Identity Linking API references
The OneWelcome Identity Platform provides the Identity Linking service. The Identity Linking service manages links between internal identities and external identity provider (IdP) accounts, enabling single sign-on (SSO), credential aggregation, and federation. It supports multi-tenancy with complete data isolation and hashes external identifiers using Argon2id with tenant-specific salts to protect user privacy.
Identity Linking APIs
The Identity Linking service includes the following APIs:
-
Identity Link Management API: Provides endpoints for the following tasks:
-
Create identity link: Link an external identity provider account to an internal identity with policy enforcement and uniqueness validation.
-
Get identity links: Retrieve all identity links for a specific identity, with optional filtering by provider alias.
-
Delete identity link: Remove a specific identity link from an identity.
-
-
Lookup API: Provides endpoints for the following task:
- Lookup identity by external credentials: Find an internal identity using an external provider alias and external ID. Uses POST to avoid exposing sensitive credentials in URLs or server logs.
Authentication
All Identity Linking API endpoints require OAuth2 Bearer tokens. The tenant context is derived from the JWT token claims.
| Scope | Description |
|---|---|
identity-linking-admin |
Provides full administrative access to all Identity Linking APIs, including link creation, retrieval, deletion, and lookups. |
identity-linking-user |
Provides user-level access for link operations scoped to the authenticated user's identity. |
