Intercom Security Basics Overview Security best practices for Intercom access tokens, webhook signature verification, Identity Verification (HMAC), and least-privilege OAuth scopes. Prerequisites - Intercom access token or OAuth credentials - Understanding of HMAC cryptographic signatures - Access to Intercom Developer Hub Instructions Step 1: Secure Token Storage Verify no tokens are committed: Step 2: Webhook Signature Verification (X-Hub-Signature) Intercom signs webhook notifications with HMAC-SHA1 using . You must verify this on every incoming webhook. Step 3: Identity Verification (User…