Skip to main content
All CollectionsAI & AutomationFin AI AgentAdding data & actions
Pass dynamic attributes in the API endpoint URL for Fin actions [beta]
Pass dynamic attributes in the API endpoint URL for Fin actions [beta]

How to pass dynamic attributes in the API endpoint URL and ensure the correct information is shared with customers.

Alissa Tyrangiel avatar
Written by Alissa Tyrangiel
Updated over 2 months ago

Passing dynamic attributes

When setting up an action for Fin, you can pass dynamic attributes in the API endpoint URL like this:

This is also how you can ensure that Fin can use any collected data inputs configured in the action.


Risks and mitigations for parameter passing

There are a few potential ways that Fin could accidentally share information from another user when parameter passing. See the table for the recommended settings to best mitigate the risks:

Use Case

Risk

Best practice to mitigate

Fin retrieves personalized data for a customer based off a user ID stored in an Intercom CDA.

A bad actor could manipulate the CDA value in order to get Fin to retrieve data from another account

We recommend that you prevent the ability for users to make updates to these attributes via the Messenger. This helps to ensure that bad actors cannot access data not belonging to them. To set this up, navigate to Settings > Data > People, select the relevant attribute and toggle on "Prevent updates via the Messenger".

Fin retrieves personalized data for a customer based on a data value collected by Fin.

A bad actor could provide a value to Fin for an account that they should not have access to

We recommend that you perform checks on the API server side to ensure that the user has access control for the data requested.

Fin retrieves personalized data for a customer based on a data value collected by Fin.

Fin hallucinates a value for another end user, retrieving the wrong data.

The risk of this hallucination, while not zero, is low.

However we do recommend that you perform checks on the API server side to ensure that the user has access control for the data requested.


💡Tip

Need more help? Get support from our Community Forum
Find answers and get help from Intercom Support and Community Experts


Did this answer your question?