Skip to content

Intercom API Key

Service Name: Intercom

Service Description: Intercom is a customer messaging platform that allows businesses to communicate with prospective and existing customers within their app, on their website, through social media, or via email.

Service Address: https://www.intercom.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level for API access

Secret Access Scope: Grants programmatic access to Intercom's API, allowing management of conversations, users, companies, and other Intercom resources.

Secret Revokement URL: https://app.intercom.com/a/apps/_/developer-hub/api-keys

Secret Example: dG9rOjFhMmIzYzRkXzVlNmY3Zzho

Suspicious Activity Investigation Instructions:

  • Review Intercom activity logs for unusual conversation access or user management.
  • Check for unexpected changes to Intercom settings or configurations.
  • Monitor for unusual API calls, especially those creating or modifying users or sending messages.
  • Look for API calls from unfamiliar IP addresses or locations.
  • Verify if there are any unauthorized integrations added to your Intercom account.

Mitigation Instructions:

  • Log in to your Intercom account at https://app.intercom.com/.

  • Navigate to Settings > API Keys in the Intercom dashboard.

  • Identify the compromised API key.
  • Click "Revoke" next to the compromised key.
  • Generate a new API key if needed.
  • Update the API key in all legitimate applications and services.
  • Consider implementing IP restrictions for API access if not already in place.
  • Review and update access permissions for team members who have access to

API keys.