How to set up auth for Messenger app lifecycle flow

Question

I am building an Messenger app for internal use only. How do I make sure app lifecycle flows (Initialize, Configure, Submit, and Sheet) can only be accessed by Intercom since those apis are public?

Eden · Accepted Answer

Hey @Mizuha👋 Eden from the support engineer team here.EachCanvasKitrequestissignedbyIntercomviaanX-Body-Signatureheader. We do this so that you can check that each request is actually sent by Intercom by decoding the signature.The value is computed by creating a signature using the body of the JSON request and your app's OAuthclient_secretvalue, which you can find on the Basic Info page of your app. You can read more about this in our documentationhere.👍

Join the Intercom Community 🎉

Intercom Customers and Employees

Login to the community

Intercom Customers and Employees

Scanning file for viruses.

This file cannot be downloaded