Access and availability
Does my plan include Data connectors for Fin?
Data connectors can be used by Fin on all pricing plans and you’ll be charged per resolution.
Can Fin use Data connectors on regionally hosted workspaces?
Data connectors are available on all US and EU hosted workspaces. Availability on AU hosted workspaces is coming soon.
What happened to Custom Actions?
Actions or "Custom Actions" have simply been renamed to "Data connectors". There are no changes to functionality or settings.
Functionality: Ability to trigger API calls in external systems. These can either be triggered directly by Fin to generate personalized answers using real-time data (e.g. "Get order status"). Or they can be added to Workflows and Fin Tasks and triggered after certain conditions are met (e.g. only use "cancel order" if order has not yet been dispatched.)
Navigation: Settings > Integrations> Data connectors (and also linked to from Fin Tasks)
Data privacy and security
How is sensitive data handled in conversations with Fin?
Intercom offers a PAN redaction feature which scans conversation content for numbers that look like credit card numbers and that pass a Luhn check. If a matching number is found, it will be masked up to the last 4 digits of the number, and customers will see a redacted version in web Messenger and both iOS and Android SDKs. The number will also appear redacted in the conversation in the Inbox.
For additional control, you can install the Strac app to detect and redact sensitive data from Intercom messages and attachments. This allows you to configure a list of sensitive data elements (SSN, DoB, Drivers License, Passport, Credit Card, Debit Card, API Keys, etc.) to redact.
How do I prevent bad actors from impersonating?
Before setting a Data connector live for your logged in users, you are required to authenticate users in the Messenger with JSON web tokens. Data is only exposed to users who have been authenticated.
Will testing a Data connector affect my data?
Yes, if you use the POST, PUT, or DELETE methods when testing a Data connector it will perform those actions on your data. So, testing a DELETE call on a user will actually delete them.
How do I ensure Fin doesn't share personal data with someone who isn't the user?
There are two potential ways that this could happen. See the table for the recommended settings to best mitigate this risk:
Use Case | Risk | Best practice to mitigate |
Fin retrieves personalized data for a customer based off a user ID stored in an Intercom CDA. | A bad actor could manipulate the CDA value in order to get Fin to retrieve data from another account. | We recommend that you prevent the ability for users to make updates to these attributes via the Messenger. This helps to ensure that bad actors cannot access data not belonging to them. To set this up, navigate to Settings > Data > People, select the relevant attribute and toggle on "Prevent updates via the Messenger". |
Fin retrieves personalized data for a customer based off a data value collected by Fin. | A bad actor could provide a value to Fin for an account that they should not have access to. | We recommend that you perform checks on the API server side to ensure that the user has access control for the data requested. |
Fin retrieves personalized data for a customer based off a data value collected by Fin. | Fin hallucinates a value for another customer, retrieving the wrong data. | The risk of this hallucination, while not zero, is low. However we do recommend that you perform checks on the API server side to ensure that the user has access control for the data requested. |
How do I ensure that Fin doesn't accidentally share information from another user?
Fin will only be able to read data you’ve given access to in the Preview tab. Fin will use this data to generate responses based on a user’s question. If there’s sensitive internal data you do not want Fin to access, select Restricted data access and only give access to fields you want Fin to use to generate responses.
Additionally, you can transform the response data with customer facing names and values. For example, instead of application status “Pending four eyes check” you can transform the value to something language you would use with your customer such as “Pending review”.
Storage, authorization, and execution
How are tokens stored in Data Connectors?
Tokens are stored as part of the header configuration. For these values, we encrypt data at rest. Read more about security at Intercom here.
What authentication options do Data Connectors support?
Data connectors support both fixed and dynamic tokens for authentication. You can set up and manage your authentication tokens that you want to use in the request, which can then be added to the header.
How are requests executed in Data Connectors?
All request configurations (Body, URL and Headers) are encrypted at rest.
Our backend sends all requests. Which means we do not make any API calls from the browser. For example, when a user triggers an action, this action is triggered by the Intercom system and not the UI.
Important: Third-party data is not validated by Intercom, and your Data connector may overwrite data you've stored in Intercom. You should ensure that you trust the data returned from a Data connector.
Can I branch based on error codes returned from the API i.e 4xx, 5xx?
Reusing API error codes in subsequent bot flow is not currently supported. The workflow has split paths by successful/unsuccessful Data connector triggers. However, depending on the API, you could store API responses for subsequent workflows for branching. So if the API response JSON has an attribute that has response details like “status”, you could store that response status as a Conversation CDA and use it for branching.
What IP addresses does Intercom send Data connector requests from?
You may need to allowlist the following Intercom IP addresses (which we send Data connector, Canvas Kit and webhook requests from) in order to accept Intercom requests on your side. These are as follows:
USA:
34.231.68.152
34.197.76.213
35.171.78.91
35.169.138.21
52.70.27.159
52.44.63.161
Europe:
54.217.125.63
54.246.173.113
54.216.9.3
Australia:
52.63.36.185
3.104.68.152
52.64.2.165
Fin’s behavior
Here’s how Fin works with Tasks, Guidance, Data connectors, and Workflows:
Feature | What it Does | When to Use | Notes |
Tasks | Teach Fin to handle specific, multi-step processes like refunds or account updates using natural language and rule-based steps. | When you want Fin to manage complex, multi-step processes triggered by natural language. | Best for high-effort, logic-driven requests. Full control with conversational flow. |
Guidance | Train Fin to deliver accurate answers and escalate issues based on your communication style and policies. | When you want Fin to match your tone, apply escalation rules, and ensure policy-aligned support. | Does not perform actions, but governs how Fin speaks, clarifies and escalates. |
Data connectors | Enable Fin to access data in external systems (e.g., API calls), triggered by Fin, Fin Tasks, or Workflows | When you need Fin to fetch or update external data as part of a Fin task, Workflow, or Inbox workflow. | Used by Fin directly to generate personalized answers. Also used within Tasks or Workflows. |
Workflows | Automate operational workflows like ticket triage, lead qualification, and proactive support with hard-coded paths. | When automating standard support ops that don’t require flexibility but follow structured, known paths. | Can become hard to scale and maintain as edge cases increase. |
Fin Tasks vs. Workflows
A Workflow efficiently routes common troubleshooting issues using predefined steps and only triggers when customers choose from a list of specific options, while a Fin Task dynamically interprets customer requests in natural language and decides the best course of action.
Fin Tasks vs. Data connectors
Actions retrieve an order status to generate a personalized answer, while a Fin Task processes an order cancellation, checks refund eligibility, and completes the refund if applicable.
Fin Tasks vs. Fin Guidance
Fin Guidance ensures Fin is extra polite when responding to a refund request, while a Fin Task automates the refund process based on eligibility rules.
Need more help? Get support from our Community Forum
Find answers and get help from Intercom Support and Community Experts