Skip to main content
Answered

Protecting custom app webhook URLs


Hi,

I’m building a custom intercom app. I have two APIs created for both Initialize flow webhook URL and Submit flow webhook URL and they work as I expected.

The question is, It looks like these two API can’t be protected using API key or other authentication mechanism. Is there a way to confirm the requests come to these APIs are actually from Intercom, not from some malicious actors. Any help on this appreciated.

Best answer by Jacob Cox

Hi again @Sujeevan Nagarajah !

Thanks for your patience!

It looks like you can put your endpoint behind a firewall and whitelist the IPs that we list in our docs below.

If you block all the IPs that the requests come from except the ones listed above, then you won’t receive any other requests apart from ours! 

View original
Did this topic help you find an answer to your question?

4 replies

Jacob Cox
Intercom Team
Forum|alt.badge.img+5
  • Sr. Technical Support Engineer
  • 441 replies
  • May 28, 2023

Hi @Sujeevan Nagarajah 

I’ll need to reach out to our Product Team to see what’s possible here. I’ll reply back here when I get a response from them!


Jacob Cox
Intercom Team
Forum|alt.badge.img+5
  • Sr. Technical Support Engineer
  • 441 replies
  • Answer
  • June 3, 2023

Hi again @Sujeevan Nagarajah !

Thanks for your patience!

It looks like you can put your endpoint behind a firewall and whitelist the IPs that we list in our docs below.

If you block all the IPs that the requests come from except the ones listed above, then you won’t receive any other requests apart from ours! 


perfect. Thanks for the support @Jacob Cox 


Jacob Cox
Intercom Team
Forum|alt.badge.img+5
  • Sr. Technical Support Engineer
  • 441 replies
  • June 6, 2023

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings