Answered

React Native Initialization / Retrieving API Keys

  • 15 February 2024
  • 1 reply
  • 33 views

Hello, is the only current way of initializing Intercom still through the native codes of both Android and IOS?

If so, how would you suggest retrieving the API Keys for them? We currently use AWS Secrets Manager but I’m not exactly sure how to retrieve it inside the native codes of Android and IOS or if that would even work.

Having another way of initializing Intercom would be great, if not, how would you suggest doing that? Is there a recommended way from the Intercom team?

Exposing the API Keys and APP ID doesn’t seem like a good idea

icon

Best answer by Ebenezer.Laleye 21 February 2024, 17:26

View original

1 reply

Userlevel 1
Badge +2

Hi @marcos! Ebenezer here from Engineering Support👋.

From what I have seen other user do, they would use their server as a proxy for this key and never expose it to the app.

However, The SDK API key or app ID in itself cannot be used to impersonate other end users if you have turned on identity verification for your workspace. Without identity verification, a malicious actor can potentially ship another app with an Intercom SDK that is able to send messages to the your workspace. They could also sign in with an end user's email and see their recent chats.

This is why we strongly suggest customers to use identity verification.

More info here : https://developers.intercom.com/installing-intercom/docs/android-identity-verification

 

Reply