
and also on north virginia server with ARN configured for US.

Both ways i got to the succesfull connecting bit but I have the same error message saying it can’t connect to my device…
pls halp


Well it’s a while ago already now, so I can’t remember exactly. I’ve managed to get it working eventually by doing some port forwarding in my router. Can’t remember the exact ports, but it was something like forwarding external 844 (not sure if it was this port) to internal 8123.

After that I was able to connect.

But it caused other conflicts in my network. Like network printers which weren’t responding because they were using the same forwarded port etc.
So that was no option for me…

I believe I was also not able to get it working without the long acces token. And for me it was just to get rid of that to go over from Haaska to the Alexa skill.

So I’ve decided to get back to Haaska. This works for me without needing to do some extra port forwarding. The instructions however are verry outdated… But got it working with a bit of puzzeling.

So if you don’t mind about the port forwarding and don’t having any network conflicts, it’s an option to stay with.
Otherwise Haaska is the better way to go I think.

I’ve checked it, but I had to forward external port 443 to internal port 8123 to the IP of the HASS server. And removing “:8123” from the “acces token URL” in the Developer Console

Turning off bot fight mode on cloudflare fixed it for me. The WAF rules to skip also only work for $uper bot fight mode and not regular bot fight mode.


Thank you! This worked for me. I turned off BOT fight mode on Cloudflare and got the skill linked successfully.


Another vote for just turning off bot fight mode in Cloudflare and everything is fixed.