# Identities

Manage Limio identities — link or unlink external identity providers, transfer object ownership between identities, and scrub personal customer data (GDPR right-to-be-forgotten).

## Transfer Limio owner

> This API allows a Limio administrator to transfer ownership of all objects from one owner to another. - The \*\*source owner\*\* is the current owner of the objects being transferred. - The \*\*destination owner\*\* will become the new owner of these objects. - Both the source and destination owners must use the \*\*"@limio/id"\*\* format. \*\*Important:\*\* This transfer only moves ownership of the objects. The \*\*source owner's ID itself is not transferred or changed\*\*.

```json
{"openapi":"3.1.0","info":{"title":"Limio Commerce API","version":"1.0.0"},"tags":[{"name":"Identities","description":"Manage Limio identities — link or unlink external identity providers, transfer object ownership between identities, and scrub personal customer data (GDPR right-to-be-forgotten)."}],"servers":[{"url":"https://{tenant}/api","description":"Limio environment API","variables":{"tenant":{"default":"your-environment.prod.limio.com","description":"Your Limio environment hostname, e.g. `acme.prod.limio.com` or `acme-sandbox.prod.limio.com`."}}}],"security":[{"bearerAuth":["OAuth"]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"OAuth 2.0 Bearer token for authenticated API access. Required for order submission, object management, and administrative operations.\n\nObtain a token via the OAuth flow described in [OAuth Bearer Token](https://docs.limio.com/developers/api-documentation/authentication-overview/oauth-bearer-token).\n\nPass the token in the `Authorization` header: `Bearer <token>`"}},"schemas":{"TransferOwnershipRequest":{"type":"object","properties":{"sourceId":{"type":"string"},"destinationId":{"type":"string"},"message":{"type":"string"}}},"TransferOwnershipResponse":{"type":"object","properties":{"result":{"type":"object","properties":{"sourceId":{"type":"string"},"destinationId":{"type":"string"},"updatedIds":{"type":"array","items":{"type":"string"}},"failedIds":{"type":"array","items":{"type":"string"}},"eventId":{"type":"string"}}},"success":{"type":"boolean"}}}},"responses":{"401Response":{"description":"Unauthorized — the request lacks valid authentication credentials. Verify your Bearer token or API key is correct and has not expired.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}}},"502Response":{"description":"Bad Gateway — an upstream service returned an unexpected response. This typically indicates an issue with the request payload (e.g. invalid field values, missing required fields) or a transient infrastructure error. Retry the request, and if the issue persists, verify the request body matches the expected schema.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string","description":"Human-readable error description."}}}}}}}},"paths":{"/objects/owner_change":{"post":{"summary":"Transfer Limio owner","description":"This API allows a Limio administrator to transfer ownership of all objects from one owner to another. - The **source owner** is the current owner of the objects being transferred. - The **destination owner** will become the new owner of these objects. - Both the source and destination owners must use the **\"@limio/id\"** format. **Important:** This transfer only moves ownership of the objects. The **source owner's ID itself is not transferred or changed**.","operationId":"transferOwnership","tags":["Identities"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TransferOwnershipRequest"}}}},"responses":{"200":{"description":"All objects successfully transferred to the destination owner.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TransferOwnershipResponse"}}}},"401":{"$ref":"#/components/responses/401Response"},"502":{"$ref":"#/components/responses/502Response"}}}}}}
```

## Add external identity (Admin)

> This API allows a Limio administrator to add an external identity to any Limio identity on behalf of an organization. It is intended for administrative purposes and requires full OAuth API key authentication.\
> \*\*Use Case:\*\* Admins can link external identities to any owner without needing the user to be logged in.\
> \*\*Authentication:\*\* This API uses OAuth bearer tokens.  See \[Limio OAuth Authentication]\(<https://docs.limio.com/developers/api-documentation/authentication-overview/oauth-bearer-token>) for details.

```json
{"openapi":"3.1.0","info":{"title":"Limio Commerce API","version":"1.0.0"},"tags":[{"name":"Identities","description":"Manage Limio identities — link or unlink external identity providers, transfer object ownership between identities, and scrub personal customer data (GDPR right-to-be-forgotten)."}],"servers":[{"url":"https://{tenant}/api","description":"Limio environment API","variables":{"tenant":{"default":"your-environment.prod.limio.com","description":"Your Limio environment hostname, e.g. `acme.prod.limio.com` or `acme-sandbox.prod.limio.com`."}}}],"security":[{"bearerAuth":["OAuth"]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"OAuth 2.0 Bearer token for authenticated API access. Required for order submission, object management, and administrative operations.\n\nObtain a token via the OAuth flow described in [OAuth Bearer Token](https://docs.limio.com/developers/api-documentation/authentication-overview/oauth-bearer-token).\n\nPass the token in the `Authorization` header: `Bearer <token>`"}},"schemas":{"ExternalIdentityRequest":{"type":"object","properties":{"id_token":{"description":"id_token","type":"object","properties":{"iss":{"type":"string"},"sub":{"type":"string"}}}}},"AddExternalIdentityResponse":{"type":"object","properties":{"name":{"type":"string"},"data":{"type":"object","properties":{"iss":{"type":"string"},"sub":{"type":"string"}}},"status":{"type":"string"},"record_type":{"type":"string"},"record_variant":{"type":"string"},"owner":{"type":"string"},"id":{"type":"string"},"service":{"type":"string"},"created":{"type":"string"},"updated":{"type":"string"},"mode":{"type":"string"}}}},"responses":{"401Response":{"description":"Unauthorized — the request lacks valid authentication credentials. Verify your Bearer token or API key is correct and has not expired.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}}},"502Response":{"description":"Bad Gateway — an upstream service returned an unexpected response. This typically indicates an issue with the request payload (e.g. invalid field values, missing required fields) or a transient infrastructure error. Retry the request, and if the issue persists, verify the request body matches the expected schema.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string","description":"Human-readable error description."}}}}}}}},"paths":{"/objects/externalidentity/{owner}":{"post":{"summary":"Add external identity (Admin)","description":"This API allows a Limio administrator to add an external identity to any Limio identity on behalf of an organization. It is intended for administrative purposes and requires full OAuth API key authentication.\n**Use Case:** Admins can link external identities to any owner without needing the user to be logged in.\n**Authentication:** This API uses OAuth bearer tokens.  See [Limio OAuth Authentication](https://docs.limio.com/developers/api-documentation/authentication-overview/oauth-bearer-token) for details.","operationId":"addExternalIdentityAdmin","tags":["Identities"],"parameters":[{"in":"path","name":"owner","description":"The ID of the Limio owner to which the external identity will be linked.","required":true,"schema":{"type":"string"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ExternalIdentityRequest"}}}},"responses":{"200":{"description":"External identity successfully linked to the specified owner.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AddExternalIdentityResponse"}}}},"401":{"$ref":"#/components/responses/401Response"},"502":{"$ref":"#/components/responses/502Response"}}}}}}
```

## Remove external identity (Admin)

> This API allows a Limio administrator to remove an external identity from any Limio identity on behalf of an organization. It is intended for administrative purposes and requires full OAuth API key authentication.\
> \*\*Use Case:\*\* Admins can unlink external identities from any owner without the user being logged in.\
> \*\*Authentication:\*\* This API uses OAuth bearer tokens.  See \[Limio OAuth Authentication]\(<https://docs.limio.com/developers/api-documentation/authentication-overview/oauth-bearer-token>) for details.

```json
{"openapi":"3.1.0","info":{"title":"Limio Commerce API","version":"1.0.0"},"tags":[{"name":"Identities","description":"Manage Limio identities — link or unlink external identity providers, transfer object ownership between identities, and scrub personal customer data (GDPR right-to-be-forgotten)."}],"servers":[{"url":"https://{tenant}/api","description":"Limio environment API","variables":{"tenant":{"default":"your-environment.prod.limio.com","description":"Your Limio environment hostname, e.g. `acme.prod.limio.com` or `acme-sandbox.prod.limio.com`."}}}],"security":[{"bearerAuth":["OAuth"]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"OAuth 2.0 Bearer token for authenticated API access. Required for order submission, object management, and administrative operations.\n\nObtain a token via the OAuth flow described in [OAuth Bearer Token](https://docs.limio.com/developers/api-documentation/authentication-overview/oauth-bearer-token).\n\nPass the token in the `Authorization` header: `Bearer <token>`"}},"schemas":{"ExternalIdentityRequest":{"type":"object","properties":{"id_token":{"description":"id_token","type":"object","properties":{"iss":{"type":"string"},"sub":{"type":"string"}}}}},"RemoveExternalIdentityResponse":{"type":"object","properties":{}}},"responses":{"401Response":{"description":"Unauthorized — the request lacks valid authentication credentials. Verify your Bearer token or API key is correct and has not expired.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}}},"502Response":{"description":"Bad Gateway — an upstream service returned an unexpected response. This typically indicates an issue with the request payload (e.g. invalid field values, missing required fields) or a transient infrastructure error. Retry the request, and if the issue persists, verify the request body matches the expected schema.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string","description":"Human-readable error description."}}}}}}}},"paths":{"/objects/externalidentity/{owner}":{"delete":{"summary":"Remove external identity (Admin)","description":"This API allows a Limio administrator to remove an external identity from any Limio identity on behalf of an organization. It is intended for administrative purposes and requires full OAuth API key authentication.\n**Use Case:** Admins can unlink external identities from any owner without the user being logged in.\n**Authentication:** This API uses OAuth bearer tokens.  See [Limio OAuth Authentication](https://docs.limio.com/developers/api-documentation/authentication-overview/oauth-bearer-token) for details.","operationId":"removeExternalIdentityAdmin","tags":["Identities"],"parameters":[{"in":"path","name":"owner","description":"The ID of the Limio owner from which the external identity will be removed.","required":true,"schema":{"type":"string"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ExternalIdentityRequest"}}}},"responses":{"200":{"description":"External identity successfully removed from the specified owner.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RemoveExternalIdentityResponse"}}}},"401":{"$ref":"#/components/responses/401Response"},"502":{"$ref":"#/components/responses/502Response"}}}}}}
```

## Forget Customer Data

> This API allows you to obfuscate personal customer data associated with a specific customer ID, including first name, last name and email. The \*\*customer ID\*\* must be provided in the request path. Please beware this action is irreversible.

```json
{"openapi":"3.1.0","info":{"title":"Limio Commerce API","version":"1.0.0"},"tags":[{"name":"Identities","description":"Manage Limio identities — link or unlink external identity providers, transfer object ownership between identities, and scrub personal customer data (GDPR right-to-be-forgotten)."}],"servers":[{"url":"https://{tenant}/api","description":"Limio environment API","variables":{"tenant":{"default":"your-environment.prod.limio.com","description":"Your Limio environment hostname, e.g. `acme.prod.limio.com` or `acme-sandbox.prod.limio.com`."}}}],"security":[{"bearerAuth":["OAuth"]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"OAuth 2.0 Bearer token for authenticated API access. Required for order submission, object management, and administrative operations.\n\nObtain a token via the OAuth flow described in [OAuth Bearer Token](https://docs.limio.com/developers/api-documentation/authentication-overview/oauth-bearer-token).\n\nPass the token in the `Authorization` header: `Bearer <token>`"}},"schemas":{"ForgetCustomerDataResponse":{"type":"object","properties":{"customerId":{"type":"string"},"eventId":{"type":"string"},"success":{"type":"boolean"}}}},"responses":{"401Response":{"description":"Unauthorized — the request lacks valid authentication credentials. Verify your Bearer token or API key is correct and has not expired.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}}},"502Response":{"description":"Bad Gateway — an upstream service returned an unexpected response. This typically indicates an issue with the request payload (e.g. invalid field values, missing required fields) or a transient infrastructure error. Retry the request, and if the issue persists, verify the request body matches the expected schema.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string","description":"Human-readable error description."}}}}}}}},"paths":{"/customer/{id}/forget_customer":{"post":{"summary":"Forget Customer Data","description":"This API allows you to obfuscate personal customer data associated with a specific customer ID, including first name, last name and email. The **customer ID** must be provided in the request path. Please beware this action is irreversible.","operationId":"forgetCustomerData","tags":["Identities"],"parameters":[{"name":"id","in":"path","required":true,"schema":{"type":"string"},"description":"The unique customer ID of the customer's data you wish to be scrubbed."}],"responses":{"200":{"description":"Data successfully scrubbed","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ForgetCustomerDataResponse"}}}},"401":{"$ref":"#/components/responses/401Response"},"502":{"$ref":"#/components/responses/502Response"}}}}}}
```