External Identities API
Add and remove identities to a Limio Customer.
The External Identities API empower multiple end-users to seamlessly access Limio Self-Service for the same subscription(s).
This is especially beneficial in B2B scenarios, where an end-user might have originally purchased a subscription, however multiple end-user (owner, finance director, operations...) require the ability to change the subscription, access invoices, and process new purchases such as add-ons.
With this endpoint, developers and integrators have a mechanism to add multiple end-users to access the same subscription(s) while maintaining the safety of the data.
Access Control:
Currently, Limio operates on a flat-level access control system. This means each end-user granted access to the subscription will possess equivalent permissions to other end-users (including the original end-user who made the purchase).
Once a new end-user is added via the External Identity API, the end-user will be able to perform similar actions:
See all subscriptions
Modify payment methods
Cancel or switch between offers
Edit add-ons
View invoices
Pre-requisite:
To use this API, you will need:
A Limio Subscription with an existing end-user (User 1) related to your Identity Platform
This Limio Subscription may be created via a Limio Order. It could also be migrated into Limio.
The lmo_uid cookie generated by Limio for the existing end-user (User 1)
lmo_uid will be generated as part of accessing an authenticated page in Limio, typically during the initial purchase via a Limio authenticated checkout.
lmo_uid can also be re-generated by silently redirecting User 1 to any Limio authenticated page.
A shared top domain between your application (e.g. saas.domain.com) and the Limio custom domain used for Limio Self-Service (e.g. billing.domain.com)
Use case:
When User 1 is in your application (saas.domain.com) and navigate to the User Management section, they may create or set that User 2 should have access to Limio Self-Service.
When User 2 is set to have this access, you should call the Limio External Identity API to add their identity to User 1's Limio Subscription(s).
To do that, you would call the following endpoint using a bearer token:
https://{shard}.{domain}.limio.com/api/objects/externalidentity
With the following request headers:
The lmo_uid cookie of User 1: These will look e.g "Cookie: lmo_uid=eyJhbGciOiJSUzI1Ni....". The cookie is set after User 1 has accessed any authenticated page in Limio Shop or Limio Self-Service. The cookie is what enables Limio to identifies User 1's related Limio Subscription(s).
The host header: This is the host Limio site, set as xLimioHost. This would be for example: "xLimioHost: yourLimioApp.prod.limio.com."
Posting the following request body:
Where:
iss represents the token's issuer from your Identity Provider (e.g. AWS Cognito, Salesforce, Auth0, Okta...)
sub is the identifier for the subject user.
Here is an example in HTTP format of the API request:
Note:
This endpoint is currently only available if externally implemented from your application. Limio does not provide a mechanism within Limio Self-Service to add a user.
The External Identity endpoint is designed to accept POST and DELETE HTTP methods for adding or removing end-users respectively.
Further documentation available: https://api.limio.com/#tag/Identities Operational Criteria:
To maintain integrity and avoid duplication, the system is designed with specific constraints:
Existing Limio end-users cannot be reassigned to an additional subscription.
Deletion requests must originate from the same overarching subscription; otherwise, the request will be denied.
If there are any issues please reach out to Limio Support.
Last updated
Was this helpful?