# LINE Login API v2.0 reference
This page contains documentation for the previous version of LINE Login, v2.0. LINE Login v2.0 has been deprecated, with the end-of-life date to be determined, so we recommend that you use the current version (LINE Login v2.1). There will be a certain grace period between the end-of-life announcement and the actual end-of-life. For more information, see LINE Login versions.
# Common specifications
# Rate limits
If you send a large number of requests to the LINE Login API within a short period of time, and it is determined that it will affect the operation of the LINE Platform, we may temporarily restrict your requests. Refrain from sending large numbers of requests for any purpose, including load testing.
Rate limit thresholds for the LINE Login API are not disclosed.
# Status codes
These HTTP status codes are returned after an API call. We follow the HTTP status code specification (opens new window) unless otherwise stated.
| Status code | Description |
|---|---|
| 200 OK | Request successful |
| 400 Bad Request | Problem with the request. Check the request parameters and JSON format. |
| 401 Unauthorized | Check that the authorization header is correct. |
| 403 Forbidden | Not authorized to use the API. Confirm that your account or plan is authorized to use the API. |
| 413 Payload Too Large | Request exceeds the max size of 2MB. Make the request smaller than 2MB and try again. |
| 429 Too Many Requests | Temporarily restricting requests because rate-limit has been exceeded by a large number of requests. |
| 500 Internal Server Error | Temporary error on the API server. |
# OAuth
# Issue access token
Issues access token.
The access tokens managed through the LINE Login API indicate that an app has been granted permission to access user data (such as user IDs, display names, profile images, and status messages) saved on the LINE Platform.
LINE Login API calls require you to provide an access token or refresh token that was sent in an earlier response.
This is a description of the LINE Login v2.0 endpoint. For information on the v2.1 endpoint, see Issue access token in the v2.1 API reference.
# HTTP request
POST https://api.line.me/v2/oauth/accessToken
# Request headers
Content-Type
application/x-www-form-urlencoded
# Request body
grant_type
String
authorization_code
code
String
Authorization code received from the LINE Platform
redirect_uri
String
Callback URL
client_id
String
Channel ID. Found in the LINE Developers Console.
client_secret
String
Channel secret. Found in the LINE Developers Console.
# Response
This returns a 200 status code and a JSON object with the following information.
access_token
String
Access token. Valid for 30 days.
expires_in
Number
Number of seconds until the access token expires.
refresh_token
String
Token used to get a new access token (refresh token). Valid for up to 10 days after the access token expires.
To learn more, see Refresh access token.
scope
String
Permissions granted to the access token.
P: You have permission to access the user's profile information.
token_type
String
Bearer
# Verify access token validity
Verifies that an access token is valid.
For general recommendations on how to securely handle user registration and login with access tokens, see Verify access tokens in the LINE Login documentation.
This is the reference for the LINE Login v2.0 endpoint. For information on the v2.1 endpoint, see Verify access token validity in the LINE Login v2.1 API reference.
# HTTP request
POST https://api.line.me/v2/oauth/verify
# Request headers
Content-Type
application/x-www-form-urlencoded
# Request body
access_token
String
Access token
# Response
If the access token is valid, a 200 OK status code is returned with a JSON object that has the following information.
scope
String
Permissions granted to the access token.
P: You have permission to access the user's profile information.
client_id
String
The channel ID for which the access token was issued.
expires_in
Number
Number of seconds until the access token expires.
# Error response
If the access token has expired, a 400 Bad Request status code is returned with a JSON object.
# Refresh access token
Gets a new access token using a refresh token. Refresh tokens are returned with the access token when the user authorizes your app.
- This is the reference for the LINE Login v2.0 endpoint. For information on the v2.1 endpoint, see Refresh access token in the LINE Login v2.1 API reference.
- You can't use this to refresh a channel access token for the Messaging API.
# HTTP request
POST https://api.line.me/v2/oauth/accessToken
# Request headers
Content-Type
application/x-www-form-urlencoded
# Request body
grant_type
String
refresh_token
refresh_token
String
The refresh token corresponding to the access token to be reissued. Valid for up to 10 days after the access token expires. If the refresh token expires, you must prompt the user to log in again to generate a new access token.
client_id
String
Channel ID. Found in the LINE Developers Console.
client_secret
String
Channel secret. Found in the LINE Developers Console.
# Response
If the access token is successfully refreshed, a new access token and refresh token are returned.
token_type
String
Bearer
scope
String
Permissions granted to the access token.
P: You have permission to access the user's profile information.
access_token
String
Access token
expires_in
Number
Number of seconds until the access token expires.
refresh_token
String
Token used to get a new access token (refresh token). Valid for up to 10 days after the access token expires.
# Error response
If the refresh token has expired, a 400 Bad Request status code is returned with a JSON object.
# Revoke access token
Invalidates a user's access token.
- This is the reference for the LINE Login v2.0 endpoint. For information on the v2.1 endpoint, see Revoke access token in the LINE Login v2.1 API reference.
- You can't use this to invalidate a channel access token for the Messaging API.
# HTTP request
POST https://api.line.me/v2/oauth/revoke
# Request headers
Content-Type
application/x-www-form-urlencoded
# Request body
refresh_token
String
The refresh token corresponding to the access token to be invalidated.
# Response
Returns status code 200 and an empty response body.
# Profile
# Get user profile
# HTTP request
GET https://api.line.me/v2/profile
# Request headers
Authorization
Bearer {access token}
# Response
userId
String
User ID
displayName
String
User's display name
pictureUrl
String
Profile image URL. This is an HTTPS URL. Not included in the response if the user doesn't have a profile image.
Profile image thumbnails:
You can get a thumbnail version of a user's profile image by appending any of these suffixes to their profile image URL.
| Suffix | Thumbnail size |
|---|---|
/large | 200 x 200 |
/small | 51 x 51 |
e.g. https://profile.line-scdn.net/abcdefghijklmn/large
statusMessage
String
User's status message. Not included in the response if the user doesn't have a status message.