# LINE Login v2.1 API reference
# Common specifications
# Rate limits
If you send a large number of requests to the LINE Login API within a short period of time, and it is determined that it will affect the operation of the LINE Platform, we may temporarily restrict your requests. Refrain from sending large numbers of requests for any purpose, including load testing.
Rate limit thresholds for the LINE Login API are not disclosed.
# Status codes
These HTTP status codes are returned after an API call. We follow the HTTP status code specification (opens new window) unless otherwise stated.
| Status code | Description |
|---|---|
| 200 OK | The request succeeded. |
| 400 Bad Request | There was a problem with the request. Check the request parameters and JSON format. |
| 401 Unauthorized | Check that the authorization header is correct. |
| 403 Forbidden | You are not authorized to use the API. Confirm that your account or plan is authorized to use the API. |
| 413 Payload Too Large | Request exceeds the max size of 2MB. Make the request smaller than 2MB and try again. |
| 429 Too Many Requests | Temporarily restricting requests because rate-limit has been exceeded by a large number of requests. |
| 500 Internal Server Error | There was a temporary error on the API server. |
# Response headers
The following HTTP headers are included in LINE Login API responses:
| Response header | Description |
|---|---|
| x-line-request-id | Request ID. An ID is issued for each request. |
# OAuth
# Issue access token
POSThttps://api.line.me/oauth2/v2.1/token
Issues access tokens.
The access tokens managed through the LINE Login API attest that an app has been granted permission to access user data (such as user IDs, display names, profile images, and status messages) saved on the LINE Platform.
LINE Login API calls require you to provide an access token or refresh token that was sent in an earlier response.
- This is the reference for the LINE Login v2.1 endpoint. For information on the v2.0 endpoint, see Issue access token in the v2.0 API reference.
- As new LINE Login features are added and existing features are modified, the structure of the JSON objects in responses and ID tokens may change. These changes may cause properties to be added or ordered differently; whitespace and line breaks to be added or removed between elements; and the size of the data to vary. Design your backend to be tolerant of future payloads that are structured differently.
Example request
# Request headers
Content-Type
application/x-www-form-urlencoded
# Request body
grant_type
String
authorization_code
code
String
Authorization code received from the LINE Platform
redirect_uri
String
Same value as redirect_uri specified in the authorization request.
client_id
String
Channel ID. Found in the LINE Developers Console.
client_secret
String
Channel secret. Found in the LINE Developers Console.
code_verifier
String
A random 43-128 character string consisting of single-byte alphanumeric characters and symbols (e.g. wJKN8qz5t8SSI9lMFhBB6qwNkQBkuPZoCxzRhwLRUo1).
If your LINE Login implements PKCE, you can add this parameter to verify the validity of the code_verifier on the LINE platform side before returning the access token.
For more information on how to implement PKCE, see Implement PKCE for LINE Login in the LINE Login documentation.
# Response
Returns status code 200 and a JSON object with the following information.
access_token
String
Access token. Valid for 30 days.
expires_in
Number
Number of seconds until the access token expires.
id_token
String
JSON Web Token (JWT) (opens new window) with information about the user. This property is returned only if you requested the openid scope. For more information about ID tokens, see Get profile information from ID tokens.
refresh_token
String
Token used to get a new access token (refresh token). Valid for 90 days after the access token is issued.
For more information, see Refresh access token.
scope
String
Permissions granted to the access token. For more information on scopes, see Scopes.
Note that the email scope isn't returned as a value of the scope property even if access to it has been granted.
token_type
String
Bearer
Example response
# Verify access token validity
Verifies if an access token is valid.
For general recommendations on how to securely handle user registration and login with access tokens, see Creating a secure login process between your app and server in the LINE Login documentation.
This is the reference for the LINE Login v2.1 endpoint. For information on the v2.0 endpoint, see Verify access token validity in the LINE Login v2.0 API reference.
Example request
# HTTP request
GET https://api.line.me/oauth2/v2.1/verify
# Query parameters
access_token
Access token
# Response
If the access token is valid, a 200 OK status code is returned with a JSON object that has the following information.
scope
String
Permissions granted to the access token. To learn more about scopes, see Scopes.
client_id
String
Channel ID for which the access token is issued
expires_in
Number
Number of seconds until the access token expires.
Example response
# Error response
If the access token has expired, a 400 Bad Request HTTP status code and a JSON response are returned.
Example error response
# Refresh access token
Gets a new access token using a refresh token.
A refresh token is returned along with an access token once user authentication is complete.
- This is the reference for the LINE Login v2.1 endpoint. For information on the v2.0 endpoint, see Refresh access token in the LINE Login v2.0 API reference.
- You can't use this to refresh a channel access token for the Messaging API.
Example request
# HTTP request
POST https://api.line.me/oauth2/v2.1/token
# Request headers
Content-Type
application/x-www-form-urlencoded
# Request body
grant_type
String
refresh_token
refresh_token
String
The refresh token corresponding to the access token to be reissued. Valid for up to 90 days after the access token was issued. If the refresh token expires, you must prompt the user to log in again to generate a new access token.
client_id
String
Channel ID. Found in the LINE Developers Console.
client_secret
String
Channel secret. Found in the LINE Developers Console.
- Required for channels whose App types is only Web app
- Ignored for channels whose App types is Mobile app and Web app
- Ignored for channels whose App types is only Mobile app
# Response
If the access token is successfully refreshed, a new access token and refresh token are returned.
access_token
String
Access token. Valid for 30 days.
token_type
String
Bearer
refresh_token
String
Refresh token you specified for the refresh_token property when requesting to reissue an access token. Getting a new access token won't extend the expiration date of the refresh token.
expires_in
Number
Expiration date of the access token. Expressed in the remaining number of seconds to expiry from when the API was called.
scope
String
Permissions obtained through the access token. For more information on scopes, see Scopes.
Example response
# Error response
If the refresh token has expired, a 400 Bad Request HTTP status code and a JSON response are returned.
Example error response
# Revoke access token
Invalidates a user's access token.
- This is the reference for the LINE Login v2.1 endpoint. For information on the v2.0 endpoint, see Revoke access token in the LINE Login v2.0 API reference.
- You can't use this to invalidate a channel access token for the Messaging API.
Example request
# HTTP request
POST https://api.line.me/oauth2/v2.1/revoke
# Request headers
Content-Type
application/x-www-form-urlencoded
# Request body
access_token
String
Access token
client_id
String
Channel ID. Found in the LINE Developers Console.
client_secret
String
Channel secret. Found in the LINE Developers Console.
- Required for channels whose App types is only Web app
- Ignored for channels whose App types is Mobile app and Web app
- Ignored for channels whose App types is only Mobile app
# Response
Returns status code 200 and an empty response body.
# Verify ID token
ID tokens are JSON web tokens (JWT) with information about the user. It's possible for an attacker to spoof an ID token. Use this call to verify that a received ID token is authentic, meaning you can use it to obtain the user's profile information and email.
Example request
# HTTP request
POST https://api.line.me/oauth2/v2.1/verify
# Request headers
Content-Type
application/x-www-form-urlencoded
# Request body
id_token
String
ID token
client_id
String
Expected channel ID. Unique identifier for your channel issued by LINE. Found in the LINE Developers Console.
nonce
String
Expected nonce value. Use the nonce value provided in the authorization request. Omit if the nonce value was not specified in the authorization request.
user_id
String
Expected user ID. Learn how to get the user ID from Get user profile.
# Response
The ID token payload is returned when the specified ID token is successfully verified.
iss
String
URL used to generate the ID token.
sub
String
User ID for which the ID token was generated.
aud
String
Channel ID
exp
Number
The expiry date of the ID token in UNIX time.
iat
Number
Time when the ID token was generated in UNIX time.
auth_time
Number
Time the user was authenticated in UNIX time. Not included if the max_age value wasn't specified in the authorization request.
nonce
String
The nonce value specified in the authorization URL. Not included if the nonce value wasn't specified in the authorization request.
amr
Array of strings
A list of authentication methods used by the user. Not included in the payload under certain conditions.
One or more of:
pwd: Log in with email and passwordlineautologin: LINE automatic login (including through LINE SDK)lineqr: Log in with QR codelinesso: Log in with single sign-on
name
String
User's display name. Not included if the profile scope wasn't specified in the authorization request.
picture
String
User's profile image URL. Not included if the profile scope wasn't specified in the authorization request.
String
User's email address. Not included if the email scope wasn't specified in the authorization request.
Example response
# Error response
A JSON object is returned when the specified ID token fails to be verified.
| error_description | Description |
|---|---|
| Invalid IdToken. | The ID token is malformed or the signature is invalid. |
| Invalid IdToken Issuer. | The ID token was generated on a site other than "https://access.line.me". |
| IdToken expired. | The ID token has expired. |
| Invalid IdToken Audience. | The ID token's Audience value is different from the client_id specified in the request. |
| Invalid IdToken Nonce. | The ID token's Nonce value is different from the nonce specified in the request. |
| Invalid IdToken Subject Identifier. | The ID token's SubjectIdentifier value is different from the user_id specified in the request. |
Example error response
# Get user information
Gets a user's ID, display name, and profile image. The scope required for the access token is different for the Get user profile endpoint.
Requires an access token with the openid scope. For more information, see Authenticating users and making authorization requests and Scopes in the LINE Login documentation.
Example request
# HTTP request
GET https://api.line.me/oauth2/v2.1/userinfo
POST https://api.line.me/oauth2/v2.1/userinfo
# Request headers
Authorization
Bearer {access token}
# Response
sub
String
User ID
name
String
User's display name. Not included if the profile scope wasn't specified in the authorization request.
picture
String
User's profile image URL. Not included if the profile scope wasn't specified in the authorization request.
Example response
# Profile
# Get user profile
Gets a user's ID, display name, profile image, and status message. The scope required for the access token is different for the Get user information endpoint.
Requires an access token with the profile scope. For more information, see Authenticating users and making authorization requests and Scopes in the LINE Login documentation.
Example request
# HTTP request
GET https://api.line.me/v2/profile
# Request headers
Authorization
Bearer {access token}
# Response
userId
String
User ID
displayName
String
User's display name
pictureUrl
String
Profile image URL. This is an HTTPS URL. It's only included in the response if the user has set a profile image.
Profile image thumbnails:
You can get a thumbnail version of a user's profile image by appending any of the following suffixes to their profile image URL.
| Suffix | Thumbnail size |
|---|---|
/large | 200 x 200 |
/small | 51 x 51 |
e.g. https://profile.line-scdn.net/abcdefghijklmn/large
statusMessage
String
User's status message. Not included in the response if the user doesn't have a status message.
Example response
# Friendship status
# Get friendship status
Gets the friendship status between a user and the LINE Official Account linked to your LINE Login channel.
For more information on how to link a LINE Official Account to a LINE Login channel, see Add a LINE Official Account as a friend when logged in (bot link) in the LINE Login documentation.
Example request
# HTTP request
GET https://api.line.me/friendship/v1/status
# Request headers
Authorization
Bearer {access token}
Requires an access token with the profile scope. For more information, see Authenticating users and making authorization requests and Scopes in the LINE Login documentation.
# Response
friendFlag
Boolean
true: The user has added the LINE Official Account as a friend and has not blocked it.- Otherwise,
false.
Example response