Managing access tokens

The Social API lets you manage and keep your users’ access tokens valid. After a user logs in to your app and you have retrieved a token, you can verify and refresh the token.

Before you begin

To call the Social API, you must have a refresh token retrieved through the LINE Login authentication and authorization process. For more information on how to use LINE Login, see the following pages.

About access tokens

Once a user has been authenticated, an access token is returned which can be used to call the Social API. Access tokens are valid for 30 days after being issued. The time of expiry in seconds is returned in the expires_in field in the response with the access token.

Refresh tokens

When an access token expires, you can use a refresh token to get a new access token. Note that refresh tokens are valid up until 10 days after the access token expires. If the refresh token expires, you must prompt the user to log in again to generate a new access token.

Verifying access tokens

To verify whether an access token is valid, send an HTTP GET request to the following endpoint with the access token in the request body.

GET https://api.line.me/oauth2/v2.1/verify

URL parameters

Parameter Required Description
access_token Required Access token

Example request

curl -v -X GET \
'https://api.line.me/oauth2/v2.1/verify?access_token=eyJhbGciOiJIUzI1NiJ9.UnQ_o-GP0VtnwDjbK0C8E_NvK...'

Response

If the access token is valid, a JSON response is returned with the following information about the access token.

Property Type Description
scope String Permissions obtained through the access token.
client_id String Channel ID for which the access token is issued.
expires_in Number Expiration date of the access token. Expressed as the remaining number of seconds to expiry from when the API was called.

The following is an example response.

{
   "scope":"profile",
   "client_id":"1440057261",
   "expires_in":2591659
}

Error response

If the access token has expired, a 400 Bad Request status code is returned with the following JSON object.

{
    "error": "invalid_request",
    "error_description": "access token expired"
}

Refreshing access tokens

To refresh an access token, make an HTTP POST request to the following endpoint with the refresh token in the request body.

POST https://api.line.me/oauth2/v2.1/token

Request header

Header Description
Content-Type application/x-www-form-urlencoded

Request body

Property Type Required Description
grant_type String Required refresh_token
refresh_token String Required Refresh token. Valid up until 10 days after the access token expires. You must log in the user again if the refresh token expires.
client_id String Required Channel ID. Found on the console.
client_secret String Optional Channel secret. Found on the console. Note: Required if the access token was issued via a channel with the WEB application type.

Example request

curl -v -X POST https://api.line.me/oauth2/v2.1/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=refresh_token&refresh_token={your_refresh_token}&client_id={your_channel_id}&client_secret={your_channel_secret}'

Response

If the call is successful, a new access token and refresh token are returned.

Property Type Description
access_token String Access token. Valid for 30 days.
token_type String Bearer
refresh_token String Token used to get a new access token. Valid up until 10 days after the access token expires.
expires_in Number Expiration date of the access token. Expressed in the remaining number of seconds to expiry from when the API was called.
scope String Permissions obtained through the access token.

The following is an example response.

{
   "token_type":"Bearer",
   "scope":"profile",
   "access_token":"bNl4YEFPI/hjFWhTqexp4MuEw...",
   "expires_in":2591977,
   "refresh_token":"8iFFRdyxNVNLWYeteMMJ"
}

Error response

If the refresh token has expired, a 400 Bad Request status code is returned with the following JSON object.

{
    "error": "invalid_grant",
    "error_description": "invalid refresh token"
}

Status codes

The following HTTP status codes are returned when an HTTP request is sent.

HTTP status Description
200 OK Request successful
400 Bad Request Problem with the request. Check the request parameters and JSON format.
401 Unauthorized Check that the authorization header is correct.
403 Forbidden Not authorized to use the API. Confirm that your account or plan is authorized to use the API.
429 Too Many Requests Make sure that you are within the rate limits for requests.
500 Internal Server Error Temporary error on the API server.

For more information on the Social API, see the following pages.


Questions or suggestions?

If you have any questions about our LINE Platform products, first check our Q&A page on the Community site. To share suggestions or feature requests regarding the documentation or the LINE Platform, click the buttom below or create an issue on the LINE Platform feedback GitHub repository.