Comment on page

External Identities API

Add and remove identities from Limio.
In this document, the end-user refers to a subscriber interacting with their subscription online. The Limio app user refers to you!
The External Identities API empower multiple end-users to seamlessly access self-service for the same subscription(s). This is especially beneficial in B2B scenarios, where an end-user might have originally purchased a subscription, however multiple end-user (owner, finance director, operations...) require the ability to change the subscription and process new purchases such as add-ons.
With these endpoints, Limio app user have a mechanism to allow multiple end-users to access the same subscription. Here’s what you need to know:
Access Control:
Currently, Limio operates on a flat-level access control system. This means each end-user granted access to the subscription will possess equivalent permissions to other end-users (including the original end-user who made the purchase).
Once a new end-user is added via the External Identity API, the end-user will be able to perform similar actions:
  • See all subscriptions
  • Modify payment methods
  • Cancel or switch between offers
  • Edit add-ons
  • View invoices
Endpoint Details:
To facilitate the access of new end-users, Limio app users can use the following External Identity endpoint:
The External Identity endpoint is designed to accept POST and DELETE HTTP methods for adding or removing end-users respectively.
It expects a request body formatted as follows:
"id_token": {
"iss": "",
"sub": "123456789012345680000"
In this JSON body:
  • iss represents the token's issuer
  • sub is the identifier for the subject user
To identify the subscription(s) that this External Idenity has access to, Limio requires:
  • a Limio provided UID cookie provided at authentication to Limio.
  • a host header relating to the host Limio site.
Both of these are provided after authorization with Limio.
Authentication and Authorization:
Limio secures endpoint access through authentication and authorization mechanisms, which include a Limio-specific UID cookie and a Host header verification process, both provided on login.
Operational Criteria:
To maintain integrity and avoid duplication, the system is designed with specific constraints:
  • Existing Limio end-users cannot be reassigned to an additional subscription.
  • Deletion requests must originate from the same overarching subscription; otherwise, the request will be denied.
If there are any issues please reach out to Limio Support.