Hello, is the only current way of initializing Intercom still through the native codes of both Android and IOS?
If so, how would you suggest retrieving the API Keys for them? We currently use AWS Secrets Manager but I’m not exactly sure how to retrieve it inside the native codes of Android and IOS or if that would even work.
Having another way of initializing Intercom would be great, if not, how would you suggest doing that? Is there a recommended way from the Intercom team?
Exposing the API Keys and APP ID doesn’t seem like a good idea
Page 1 / 1
Hi 
.
From what I have seen other user do, they would use their server as a proxy for this key and never expose it to the app.
However, The SDK API key or app ID in itself cannot be used to impersonate other end users if you have turned on identity verification for your workspace. Without identity verification, a malicious actor can potentially ship another app with an Intercom SDK that is able to send messages to the your workspace. They could also sign in with an end user's email and see their recent chats.
This is why we strongly suggest customers to use identity verification.
More info here : https://developers.intercom.com/installing-intercom/docs/android-identity-verification
Reply
Join the Intercom Community 🎉
Already have an account? Login
Login to the community
No account yet? Create an account
Intercom Customers and Employees
Log in with SSOor
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.