1. Documents
  2. Android SDK

Managing access tokens

The LINE SDK for Android contains methods to get the current access token, verify that the token is valid, and refresh the token. The SDK automatically refreshes access tokens that are expired whenever an API call is made through the LineApiClient interface.

Before you begin

Make sure you have completed the following:

About access tokens

Access tokens are valid for 30 days after being issued. When an access token expires, API calls fail and a corresponding error is returned. Whenever you call a method on LineApiClient, the SDK automatically verifies the validity of the access token and refreshes the token if it has expired. If the token cannot be refreshed, you must prompt the user to log in again to get a new access token.

Getting the current access token

If you have a client-server application, you can get the current access token to make API calls from your server. Once you get the access token, you can call the Social API. For more information, see the API reference.

To get the current access token, call the getCurrentAccessToken() method.

String accessToken = lineApiClient.getCurrentAccessToken().getResponseData().getAccessToken();

Note: When sending access tokens to your server, we recommend hashing the access token and sending the hash over SSL.

Verifying access tokens

To verify the validity of the current access token, use the verifyToken() method. This method returns a LineApiResponse object that contains the result. You can then call the isSuccess() method to check if the token is valid. If isSuccess() is true, the token is valid. Otherwise the access token is invalid, expired, or the verify API failed in some manner.

If isSuccess() is FALSE, use the LineApiResponse.getErrorData() method to get more information about why the verifyToken() method failed. getResponseData() returns NULL.

LineApiResponse verifyResponse = lineApiClient.verifyToken();
if (verifyResponse.isSuccess()) {
    Log.i(TAG, "getResponseData: " + verifyResponse.getResponseData().toString());
    Log.i(TAG, "getResponseCode: " + verifyResponse.getResponseCode().toString());
    return true;
} else {
    Log.i(TAG, "getResponseCode: " + verifyResponse.getResponseCode());
    Log.i(TAG, "getErrorData: " + verifyResponse.getErrorData());
    return false;

To get a list of permissions that are associated with the access token, call LineApiResponse.getPermission(). The following example demonstrates how to display a list of permissions in a toast.

protected void onPostExecute(LineApiResponse response){
    if (response.isSuccess()){
        StringBuilder toastStringBuilder = new StringBuilder("Access Token is VALID and contains the permissions: ");
        for (String temp : response.getResponseData().getPermission()) {
            toastStringBuilder.append(temp + ", ");
        Toast.makeText(getApplicationContext(), toastStringBuilder.toString(), Toast.LENGTH_SHORT).show();

Refreshing access tokens

To refresh the access token that is currently being used by the SDK, call the refreshAccessToken() method. You can call this method for up to 10 days after the access token has expired. If this call fails, then it means that the refresh token has expired and the user must log in again to get a new access token.


Handling errors

The following HTTP response codes and messages are returned when an API is called.

HTTP Status Description
200 OK Request successful
400 Bad Request Problem with the request. Check the request parameters and JSON format.
401 Unauthorized Check that the authorization header is correct.
403 Forbidden Not authorized to use the API. Confirm that your account or plan is authorized to use the API.
429 Too Many Requests Make sure that you are within the rate limits for requests.
500 Internal Server Error Temporary error on the API server.

Related pages

For more information on the Android SDK, see the following pages.