Comment on page
External Identities API
Add and remove identities from Limio.
In this document, the end-user refers to a subscriber interacting with their subscription online. The Limio app user refers to you!
The External Identities API empower multiple end-users to seamlessly access self-service for the same subscription(s). This is especially beneficial in B2B scenarios, where an end-user might have originally purchased a subscription, however multiple end-user (owner, finance director, operations...) require the ability to change the subscription and process new purchases such as add-ons.
With these endpoints, Limio app user have a mechanism to allow multiple end-users to access the same subscription. Here’s what you need to know:
Currently, Limio operates on a flat-level access control system. This means each end-user granted access to the subscription will possess equivalent permissions to other end-users (including the original end-user who made the purchase).
Once a new end-user is added via the External Identity API, the end-user will be able to perform similar actions:
- See all subscriptions
- Modify payment methods
- Cancel or switch between offers
- Edit add-ons
- View invoices
To facilitate the access of new end-users, Limio app users can use the following External Identity endpoint:
The External Identity endpoint is designed to accept POST and DELETE HTTP methods for adding or removing end-users respectively.
It expects a request body formatted as follows:
In this JSON body:
- iss represents the token's issuer
- sub is the identifier for the subject user
To identify the subscription(s) that this External Idenity has access to, Limio requires:
- a Limio provided UID cookie provided at authentication to Limio.
- a host header relating to the host Limio site.
Both of these are provided after authorization with Limio.
Authentication and Authorization:
Limio secures endpoint access through authentication and authorization mechanisms, which include a Limio-specific UID cookie and a Host header verification process, both provided on login.
To maintain integrity and avoid duplication, the system is designed with specific constraints:
- Existing Limio end-users cannot be reassigned to an additional subscription.
- Deletion requests must originate from the same overarching subscription; otherwise, the request will be denied.
If there are any issues please reach out to Limio Support.