Status

Use this flow when your own backend is the source of truth for premium, plan, or license state and LoginSign should mirror that state for connected users.

1. Endpoint

PATCH /api/applications/:appId/users/:globalId/status

Authentication is required via Basic Auth using your app credentials:

Authorization: Basic base64(client_id:client_secret)

client_id must match appId.

2. Grant or update status

Send a status payload to grant or refresh an active status-license for a connected user.

{
  "status": "PREMIUM",
  "variantName": "Premium",
  "duration": "YEAR"
}

Payload fields

  • status (required unless revoke=true): label of your current plan/state.
  • variantName (optional): explicit variant name. Defaults to status.
  • duration (optional): defaults to LIFETIME if omitted.
  • expiresAt (optional): ISO timestamp or null to override expiry behavior.

If no matching variant exists, LoginSign auto-creates one for your app.

3. Revoke status

To remove all active synced statuses for the user:

{
  "revoke": true
}

You can also revoke by sending a status that maps to revoke semantics (FREE, NONE, INACTIVE, REVOKED).

4. Example requests

const auth = Buffer.from(`${appId}:${clientSecret}`).toString('base64');

await fetch(`${API_URL}/api/applications/${appId}/users/${globalId}/status`, {
  method: 'PATCH',
  headers: {
    Authorization: `Basic ${auth}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    status: 'PRO',
    variantName: 'Pro',
    duration: 'MONTH'
  })
});

5. Response behavior

  • { ok: true, action: "granted" } for grant/update success.
  • { ok: true, action: "revoked" } when active statuses were revoked.
  • { ok: true, action: "unchanged" } when revoke requested but nothing active existed.

Successful grant responses include details like connectionId, normalized status, selected variant, and generated/reused license.

6. Error cases

  • 401 unauthorized: Basic Auth missing.
  • 401 invalid_client: wrong client secret.
  • 403 forbidden: client_id does not match appId.
  • 400: missing/invalid payload (for example no status and no revoke).
  • 404: no active user connection for that globalId.

7. Integration test endpoint

POST /api/developer/applications/:appId/status-sync-api/test

Use this in the developer portal to verify endpoint metadata and integration readiness.

Related docs