Skip to content

Intercom Access Token

Service Name: Intercom

Service Description: Intercom is a customer messaging platform that allows businesses to communicate with prospective and existing customers within their app, on their website, through social media, or via email.

Service Address: https://www.intercom.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Intercom's security settings.

Secret Access Scope: Grants programmatic access to Intercom's API, allowing management of conversations, contacts, and other customer communication features.

Secret Revokement URL: https://app.intercom.com/a/apps/_/developer-hub/app-packages

Secret Example: dG9rOjFhMmIzYzRkXzVlNmY3Zzho

Suspicious Activity Investigation Instructions:

  • Review Intercom activity logs for unusual conversation access or customer data retrieval.
  • Check for unexpected changes to automation rules or bot configurations.
  • Monitor for unusual API call patterns or volume.
  • Verify if there are new team members or integrations added to your Intercom account.
  • Look for changes in conversation assignment rules or team settings.

Mitigation Instructions:

  • Log in to your Intercom account and navigate to the Developer Hub.
  • Locate the compromised API token in your app settings.
  • Click "Revoke" or "Delete" to immediately invalidate the token.
  • Generate a new token with appropriate permissions if needed.
  • Review and update security settings, including IP restrictions if available.
  • Audit all integrations and connected applications to ensure they're legitimate.
  • Enable two-factor authentication for all team members with access to Intercom.