Hola👋

We have intercom integration which is used by our customers and use intercom for ourselves too. Currently we a developing a 'delete account' feature to become GDPR-compliant. So when user in our system requests delete of his theirs data we need to delete it from intercom as well.

I assumed that using Access Token for requests gives you all the permissions but seems like I was wrong. When I try to delete a company I get "token_unauthorized".

There is a list of permissions in Authentications but AFAIK if I enable delete permissions there they will be requested form our customers who installed our integration too.

Is there a way to generate different Permission scopes for API key (internal use) and oAuth (external use)?

Thanks in advance for any tips