Looking at the documentation, you can verify requests made to our API by inspecting the headers and according to the documentation it looks like this:
sha1= part seems to be missing when actually inspecting the headers:
Looking at the digest length, Intercom returns a SHA256 hash instead of a SHA1.
I changed my validation of the payload from SHA1 to SHA256 and both hashes seem to match.
So I assume you guys moved to SHA256 for the HMAC instead of SHA1?
Maybe due to SHAttered? ¯\_(ツ)_/¯