Skip to main content
Answered

How to set up auth for Messenger app lifecycle flow

  • November 13, 2023
  • 1 reply
  • 23 views

I am building an Messenger app for internal use only. How do I make sure app lifecycle flows (Initialize, Configure, Submit, and Sheet) can only be accessed by Intercom since those apis are public? 

Best answer by Eden

Hey @Mizuha 👋 Eden from the support engineer team here.

 

Each Canvas Kit request is signed by Intercom via an X-Body-Signature header. We do this so that you can check that each request is actually sent by Intercom by decoding the signature.

 

The value is computed by creating a signature using the body of the JSON request and your app's OAuth client_secret value, which you can find on the Basic Info page of your app. You can read more about this in our documentation here. 👍

View original
Did this topic help you find an answer to your question?

1 reply

Eden
Employee
Forum|alt.badge.img
  • Premier Customer Support Engineer
  • 121 replies
  • Answer
  • November 17, 2023

Hey @Mizuha 👋 Eden from the support engineer team here.

 

Each Canvas Kit request is signed by Intercom via an X-Body-Signature header. We do this so that you can check that each request is actually sent by Intercom by decoding the signature.

 

The value is computed by creating a signature using the body of the JSON request and your app's OAuth client_secret value, which you can find on the Basic Info page of your app. You can read more about this in our documentation here. 👍


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings