Using OAuth

Initiating the OAuth flow

Once you have a client_id and a client_secret, you are ready to allow your customers to initiate the OAuth flow by sending them to https://app.intercom.io/oauth with the following parameters:

Parameter nameDescriptionRequired?
client_idFrom your credentialsyes
stateA value you can specify which is echoed back to you. We recommend using this to protect against CSRF attacks.no (but recommended)
redirect_uriOne of your predefined callback URLs. If not specified a default is chosen.no

For more detail on how to obtain the OAuth code you can see our guide here

Handling the redirect

Once the customer has confirmed, we will redirect back to your predefined redirect_uri with a code and state parameter. You can exchange these parameters for a token by POSTing to https://api.intercom.io/auth/eagle/token with the following parameters. Note that the code will expire after about 5 minutes.

Parameter nameDescriptionRequired?
codeThis is automatically passed by the redirectyes
client_idFrom your credentialsyes
client_secretFrom your credentialsyes

If you still have question on how to generate a token after obtaining a code then please see this section of our guide for working with tokens

📘

OAuth Token Usage

Once you have an OAuth token you can use it in the same way as a personal access token described above. i.e. you can use it with the bearer authorization header. Or you can use the SDK specific functions created for OAuth and personal access tokens.