API ReferenceBuilding AppsInstalling IntercomAPI & Webhook ReferenceCanvas Kit Reference
DocsApp StoreCommunityBlogYour Apps

Signed Notifications

Example Signed Request

POST https://example.org/hooks
User-Agent: intercom-parrot-service-client/1.0
X-Hub-Signature: sha1=21ff2e149e0fdcac6f947740f6177f6434bda921
Accept: application/json
Content-Type: application/json
  "type" : "notification_event",
  "id" : "notif_78c122d0-23ba-11e4-9464-79b01267cc2e",
  "topic" : "user.created",
  "app_id" : "a86dr8yl",
  "data" : {
    "type" : "notification_event_data",
    "item" : {
      "type" : "user",
      "id" : "530370b477ad7120001d",
      "user_id" : "25",
      "name" : "Hoban Washburne",
      "unsubscribed_from_emails" : false,
      "custom_attributes" : {}

You can request notifications from Intercom are signed by adding a hub_secret field to the subscription. The value of the hub_secret is used as the key to create a hash signature of the JSON notification The digest is then sent using an X-Hub-Signature header in the request and can be verified by the receiving webhook.

The signature is the hexadecimal (40-byte) representation of a SHA-1 signature computed using the HMAC algorithm as defined in RFC2104.

The X-Hub-Signature header value starts with the string sha1= followed by the signature - for example, X-Hub-Signature: sha1=21ff2e149e0fdcac6f947740f6177f6434bda921.