Skip to content

Intercom OAuth Token

Service Name: Intercom

Service Description: Intercom is a customer messaging platform that allows businesses to communicate with prospective and existing customers within their app, on their website, through social media, or via email.

Service Address: https://www.intercom.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Intercom's security settings.

Secret Access Scope: Grants programmatic access to Intercom's API, allowing applications to access and manage conversations, contacts, and other Intercom resources.

Secret Revokement URL: https://app.intercom.com/a/apps/_/developer-hub/oauth

Secret Example: dG9rZW4tMTIzNDU2Nzg5MGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6

Suspicious Activity Investigation Instructions:

  • Review the Intercom activity logs for unusual access patterns or actions.
  • Check for unexpected API calls or data exports in your Intercom account.
  • Monitor for unauthorized changes to conversations, contacts, or settings.
  • Review the OAuth applications connected to your Intercom account.
  • Check for any unusual geographic access locations or times.

Mitigation Instructions:

  • Log in to your Intercom account and navigate to the Developer Hub.
  • Go to the OAuth section and locate the compromised token.
  • Click on "Revoke" next to the OAuth token to immediately invalidate it.

  • Generate a new OAuth token if needed for legitimate applications.

  • Review and update permissions for any remaining OAuth integrations.
  • Enable additional security features like two-factor authentication for your

Intercom account.

  • Consider implementing IP restrictions for API access if available.
  • Update any application code that was using the compromised token.