# LINE Login v2.1 API reference
# Common specifications
# Rate limits
If you send a large number of requests to the LINE Login API within a short period of time, and it is determined that it will affect the operation of the LINE Platform, we may temporarily restrict your requests. Refrain from sending large numbers of requests for any purpose, including load testing.
Rate limit thresholds for the LINE Login API are not disclosed.
# Status codes
These HTTP status codes are returned after an API call. We follow the HTTP status code specification (opens new window) unless otherwise stated.
Status code | Description |
---|---|
200 OK | The request succeeded. |
400 Bad Request | There was a problem with the request. Check the request parameters and JSON format. |
401 Unauthorized | Check that the authorization header is correct. |
403 Forbidden | You are not authorized to use the API. Confirm that your account or plan is authorized to use the API. |
413 Payload Too Large | Request exceeds the max size of 2MB. Make the request smaller than 2MB and try again. |
429 Too Many Requests | Temporarily restricting requests because rate-limit has been exceeded by a large number of requests. |
500 Internal Server Error | There was a temporary error on the API server. |
# Response headers
The following HTTP headers are included in LINE Login API responses:
Response header | Description |
---|---|
x-line-request-id | Request ID. An ID is issued for each request. |
# OAuth
# Issue access token
POST
https://api.line.me/oauth2/v2.1/token
Issues access tokens.
The access tokens managed through the LINE Login API attest that an app has been granted permission to access user data (such as user IDs, display names, profile images, and status messages) saved on the LINE Platform.
LINE Login API calls require you to provide an access token or refresh token that was sent in an earlier response.
- This is the reference for the LINE Login v2.1 endpoint. For information on the v2.0 endpoint, see Issue access token in the v2.0 API reference.
- As new LINE Login features are added and existing features are modified, the structure of the JSON objects in responses and ID tokens may change. These changes may cause properties to be added or ordered differently; whitespace and line breaks to be added or removed between elements; and the size of the data to vary. Design your backend to be tolerant of future payloads that are structured differently.
# Request headers
Content-Type
application/x-www-form-urlencoded
# Request body
grant_type
String
authorization_code
code
String
Authorization code received from the LINE Platform
redirect_uri
String
Same value as redirect_uri
specified in the authorization request.
client_id
String
Channel ID. Found in the LINE Developers Console.
client_secret
String
Channel secret. Found in the LINE Developers Console.
code_verifier
String
A random 43-128 character string consisting of single-byte alphanumeric characters and symbols (e.g. wJKN8qz5t8SSI9lMFhBB6qwNkQBkuPZoCxzRhwLRUo1
).
If your LINE Login implements PKCE, you can add this parameter to verify the validity of the code_verifier
on the LINE Platform side before returning the access token.
For more information on how to implement PKCE, see Implement PKCE for LINE Login in the LINE Login documentation.
# Response
Returns status code 200
and a JSON object with the following information.
access_token
String
Access token. Valid for 30 days.
expires_in
Number
Number of seconds until the access token expires.
id_token
String
JSON Web Token (JWT) (opens new window) with information about the user. This property is returned only if you requested the openid
scope. For more information about ID tokens, see Get profile information from ID tokens.
refresh_token
String
Token used to get a new access token (refresh token). Valid for 90 days after the access token is issued.
For more information, see Refresh access token.
scope
String
Permissions granted to the access token. For more information on scopes, see Scopes.
Note that the email
scope isn't returned as a value of the scope
property even if access to it has been granted.
token_type
String
Bearer
# Verify access token validity
Verifies if an access token is valid.
For general recommendations on how to securely handle user registration and login with access tokens, see Creating a secure login process between your app and server in the LINE Login documentation.
This is the reference for the LINE Login v2.1 endpoint. For information on the v2.0 endpoint, see Verify access token validity in the LINE Login v2.0 API reference.
# HTTP request
GET https://api.line.me/oauth2/v2.1/verify
# Query parameters
access_token
Access token
# Response
If the access token is valid, a 200 OK
status code is returned with a JSON object that has the following information.
scope
String
Permissions granted to the access token. To learn more about scopes, see Scopes.
client_id
String
Channel ID for which the access token is issued
expires_in
Number
Number of seconds until the access token expires.
# Error response
If the access token has expired, a 400 Bad Request
HTTP status code and a JSON response are returned.
# Refresh access token
Gets a new access token using a refresh token.
A refresh token is returned along with an access token once user authentication is complete.
- This is the reference for the LINE Login v2.1 endpoint. For information on the v2.0 endpoint, see Refresh access token in the LINE Login v2.0 API reference.
- You can't use this to refresh a channel access token for the Messaging API.
# HTTP request
POST https://api.line.me/oauth2/v2.1/token
# Request headers
Content-Type
application/x-www-form-urlencoded
# Request body
grant_type
String
refresh_token
refresh_token
String
The refresh token corresponding to the access token to be reissued. Valid for up to 90 days after the access token was issued. If the refresh token expires, you must prompt the user to log in again to generate a new access token.
client_id
String
Channel ID. Found in the LINE Developers Console.
client_secret
String
Channel secret. Found in the LINE Developers Console.
- Required for channels whose App types is only Web app
- Ignored for channels whose App types is Mobile app and Web app
- Ignored for channels whose App types is only Mobile app
# Response
If the access token is successfully refreshed, a new access token and refresh token are returned.
access_token
String
Access token. Valid for 30 days.
token_type
String
Bearer
refresh_token
String
Refresh token you specified for the refresh_token
property when requesting to reissue an access token. Getting a new access token won't extend the expiration date of the refresh token.
expires_in
Number
Expiration date of the access token. Expressed in the remaining number of seconds to expiry from when the API was called.
scope
String
Permissions obtained through the access token. For more information on scopes, see Scopes.
# Error response
If the refresh token has expired, a 400 Bad Request
HTTP status code and a JSON response are returned.
# Revoke access token
Invalidates a user's access token.
- This is the reference for the LINE Login v2.1 endpoint. For information on the v2.0 endpoint, see Revoke access token in the LINE Login v2.0 API reference.
- You can't use this to invalidate a channel access token for the Messaging API.
# HTTP request
POST https://api.line.me/oauth2/v2.1/revoke
# Request headers
Content-Type
application/x-www-form-urlencoded
# Request body
access_token
String
Access token
client_id
String
Channel ID. Found in the LINE Developers Console.
client_secret
String
Channel secret. Found in the LINE Developers Console.
- Required for channels whose App types is only Web app
- Ignored for channels whose App types is Mobile app and Web app
- Ignored for channels whose App types is only Mobile app
# Response
Returns status code 200
and an empty response body.
# Verify ID token
ID tokens are JSON web tokens (JWT) with information about the user. It's possible for an attacker to spoof an ID token. Use this call to verify that a received ID token is authentic, meaning you can use it to obtain the user's profile information and email.
# HTTP request
POST https://api.line.me/oauth2/v2.1/verify
# Request headers
Content-Type
application/x-www-form-urlencoded
# Request body
id_token
String
ID token
client_id
String
Expected channel ID. Unique identifier for your channel issued by LINE. Found in the LINE Developers Console.
nonce
String
Expected nonce
value. Use the nonce
value provided in the authorization request. Omit if the nonce
value was not specified in the authorization request.
user_id
String
Expected user ID. Learn how to get the user ID from Get user profile.
# Response
The ID token payload is returned when the specified ID token is successfully verified.
iss
String
URL used to generate the ID token.
sub
String
User ID for which the ID token was generated.
aud
String
Channel ID
exp
Number
The expiry date of the ID token in UNIX time.
iat
Number
Time when the ID token was generated in UNIX time.
auth_time
Number
Time the user was authenticated in UNIX time. Not included if the max_age
value wasn't specified in the authorization request.
nonce
String
The nonce
value specified in the authorization URL. Not included if the nonce
value wasn't specified in the authorization request.
amr
Array of strings
A list of authentication methods used by the user. Not included in the payload under certain conditions.
One or more of:
pwd
: Log in with email and passwordlineautologin
: LINE automatic login (including through LINE SDK)lineqr
: Log in with QR codelinesso
: Log in with single sign-on
name
String
User's display name. Not included if the profile
scope wasn't specified in the authorization request.
picture
String
User's profile image URL. Not included if the profile
scope wasn't specified in the authorization request.
String
User's email address. Not included if the email
scope wasn't specified in the authorization request.
# Error response
A JSON object is returned when the specified ID token fails to be verified.
error_description | Description |
---|---|
Invalid IdToken. | The ID token is malformed or the signature is invalid. |
Invalid IdToken Issuer. | The ID token was generated on a site other than "https://access.line.me". |
IdToken expired. | The ID token has expired. |
Invalid IdToken Audience. | The ID token's Audience value is different from the client_id specified in the request. |
Invalid IdToken Nonce. | The ID token's Nonce value is different from the nonce specified in the request. |
Invalid IdToken Subject Identifier. | The ID token's SubjectIdentifier value is different from the user_id specified in the request. |
# Get user information
Gets a user's ID, display name, and profile image. The scope required for the access token is different for the Get user profile endpoint.
Requires an access token with the openid
scope. For more information, see Authenticating users and making authorization requests and Scopes in the LINE Login documentation.
# HTTP request
GET https://api.line.me/oauth2/v2.1/userinfo
POST https://api.line.me/oauth2/v2.1/userinfo
# Request headers
Authorization
Bearer {access token}
# Response
sub
String
User ID
name
String
User's display name. Not included if the profile
scope wasn't specified in the authorization request.
picture
String
User's profile image URL. Not included if the profile
scope wasn't specified in the authorization request.
# Profile
# Get user profile
Gets a user's ID, display name, profile image, and status message. The scope required for the access token is different for the Get user information endpoint.
Requires an access token with the profile
scope. For more information, see Authenticating users and making authorization requests and Scopes in the LINE Login documentation.
# HTTP request
GET https://api.line.me/v2/profile
# Request headers
Authorization
Bearer {access token}
# Response
userId
String
User ID
displayName
String
User's display name
pictureUrl
String
Profile image URL. This is an HTTPS URL. It's only included in the response if the user has set a profile image.
Profile image thumbnails:
You can get a thumbnail version of a user's profile image by appending any of the following suffixes to their profile image URL.
Suffix | Thumbnail size |
---|---|
/large | 200 x 200 |
/small | 51 x 51 |
e.g. https://profile.line-scdn.net/abcdefghijklmn/large
statusMessage
String
User's status message. Not included in the response if the user doesn't have a status message.
# Friendship status
# Get friendship status
Gets the friendship status between a user and the LINE Official Account linked to your LINE Login channel.
For more information on how to use the add friend option, see Add a LINE Official Account as a friend when logged in (add friend option) in the LINE Login documentation.
# HTTP request
GET https://api.line.me/friendship/v1/status
# Request headers
Authorization
Bearer {access token}
Requires an access token with the profile
scope. For more information, see Authenticating users and making authorization requests and Scopes in the LINE Login documentation.