Hi Guys, We've built a third party App for Intercom Inbox. So, according to the documentation - https://developers.intercom.com/building-apps/docs/canvas-kit#section-signing-notifications , we verify the requests by generating the signature from the request body and comparing with the one Intercom sends us in the request headers. But, for some % of the requests, the signature doesn't match & it's creating a problem for the users of app. Details:Backend: NodeJSconst crypto = require("crypto"); const INTERCOM_APP_SECRET = "OUR_SECRET"; function verifyIntercomRequest(requestBodyRaw, signatureFromHeaders) { const generatedSignature = crypto .createHmac("sha256", INTERCOM_APP_SECRET) .update(requestBodyRaw) .digest("hex"); return signatureFromHeaders === generatedSignature; }We also checked the source IPs of the request & it falls into one of the following - https://developers.intercom.com/building-apps/docs/canvas-kit#section-whitelisting-i-psAlthough they are correct IPs, can't completely trust them as IPs can be spoofed How do we debug this & move forward ? Regards

Hey @user164! Not sure exactly what's happening here. This need to be investigated in detail. Can you please start a conversation from the Messenger in your workspace with all the details, so our support team can thoroughly look into the issue?

Intercom App Signed Request verification failing

Intercom App Signed Request verification failing | Community

Join the Intercom Community 🎉

Intercom Customers and Employees

Login to the community

Intercom Customers and Employees

Scanning file for viruses.

This file cannot be downloaded