I created a canvas kit app for my teammates that looks up some customer details in our database and displays them in the inbox details panel, but I don't see any incoming data (like an access token) that I can use on our side to make sure the request is coming from intercom.
How do I authenticate a request (e.g. initialize request) coming from a canvas kit app on our back end.
Best answer by Racheal
Hey @user2399 Racheal from the support engineer team here 👋
You will want to check out our doc. here on signing notifications. You will need to compare the value sent by the request (via the X-Body-Signature header) to the value calculated on your end. If they match, it is a valid request from Intercom.
To calculate the signature, you must use the body of the JSON request and your app's OAuth client_secret value, which you can find on the Basic Info page of your app. As the docs note, it is a hexadecimal (64-byte) value that is computed using the HMAC-SHA256 algorithm as defined in RFC2104.
Reply
Join the Intercom Community 🎉
Already have an account? Login
Login to the community
No account yet? Create an account
Intercom Customers and Employees
Log in with SSOEnter your E-mail address. We'll send you an e-mail with instructions to reset your password.