Comment on page

Full API via OAuth - Bearer Token

The OAuth API provides full access to the Limio app API. This API can be used for posting orders, reading Limio objects and other operational tasks.

How to get an OAuth Bearer Token?
OAuth bearer tokens can be generated using the OAuth API endpoints. 
For SSO (Single Sign-On) the OAuth endpoints can be connected to SAML or OpenID Connect identity providers, please contact us at [email protected] for details on how to enable this. 
The OAuth-supported flows are:
Grant Type
Usage
Authorisation Code grant
Used to obtain a token when a user will log into their account using a browser.
Client Credentials
Used when an application service required access to the API
Authorize endpoint
The authorize API allows you to perform a web login to retrieve an authorisation code which can be exchanged for a token.  
GET <your domain>/oauth2/authorize
Value
​
response_type
'code'
client_id
The client id assigned to your tenant
redirect_uri
The URL the client should be redirected to once the login has occurred
state
A CSRF token, a random string that will be returned with the redirect
scope
'openid'
Returns: The API will return the following redirect response.  
HTTP/1.1 302 Found 
Location: redirect_uri?code=AUTHORIZATION_CODE&state=STATE
The state should be checked against the value that was passed in, then the AUTHORIZATION_CODE extracted and passed to the token API.
Token endpoint
The token endpoint can be used to turn an authorization token into an access token. This method can also be used to establish a client credentials grant.  
POST /oauth2/token
Header
Value
Authorization
Base64Encode(client_id:client_secret).
Content-Type
'application/x-www-form-urlencoded'
Form Parameters
For authorization code grant
for Client Credentials grant
grant_type
authorization_code
client_credentials
client_id
The client id 
​
scope
n/a
 'openid'
redirect_uri
 same redirect url that was used the obtain the authorization token.
n/a                                          
code
the authorization code from the authorize end point
n/a
Returns
HTTP/1.1 200 OK 
Content-Type: application/json

{ 
"access_token":"<Access Token>", 
"id_token":"<ID Token>", 
"token_type":"Bearer", 
"expires_in":3600 
}

Public Keys (Read-Only API)

Next - API Docs

Catalog REST API

Last modified 6d ago

Grant Type	Usage
Authorisation Code grant	Used to obtain a token when a user will log into their account using a browser.
Client Credentials	Used when an application service required access to the API

Value
response_type	'code'
client_id	The client id assigned to your tenant
redirect_uri	The URL the client should be redirected to once the login has occurred
state	A CSRF token, a random string that will be returned with the redirect
scope	'openid'

Header	Value
Authorization	`Base64Encode(client_id:client_secret)`.
Content-Type	'application/x-www-form-urlencoded'

Form Parameters	For authorization code grant	for Client Credentials grant
grant_type	`authorization_code`	`client_credentials`
client_id	The client id
scope	n/a	'openid'
redirect_uri	same redirect url that was used the obtain the authorization token.	n/a
code	the authorization code from the authorize end point	n/a