Initiating the OAuth flow
Once you have a client_id and a client_secret, you are ready to allow your customers to initiate the OAuth flow by sending them to https://app.intercom.io/oauth with the following parameters:
| Parameter name | Description | Required? |
|---|---|---|
| client_id | From your credentials | yes |
| state | A value you can specify which is echoed back to you. We recommend using this to protect against CSRF attacks. | no (but recommended) |
| redirect_uri | One of your predefined callback URLs. If not specified a default is chosen. | no |
For more detail on how to obtain the OAuth code you can see our guide here
Handling the redirect
Once the customer has confirmed, we will redirect back to your predefined redirect_uri with a code and state parameter. You can exchange these parameters for a token by POSTing to https://api.intercom.io/auth/eagle/token with the following parameters. Note that the code will expire after about 5 minutes.
| Parameter name | Description | Required? |
|---|---|---|
| code | This is automatically passed by the redirect | yes |
| client_id | From your credentials | yes |
| client_secret | From your credentials | yes |
If you still have question on how to generate a token after obtaining a code then please see this section of our guide for working with tokens
OAuth Token Usage
Once you have an OAuth token you can use it in the same way as a personal access token described above. i.e. you can use it with the bearer authorization header. Or you can use the SDK specific functions created for OAuth and personal access tokens.