I am building an Messenger app for internal use only. How do I make sure app lifecycle flows (Initialize, Configure, Submit, and Sheet) can only be accessed by Intercom since those apis are public?
Answered
How to set up auth for Messenger app lifecycle flow
Best answer by Eden
Hey
Each Canvas Kit request is signed by Intercom via an X-Body-Signature
header. We do this so that you can check that each request is actually sent by Intercom by decoding the signature.
The value is computed by creating a signature using the body of the JSON request and your app's OAuth client_secret
value, which you can find on the Basic Info page of your app. You can read more about this in our documentation here. 👍
Reply
Join the Intercom Community 🎉
Already have an account? Login
Login to the community
No account yet? Create an account
Intercom Customers and Employees
Log in with SSOor
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.