Hi,
I’m building a custom intercom app. I have two APIs created for both Initialize flow webhook URL
and Submit flow webhook URL
and they work as I expected.
The question is, It looks like these two API can’t be protected using API key or other authentication mechanism. Is there a way to confirm the requests come to these APIs are actually from Intercom, not from some malicious actors. Any help on this appreciated.