As announced on October 6, 2020, we're planning these updates to the LINE platform, which is source for webhook notifications for the Messaging API. If you're using a webhook, confirm communication from the new environment during the transition period.
- Supported SSL/TLS protocol versions
- Supported HTTP versions
- Request header field name
- Supported root certification authorities
A webhook is one of the features of LINE's Messaging API. It's a system in which the LINE Platform notifies the bot server of the provider (corporate or developer) of events such as adding friends and sending messages via HTTPS POST requests.
You can specify the bot server to which you want to be notified of webhooks by specifying the webhook URL in the LINE Developers Console. For more information on webhooks, see Receiving messages (webhooks) in the Messaging API documentation.
# Supported SSL/TLS protocol versions
We no longer support TLS 1.0 and TLS 1.1.
See this table for the differences before and after the transition.
| Protocol version | Before transition | After transition |
|---|---|---|
| TLS 1.3 | ❌ | ✅ |
| TLS 1.2 | ✅ | ✅ |
| TLS 1.1 | ✅ | ❌ |
| TLS 1.0 | ✅ | ❌ |
| SSL 3.0 | ❌ | ❌ |
| SSL 2.0 | ❌ | ❌ |
# Supported HTTP versions
See this table for differences before and after the transition.
| HTTP version | Before transition | After transition |
|---|---|---|
| HTTP/2 | ❌ | ✅ |
| HTTP/1.1 | ✅ | ✅ |
| HTTP/1.0 | ✅ | ✅ |
# Request header field name
After the transition, there may be changes[1] to uppercase and lowercase letters in the field name of the Request header when sending a webhook from the LINE Platform.
| Before transition | After transition | |
|---|---|---|
| Header field name example | X-Line-Signature | x-line-signature |
In addition, uppercase and lowercase letters may change without notice in the future as the LINE server is updated. The bot server that receives the webhook should handle the header field name without case distinction.[2]
# Supported root certification authorities
Webhook URLs (the bot server to which webhooks are notified) must be configured with an SSL/TLS certificate issued by a trusted certification authority. Self-signed certificates aren't allowed.
See this table for differences before and after the transition.
| Before transition | After transition | |
|---|---|---|
| Available SSL/TLS Certificates | An SSL/TLS certificate issued by a "Certificate authority trusted by LINE" | SSL/TLS certificates issued by a root certification authority that's widely trusted by most browsers |
The "Certificate authority trusted by LINE" list will be removed at the end of the transition period.
# Transition period
October 6, 2020 - January 31, 2021 JST (GMT+9)
# Impact
If you're using Messaging API webhooks, we recommend that you use one of these methods during the migration period to verify that the new LINE Platform can be used to communicate with the bot server.
# Verification method 1: Verify with an endpoint for webhook URL validation
Verify the connection by using the endpoint for webhook URL test.
The LINE Platform sends an HTTP POST request that doesn't include a webhook event to the webhook URL (bot server) to confirm communication. Design your bot server to return status code
200.Example HTTP POST request without a webhook event:
{ "destination": "xxxxxxxxxx", "events": [] }
# Verification method 2: Use the webhook URL's "Verify" button in the LINE Developers Console
In the LINE Developers Console, click the webhook URL's "Verify" button to perform the verification.
LINE will continue to improve the quality of its services to its customers. Thank you for your understanding.