Authentication

How to authenticate with Limio's APIs using OAuth Bearer Tokens.

All Limio APIs use OAuth Bearer Tokens for authentication. This is the standard method for every integration — server-to-server, front-end, and third-party.

For the full API reference, see docs.limio.com/api.

OAuth Bearer Token

The client credentials method generates an OAuth Bearer Token for secure, server-to-server authentication without user involvement. It gives full read/write access to all Limio APIs, including Orders, Subscriptions, Catalog, Abandoned Basket, External Identities, and more.

Prerequisites

You need a client_id and client_secret. Contact Limio Support to obtain these credentials.

Get your Bearer Token

Endpoint:

POST {{tenant}}/oauth2/token

Where {{tenant}} is your Limio application URL:

US hosting: https://{{tenant}}.prod-us.limio.com
EU hosting: https://{{tenant}}.prod.limio.com

Headers:

Header

Value

Content-Type

application/x-www-form-urlencoded

Request body:

Parameter

Value

grant_type

client_credentials

client_id

Your client_id from Limio Support

client_secret

Your client_secret from Limio Support

Example request:

curl --request POST \
  --url https://{tenant}/oauth2/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id={client_id_details} \
  --data client_secret={client_secret_details}

Response:

{
    "access_token": "<YOUR_TOKEN_HERE>",
    "token_type": "Bearer",
    "expires_in": 3600
}

Use the token

Include the token in the Authorization header of every API request:

const basePath = 'api';
const domain = 'prod.limio.com'; // or 'prod-us.limio.com'
const tenant = 'your-tenant';
const resp = await fetch(
  `https://${tenant}.${domain}/${basePath}/order`,
  {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      Authorization: 'Bearer <YOUR_TOKEN_HERE>'
    },
    body: JSON.stringify({ /* order payload */ })
  }
);

API Keys (legacy)

Some Catalog API endpoints accept a publishable API key for read-only access. However, Limio is in the process of moving all endpoints to OAuth Bearer Token — newer endpoints such as get-offers-v2 and get-add-ons already require OAuth. If you are planning a new integration and need to use a publishable API key, please contact Limio.

API keys are intended for headless or public-facing integrations where you only need to pull catalog data (campaigns, offers, products, pages). They are safe to embed in client-side code because they grant read-only access.

Generate an API key

Log in to your Limio account, go to Profile > Developers > Limio Keys and click Generate New. Each account is limited to 2 API keys.

Use the key

Pass the key directly in the Authorization header (no Bearer prefix):

fetch('/api/catalog', {
  headers: { Authorization: 'YOUR_API_KEY_HERE' }
}).then(res => res.json());

Delete a key

Select Delete next to the key in the developer area.

Deleting a key cannot be undone. Any application using that key will lose access immediately.

PreviousGet Started with Limio's API NextOAuth Bearer Token

Last updated 2 hours ago

Was this helpful?

hashtagOAuth Bearer Token

hashtagPrerequisites

hashtagGet your Bearer Token

hashtagUse the token

hashtagAPI Keys (legacy)

hashtagGenerate an API key

hashtagUse the key

hashtagDelete a key

OAuth Bearer Token

Prerequisites

Get your Bearer Token

Use the token

API Keys (legacy)

Generate an API key

Use the key

Delete a key