userlike: audit vs current vendor docs (2026-04-16) — Lime Connect rebrand + v1 EOL

[productdevbook]

Summary

The wrapper targets the legacy v1 CDN bundle (EOL 2026-08-01) and exposes only a fraction of the v2 Messenger API — missing maximize/minimize, sendMessage, setAvatar, requestRating, switchOperator, getState, JWT/HMAC contact verification, and every event subscription.

Gaps found

Missing API surface

• api.maximize() / api.minimize() — full window state control (today show() only does setVisibility({button:true}) + open(); there is no programmatic minimize beyond close()) — https://docs.lime-connect.com/developers/api/website-messenger-api
• api.getState() returning hidden | minimized | maximized — used by callers to decide when to maximize; not exposed — https://docs.lime-connect.com/developers/api/website-messenger-api
• api.getVisibility() — read current {main, button, notifications} flags — https://docs.lime-connect.com/developers/api/website-messenger-api
• api.sendMessage(text) — programmatic message send (e.g. proactive support); no equivalent today — https://docs.lime-connect.com/developers/api/website-messenger-api
• api.setAvatar(url) — contact avatar; not bridged from identify() — https://docs.lime-connect.com/developers/api/website-messenger-api
• api.requestRating() — trigger CSAT prompt — https://docs.lime-connect.com/developers/api/website-messenger-api
• api.switchOperator(...) — reassign conversation — https://docs.lime-connect.com/developers/api/website-messenger-api
• api.logout() — clear authenticated contact session; current shutdown() only calls close(), leaving the session — https://docs.lime-connect.com/developers/api/website-messenger-api
• setContactInfo extended fields: phone_number, mobile_number, company, external_customer_id — we only forward name/email/phone — https://docs.lime-connect.com/developers/api/website-messenger-api

Events not bridged

• messenger.state$ observable / onMaximize / onMinimize — no listener API for visibility changes — https://docs.lime-connect.com/developers/api/website-messenger-api
• onMessageSent / onMessageReceived — no message event hooks — https://docs.lime-connect.com/developers/api/website-messenger-api
• onUnreadCountChange — most other ahize providers expose this; userlike does not — https://docs.lime-connect.com/developers/api/website-messenger-api
• onOperatorAssigned — operator handoff event — https://docs.lime-connect.com/developers/api/website-messenger-api
• onSessionStart / onSessionEnd — session lifecycle events — https://docs.lime-connect.com/developers/api/website-messenger-api

Config options not exposed

• createMessenger({ version: 2, widgetKey, nonce }) — UserlikeLoadOptions only takes messengerId; no way to pin v2 or pass widgetKey — https://github.com/userlike/messenger
• api.mount({ externalToken, nonce }) — current mount() is called with no arguments, blocking JWT auth and per-mount nonce — https://github.com/userlike/messenger

Auth modes

• Contact verification via JWT (HMAC-SHA256, payload {sub, iat, exp}) passed through mount({ externalToken: { getToken, onError } }) — wrapper exposes no verification/identityToken option, so authenticated identify is impossible — https://docs.lime-connect.com/developers/api/website-messenger-api

Deprecations in our current code

• Loader uses the legacy v1 CDN (userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/${messengerId}.js) — v1 deprecation 2025-08-01, EOL 2026-08-01 (~3.5 months from today). Migrate to @userlike/messenger v2 via createMessenger({ version: 2, widgetKey }) — https://github.com/userlike/messenger/blob/master/MIGRATION.md
• Vendor rebranded to Lime Connect; userlike.com/api returns 404, docs.userlike.com 301-redirects to docs.lime-connect.com. Update doc links / source comments — https://docs.lime-connect.com/developers/api/website-messenger-api
• track() repurposes setCustomData({[event]: metadata}) — collides with identify() attributes (which also writes via setCustomData), each call overwrites the other's keys at the top level — https://docs.lime-connect.com/developers/api/website-messenger-api
• mount() is awaited but its Result<ok,err> is never unwrapped, so a failed mount silently transitions lifecycle to ready — https://github.com/userlike/messenger

Intentionally out of scope

• CRM / dashboard REST APIs (contacts, conversations, operators) — not part of the widget wrapper surface.
• Custom Channel v1/v2 server-to-server APIs.
• Message Center operator UI configuration.

Sources

• https://docs.lime-connect.com/developers/api/website-messenger-api
• https://docs.lime-connect.com/developers/api/website-messenger
• https://github.com/userlike/messenger
• https://github.com/userlike/messenger/blob/master/MIGRATION.md
• https://github.com/userlike/messenger/blob/master/README.md

[productdevbook]

Shipped a @deprecated JSDoc header + one-shot console.warn on load() in 837ec44 flagging the 2026-08-01 v1 CDN EOL + Lime Connect rebrand. v2 (@userlike/messenger) migration tracked here remains open.