Image/Attachment URL are not secured in our instance.

  • 16 June 2022
  • 1 reply

Hi, when customers add images or attachments to a conversation, the URL is publicly open. Anyone can open them at any time.

How come we don't have the 'expires' and the 'signature' parameters in the URL as I see with other Intercom accounts?


Best answer by Lisa B11 20 June 2022, 18:05

View original

1 reply

Hey @arnon​ 👋


When a file is sent via Intercom, these documents are uploaded and hosted on our server and a URL is generated to access the file.


These capability URLs are not publicly discoverable, and therefore they are not indexed by search engines. However, if you have the URL you can access still access the resource. If you don’t have the URL, you unfortunately cannot.


Intercom randomizes this URL link with a 96-bit hashed unique Universally Unique Identifier (UUID) to protect the identity of the file’s URL location, effectively making them unguessable.


Note: Intercom does not provide a service for secure file sharing. Intercom is intended for uploading non-sensitive or non-PII attachments and is fully compliant with GDPR regulations. If secure file sharing is a feature you require, you can use a third party service that has secure file-sharing, such as Dropbox or Google Drive.