# LINE Login v2.1 API reference

# Common specifications

# Status codes

The following HTTP status codes are returned after an API call. We follow the HTTP status code specification (opens new window) unless otherwise stated.

Status code Description
200 OK The request succeeded.
400 Bad Request There was a problem with the request. Check the request parameters and JSON format.
401 Unauthorized Check that the authorization header is correct.
403 Forbidden You are not authorized to use the API. Confirm that your account or plan is authorized to use the API.
429 Too Many Requests Send fewer requests to avoid hitting your rate limit.
500 Internal Server Error There was a temporary error on the API server.

# OAuth

# Issue access token

Issues access tokens.

The access tokens managed through the LINE Login API attest that an app has been granted permission to access user information (such as user IDs, display names, profile images, and status messages) saved on the LINE Platform.

LINE Login API calls require you to provide an access token or refresh token that was sent in an earlier response.

Note
  • This is the reference for the LINE Login v2.1 endpoint. For information on the v2.0 endpoint, see Issue access token in the v2.0 API reference.
  • As new LINE Login features are added and existing features are modified, the structure of the JSON objects in responses and ID tokens may change. These changes may cause properties to be added or ordered differently; whitespace and line breaks to be added or removed between elements; and the size of the data to vary. Design your backend to be tolerant of future payloads that are structured differently.

Example request

# HTTP request

POST https://api.line.me/oauth2/v2.1/token

# Request headers

Content-Type

application/x-www-form-urlencoded

# Request body

grant_type

String

Required

authorization_code

code

String

Required

Authorization code received from the LINE Platform

redirect_uri

String

Required

Callback URL

client_id

String

Required

Channel ID. Found in the LINE Developers Console.

client_secret

String

Required

Channel secret. Found in the LINE Developers Console.

# Response

Returns status code 200 and a JSON object with the following information.

access_token

String

Access token. Valid for 30 days.

expires_in

Number

Number of seconds until the access token expires.

id_token

String

JSON Web Token (JWT) (opens new window) with information about the user. This property is returned only if you requested the openid scope. For more information about ID tokens, see Getting profile information and email addresses from ID tokens.

refresh_token

String

Token used to get a new access token (refresh token). Valid for up to 10 days after the access token expires.

For more information, see Refresh access token.

scope

String

Permissions granted to the access token. For more information on scopes, see Scopes.

Note that the email scope isn't returned as a value of the scope property even if access to it has been granted.

token_type

String

Bearer

Example response

# Verify access token validity

Verifies if an access token is valid.

For general recommendations on how to securely handle user registration and login with access tokens, see Creating a secure login process between your app and server in the LINE Login documentation.

Note

This is the reference for the LINE Login v2.1 endpoint. For information on the v2.0 endpoint, see Verify access token validity in the LINE Login v2.0 API reference.

Example request

# HTTP request

GET https://api.line.me/oauth2/v2.1/verify

# Query parameters

access_token

Required

Access token

# Response

If the access token is valid, a 200 OK status code is returned with a JSON object that has the following information.

scope

String

Permissions granted to the access token. To learn more about scopes, see Scopes.

client_id

String

Channel ID for which the access token is issued

expires_in

Number

Number of seconds until the access token expires.

Example response

# Error response

If the access token has expired, a 400 Bad Request HTTP status code and a JSON response are returned.

Example error response

# Refresh access token

Gets a new access token using a refresh token.

A refresh token is returned along with an access token once user authentication is complete.

Note
  • This is the reference for the LINE Login v2.1 endpoint. For information on the v2.0 endpoint, see Refresh access token in the LINE Login v2.0 API reference.
  • You can't use this to refresh a channel access token for the Messaging API.

Example request

Note

Cannot be used to refresh channel access tokens which are used for the Messaging API.

# HTTP request

POST https://api.line.me/oauth2/v2.1/token

# Request headers

Content-Type

application/x-www-form-urlencoded

# Request body

grant_type

String

Required

refresh_token

refresh_token

String

Required

The refresh token corresponding to the access token to be reissued. Valid for up to 90 days after the access token was issued. If the refresh token expires, you must prompt the user to log in again to generate a new access token.

client_id

String

Required

Channel ID. Found in the LINE Developers Console.

client_secret

String

Optional

Channel secret. Found in the LINE Developers Console.

Note

Required if the access token was issued through a channel with its type set to "web app".

# Response

If the access token is successfully refreshed, a new access token and refresh token are returned.

access_token

String

Access token. Valid for 30 days.

token_type

String

Bearer

refresh_token

String

Token used to get a new access token (refresh token). Valid for up to 90 days after the access token was issued.

expires_in

Number

Expiration date of the access token. Expressed in the remaining number of seconds to expiry from when the API was called.

scope

String

Permissions obtained through the access token. For more information on scopes, see Scopes.

Example response

# Error response

If the refresh token has expired, a 400 Bad Request HTTP status code and a JSON response are returned.

Example error response

# Revoke access token

Invalidates a user's access token.

Note
  • This is the reference for the LINE Login v2.1 endpoint. For information on the v2.0 endpoint, see Revoke access token in the LINE Login v2.0 API reference.
  • You can't use this to invalidate a channel access token for the Messaging API.

Example request

Note

Can't be used to invalidate channel access tokens which are used for the Messaging API.

# HTTP request

POST https://api.line.me/oauth2/v2.1/revoke

# Request headers

Content-Type

application/x-www-form-urlencoded

# Request body

access_token

String

Required

Access token

client_id

String

Required

Channel ID. Found in the LINE Developers Console.

client_secret

String

Required

Channel secret. Found in the LINE Developers Console.

# Response

Returns status code 200 and an empty response body.

# Verify ID token

ID tokens are JSON web tokens (JWT) with information about the user. It's possible for an attacker to spoof an ID token. Use this call to verify that a received ID token is authentic, meaning you can use it to obtain the user's profile information and email.

Example request

# HTTP request

POST https://api.line.me/oauth2/v2.1/verify

# Request body

id_token

String

Required

ID token

client_id

String

Required

Expected channel ID. Unique identifier for your channel issued by LINE. Found in the LINE Developers Console.

nonce

String

Optional

Expected nonce value. Use the nonce value provided in the authorization request. Omit if the nonce value was not specified in the authorization request.

user_id

String

Optional

Expected user ID. Learn how to get the user ID from Get user profile.

# Response

The ID token payload is returned when the specified ID token is successfully verified.

iss

String

URL used to generate the ID token.

sub

String

User ID for which the ID token was generated.

aud

String

Channel ID

exp

Number

The expiry date of the token in UNIX time.

iat

Number

Time when the ID token was generated in UNIX time.

auth_time

Number

Time the user was authenticated in UNIX time. Not included if the max_age value wasn't specified in the authorization request.

nonce

String

The nonce value specified in the authorization URL. Not included if the nonce value wasn't specified in the authorization request.

amr

Array of strings

A list of authentication methods used by the user. One or more of:

  • pwd: Log in with email and password
  • lineautologin: LINE automatic login (including through LINE SDK)
  • lineqr: Log in with QR code
  • linesso: Log in with single sign-on

name

String

User's display name. Not included if the profile scope wasn't specified in the authorization request.

picture

String

User's profile image URL. Not included if the profile scope wasn't specified in the authorization request.

email

String

User's email address. Not included if the email scope wasn't specified in the authorization request.

Example response

# Error response

A JSON object is returned when the specified ID token fails to be verified.

error_description Description
Invalid IdToken. The ID token is malformed or the signature is invalid.
Invalid IdToken Issuer. The ID token was generated on a site other than "https://access.line.me".
IdToken expired. The ID token has expired.
Invalid IdToken Audience. The ID token's Audience value is different from the client_id specified in the request.
Invalid IdToken Nonce. The ID token's Nonce value is different from the nonce specified in the request.
Invalid IdToken Subject Identifier. The ID token's SubjectIdentifier value is different from the user_id specified in the request.

Example error response

# Profile

# Get user profile

Gets a user's ID, display name, profile image, and status message.

Note

Requires an access token with the profile scope. For more information, see Authenticating users and making authorization requests and Scopes in the LINE Login documentation.

Example request

# HTTP request

GET https://api.line.me/v2/profile

# Request headers

Authorization

Bearer {access token}

# Response

userId

String

User ID

displayName

String

User's display name

pictureUrl

String

Profile image URL. This is an HTTPS URL. It's only included in the response if the user has set a profile image.

Profile image thumbnails:

You can get a thumbnail version of a user's profile image by appending any of the following suffixes to their profile image URL.

Suffix Thumbnail size
/large 200 x 200
/small 51 x 51

Example: https://profile.line-scdn.net/abcdefghijklmn/large

statusMessage

String

User's status message. Not included in the response if the user doesn't have a status message.

Example response

# Friendship status

# Get friendship status

Gets the friendship status between a user and the LINE Official Account linked to your LINE Login channel.

For more information on how to link a LINE Official Account to a LINE Login channel, see Add a LINE Official Account as a friend when logged in (bot link) in the LINE Login documentation.

Example request

# HTTP request

GET https://api.line.me/friendship/v1/status

# Request headers

Authorization

Bearer {access token}

Note

Requires an access token with the profile scope. For more information, see Authenticating users and making authorization requests and Scopes in the LINE Login documentation.

# Response

friendFlag

Boolean

  • true: The user has added the LINE Official Account as a friend and has not blocked it.
  • Otherwise, false.

Example response