Social API v2.1 reference

OAuth

Issue access token

Issues access token.

HTTP request

POST https://api.line.me/oauth2/v2.1/token

Request headers

Request header Description
Content-Type application/x-www-form-urlencoded

Request body

Parameters Type Required Description
grant_type String Required authorization_code. Specifies the grant type.
code String Required Authorization code. Code returned in the authorization request.
redirect_uri String Required Callback URL
client_id String Required Channel ID. Found in the console.
client_secret String Required Channel secret. Found in the console.

Example request

curl -v -X POST https://api.line.me/oauth2/v2.1/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=authorization_code' \
-d 'code=xxx' \
-d 'redirect_uri=xxx' \
-d 'client_id=xxx' \
-d 'client_secret=xxx'
// No sample code available
# No sample code available
// No sample code available
// No sample code available
# No sample code available
# No sample code available
// No sample code available

Response

Returns the status code 200 and a JSON object with the following information.

Property Type Description
access_token String Access token. Valid for 30 days.
expires_in Number Amount of time in seconds until the access token expires
id_token String JSON Web Token (JWT) that includes information about the user. This field is returned only if openid is specified in the scope. For more information about the ID token, see Getting profile information and email address based on ID token.
refresh_token String Token used to get a new access token. Valid up to 10 days after the access token expires.
scope String Permissions granted by the user. For more information, see Scopes.
token_type String Bearer

Example response

{
    "access_token": "bNl4YEFPI/hjFWhTqexp4MuEw5YPs...",
    "expires_in": 2592000,
    "id_token": "eyJhbGciOiJIUzI1NiJ9...",
    "refresh_token": "Aa1FdeggRhTnPNNpxr8p",
    "scope": "profile",
    "token_type": "Bearer"
}

Verify access token

Verifies the access token.

Note: This is the reference for the v2.1 endpoint. For the v2 reference, see Verify access token v2.

HTTP request

GET https://api.line.me/oauth2/v2.1/verify

URL parameters

Parameter Required Description
access_token Required Access token

Example request

curl -v -X GET \
'https://api.line.me/oauth2/v2.1/verify?access_token=eyJhbGciOiJIUzI1NiJ9.UnQ_o-GP0VtnwDjbK0C8E_NvK...'
// No sample code available
# No sample code available
// No sample code available
// No sample code available
# No sample code available
# No sample code available
// No sample code available

Response

Property Type Description
scope String Permissions obtained through the access token
client_id String Channel ID for which the access token is issued
expires_in Number Expiration date of the access token. Expressed as the remaining number of seconds to expiry from when the API was called.

Example response

{
   "scope":"profile",
   "client_id":"1440057261",
   "expires_in":2591659
}

Refresh access token

Gets a new access token using a refresh token. Refresh tokens are returned with the access token when the user authorizes your app.

Note: This is the reference for the v2.1 endpoint. For the v2 reference, see Refresh access token v2.

Note: Cannot be used to refresh channel access tokens which are used for the Messaging API.

HTTP request

POST https://api.line.me/oauth2/v2.1/token

Request headers

Request header Description
Content-Type application/x-www-form-urlencoded

Request body

Property Type Required Description
grant_type String Required refresh_token
refresh_token String Required Refresh token. Valid up until 10 days after the access token expires. You must log in the user again if the refresh token expires.
client_id String Required Channel ID. Found on the console.
client_secret String Optional Channel secret. Found on the console. Note: Required if the access token was issued via a channel with the "Web app" application type.

Example request

curl -v -X POST https://api.line.me/oauth2/v2.1/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=refresh_token&refresh_token={your_refresh_token}&client_id={your_channel_id}&client_secret={your_channel_secret}'
// No sample code available
# No sample code available
// No sample code available
// No sample code available
# No sample code available
# No sample code available
// No sample code available

Response

Property Type Description
access_token String Access token. Valid for 30 days.
token_type String Bearer
refresh_token String Token used to get a new access token. Valid up until 10 days after the access token expires.
expires_in Number Expiration date of the access token. Expressed in the remaining number of seconds to expiry from when the API was called.
scope String Permissions obtained through the access token

Example response

{
   "token_type":"Bearer",
   "scope":"profile",
   "access_token":"bNl4YEFPI/hjFWhTqexp4MuEw...",
   "expires_in":2591977,
   "refresh_token":"8iFFRdyxNVNLWYeteMMJ"
}

Revoke access token

Invalidates the access token.

Note: This is the reference for the v2.1 endpoint. For the v2 reference, see Revoke access token v2.

Note: Cannot be used to invalidate channel access tokens which are used for the Messaging API.

HTTP request

POST https://api.line.me/oauth2/v2.1/revoke

Request headers

Request header Description
Content-Type application/x-www-form-urlencoded

Request body

Property Type Required Description
access_token String Required Access token
client_id String Required Channel ID. Found on the console.
client_secret String Required Channel secret. Found on the console.

Response

Returns the status code 200 and an empty response body.

Example request

curl -v -X POST https://api.line.me/oauth2/v2.1/revoke \
-H "Content-Type:application/x-www-form-urlencoded" \
-d "client_id={channel id}&client_secret={channel secret}&access_token={access token}"
// No sample code available
# No sample code available
// No sample code available
// No sample code available
# No sample code available
# No sample code available
// No sample code available

Verify ID token

ID tokens are JSON web tokens (JWT) with information about the user. It's possible for an attacker to spoof an ID token. Use this call to verify that a received ID token is authentic, meaning you can use it to obtain the user's profile information and email.

HTTP request

POST https://api.line.me/oauth2/v2.1/verify

Request body

Parameters Type Required Description
id_token String Required ID token
client_id String Required Expected channel ID. Unique identifier for your channel issued by LINE. Found in the console.
nonce String Optional Expected nonce value. Use the nonce value provided in the authorization request. Omit if the nonce value was not specified in the authorization request.
user_id String Optional Expected user ID. Learn how to get the user ID from Get user profile.

Example request

curl -v -X POST 'https://api.line.me/oauth2/v2.1/verify' \
 -d 'id_token=eyJraWQiOiIxNmUwNGQ0ZTU2NzgzYTc5MmRjYjQ2ODRkOD...'
// No sample code available
# No sample code available
// No sample code available
// No sample code available
# No sample code available
# No sample code available
// No sample code available

Response

If the specified ID token passes verification, the ID token payload is returned.

Property Type Description
iss String URL where the ID token was generated.
sub String User ID for which the ID token was generated.
aud String Channel ID
exp Number The expiry date of the token in UNIX time.
iat Number Time when the ID token was generated in UNIX time.
auth_time Number Time the user was authenticated in UNIX time. Not included if the max_age value wasn't specified in the authorization request.
nonce String The nonce value specified in the authorization URL. Not included if the nonce value wasn't specified in the authorization request.
amr Array of strings A list of authentication methods used by the user. One or more of:
  • pwd: Login with email and password
  • lineautologin: LINE automatic login (including through LINE SDK)
  • lineqr: Log in with QR code
  • linesso: Log in with single sign-on
name String User's display name. Not included if the profile scope wasn't specified in the authorization request.
picture String User's profile image URL. Not included if the profile scope wasn't specified in the authorization request.
email String User's email address. Not included if the email scope wasn't specified in the authorization request.

Error response

If the ID token fails verification, a JSON object with these properties is returned.

Example response

{
    "iss": "https://access.line.me",
    "sub": "U1234567890abcdef1234567890abcdef",
    "aud": "1234567890",
    "exp": 1504169092,
    "iat": 1504263657,
    "nonce": "0987654asdf",
    "amr": [
        "pwd",
        "linesso",
        "lineqr"
    ],
    "name": "Taro Line",
    "picture": "https://sample_line.me/aBcdefg123456",
    "email": "taro.line@example.com"
}
error_description Description
Invalid IdToken. The ID token is malformed or the signature is invalid.
Invalid IdToken Issuer. The ID token was generated on a site other than "https://access.line.me".
IdToken expired. The ID token has expired.
Invalid IdToken Audience. The ID token's Audience value is different from the client_id specified in the request.
Invalid IdToken Nonce. The ID token's Nonce value is different from the nonce specified in the request.
Invalid IdToken Subject Identifier. The ID token's SubjectIdentifier value is different from the user_id specified in the request.
{
    "error": "invalid_request",
    "error_description": "access_token invalid"
}

Profile

Get user profile

Gets a user's display name, profile image, and status message.

Note: Requires an access token with the profile scope. For more information, see Making an authorization request and Scopes.

HTTP request

GET https://api.line.me/v2/profile

Request headers

Request header Description
Authorization Bearer {access token}

Example request

curl -v -X GET https://api.line.me/v2/profile \
-H 'Authorization: Bearer {access token}'
// No sample code available
# No sample code available
// No sample code available
// No sample code available
# No sample code available
# No sample code available
// No sample code available

Response

Property Type Description
displayName String User's display name
userId String User ID
pictureUrl String Profile image URL. "https" image URL. Not included in the response if the user doesn't have a profile image.
statusMessage String User's status message. Not included in the response if the user doesn't have a status message.

Example response

{
  "userId":"U4af4980629...",
  "displayName":"Brown",
  "pictureUrl":"https://example.com/abcdefghijklmn",
  "statusMessage":"Hello, LINE!"
}

Profile image thumbnail

You can change the user's profile image size by adding a suffix to the URL.

Image size Suffix
200 x 200 /large
51 x 51 /small

Example profile image URL

https://obs.line-apps.com/abcdefghijklmn/large

Friendship

Get friendship status

Gets the friendship status of the user and the LINE official account linked to your LINE Login channel.

Note: Requires an access token with the profile scope. For more information, see Making an authorization request and Scopes.

Note: You must have a LINE official account linked with your channel. For more information, see Linking a LINE official account with your LINE Login channel.

HTTP request

GET https://api.line.me/friendship/v1/status

Request headers

Request header Description
Authorization Bearer {access token}

Example request

curl -v -X GET https://api.line.me/friendship/v1/status \
-H 'Authorization: Bearer {access token}' \ 
// No sample code available
# No sample code available
// No sample code available
// No sample code available
# No sample code available
# No sample code available
// No sample code available

Response

Property Type Description
friendFlag Boolean true if the user has added the LINE official account as a friend and has not blocked the LINE official account. Otherwise, false.

Example response

{
  "friendFlag": true
}

Errors

Status codes

The following HTTP status codes are returned after an API call.

Status code Description
200 OK Request successful
400 Bad Request Problem with the request. Check the request parameters and JSON format.
401 Unauthorized Check that the authorization header is correct.
403 Forbidden Not authorized to use the API. Confirm that your account or plan is authorized to use the API.
429 Too Many Requests Make sure that you are within the rate limits for requests.
500 Internal Server Error Temporary error on the API server.

{{ $t("form.question.helpful") }}

{{ $t("form.question.detail") }}

{{ $t("form.question.improve") }}

{{ $t("form.info.start") }}{{ $t("form.info.link") }}{{ $t("form.info.end") }}


{{ $t("form.result.success") }}
{{ $t("form.result.error") }}
{{ $t("form.result.errorLink") }}