# Channel access tokens
This article explains what channel access tokens are and the different types that we provide.
# What are channel access tokens?
For services available on the Internet, authentication via IDs and passwords is often used as a means of verifying whether a person has permission to use the service. LINE Developers also verifies and confirms that a person has permission to use a specific channel. However, entering an ID and password every time you use a channel (for Messaging API channels, every time you use an endpoint in the Messaging API) takes too much effort and is therefore suboptimal.
That is why LINE Developers uses channel access tokens as a means of authentication for channels. If you send the correct channel access token to LINE Developers, you are deemed to have permission to use the channel.
If your channel access token gets leaked, an unintended third party may gain access and use your channel. For example, in the case of the Messaging API, this enables an unintended third party to send broadcast messages, which may result in malicious messages being sent to all of your friends.
If you suspect that your channel access token has been leaked, be sure to revoke it.
# How to use a channel access token
The channel access token is intended to be issued per developer group or user group.
If you issue separate channel access tokens for group A and group B, you can reissue a channel access token for group A without affecting group B, when you suspect that the channel access token has been leaked, or for any other reason unique to group A.
If you manage channel access tokens properly, you can have a maximum of two channel access tokens issued for each group so that you can provide services without interruption.
The same channel access token can be used repeatedly before it expires.
Do not reissue a channel access token each time you call an endpoint. If a large number of channel access tokens are issued in a short period of time and we determine that it affects the operation of the LINE platform, we may temporarily limit issuing channel access tokens.
In addition, if a channel access token is sent after the expiration date, the endpoint won't be available because it will be determined that you don't have access permission. We recommended that you set up a system for automatically issuing a new channel access token before the expiration date.
# Types of Channel access tokens
LINE Developers supports three types of channel access tokens with varying expirations:
- Channel access token with a user-specified expiration (Channel access token v2.1)
- Short-lived channel access token
- Long-lived channel access token
Short-lived channel access token, long-lived channel access token, and a channel access token with a user-specified expiration (Channel access token v2.1) each have their own maximum number that can be issued. The number of channel access tokens issued for each channel access token does not affect the number of other types of channel access tokens that can be issued.
- A channel access token with a user-specified expiration (Channel access token v2.1): Up to 30 tokens per channel
- Short-lived channel access token: Up to 30 tokens per channel
- Long-lived channel access token: Up to 1 token per channel
Until the end of May 2020, the combined maximum number of short-lived and long-lived channel access tokens that could be issued was 30. Any token beyond 30 was automatically deleted in chronological order from old to new.
# Channel access token with a user-specified expiration (Channel access token v2.1)
Channel access token v2.1 allows developers to specify expiration (up to 30 days) and to use JSON Web Token (JWT) instead of a channel secret to further strengthen security. We recommend using this version of the channel access token.
For more information, see Issue channel access token v2.1 in the Messaging API documentation.
# Short-lived channel access token
A short-lived channel access token is an access token for the Messaging API that is valid for 30 days.
Learn how to Issue a short-lived channel access token in the Messaging API reference.
# Long-lived channel access token
A long-lived channel access token is an access token that has no expiration date and is available only for Messaging API channels.
Select a Messaging API channel from the Channels in the LINE Developers Console and issue a long-lived channel access token from the Messaging API tab.
You can reissue a long-lived channel access token at any time, but when you do, the current token becomes invalid. If you need extra time to update the access token in your app, you can delay the time the current access token becomes invalid by up to 24 hours.