Hi,
I’m building a custom intercom app. I have two APIs created for both Initialize flow webhook URL and Submit flow webhook URL and they work as I expected.
The question is, It looks like these two API can’t be protected using API key or other authentication mechanism. Is there a way to confirm the requests come to these APIs are actually from Intercom, not from some malicious actors. Any help on this appreciated.
Best answer by Jacob Cox
View original
+5
Hi
I’ll need to reach out to our Product Team to see what’s possible here. I’ll reply back here when I get a response from them!
+5
Hi again
Thanks for your patience!
It looks like you can put your endpoint behind a firewall and whitelist the IPs that we list in our docs below.
If you block all the IPs that the requests come from except the ones listed above, then you won’t receive any other requests apart from ours!
perfect. Thanks for the support
+5
You bet,
Already have an account? Login
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
