Comment on page
Full API via OAuth - Bearer Token
The OAuth API provides full access to the Limio app API. This API can be used for posting orders, reading Limio objects and other operational tasks.
OAuth bearer tokens can be generated using the OAuth API endpoints.
For SSO (Single Sign-On) the OAuth endpoints can be connected to SAML or OpenID Connect identity providers, please contact us at [email protected] for details on how to enable this.
The OAuth-supported flows are:
Grant Type | Usage |
Authorisation Code grant | Used to obtain a token when a user will log into their account using a browser. |
Client Credentials | Used when an application service required access to the API |
The authorize API allows you to perform a web login to retrieve an authorisation code which can be exchanged for a token.
GET <your domain>/oauth2/authorize
Value | |
response_type | 'code' |
client_id | The client id assigned to your tenant |
redirect_uri | The URL the client should be redirected to once the login has occurred |
state | A CSRF token, a random string that will be returned with the redirect |
scope | 'openid' |
Returns: The API will return the following redirect response.
HTTP/1.1 302 Found
Location: redirect_uri?code=AUTHORIZATION_CODE&state=STATE
The state should be checked against the value that was passed in, then the
AUTHORIZATION_CODE
extracted and passed to the token API.The token endpoint can be used to turn an authorization token into an access token. This method can also be used to establish a client credentials grant.
POST /oauth2/token
Header | Value |
Authorization | Base64Encode(client_id:client_secret) . |
Content-Type | 'application/x-www-form-urlencoded' |
Form Parameters | For authorization code grant | for Client Credentials grant |
grant_type | authorization_code | client_credentials |
client_id | The client id | |
scope | n/a | 'openid' |
redirect_uri | same redirect url that was used the obtain the authorization token. | n/a |
code | the authorization code from the authorize end point | n/a |
Returns
HTTP/1.1 200 OK
Content-Type: application/json
{
"access_token":"<Access Token>",
"id_token":"<ID Token>",
"token_type":"Bearer",
"expires_in":3600
}
Last modified 6d ago