1. Documents
  2. Web API

Managing access tokens

The Social REST API lets you manage and keep your users’ access tokens valid. After a user logs in to your app and you have retrieved a token, you can verify and refresh the token.

Before you begin

To call the Social REST API, you must have an access token retrieved through the authentication and authorization process. See the following pages for more information.

About access tokens

Once a user has been authenticated, an access token is returned which can be used to call the Social REST API. Access tokens are valid for 30 days after being issued. The exact time of expiry in seconds is returned in the expires_in field in the response with the access token.

Refresh tokens

When an access token expires, you can use a refresh token to get a new access token. Note that refresh tokens are valid up until 10 days after the access token expires. If the refresh token expires, you must prompt the user to log in again to generate a new access token.

Validating access tokens

To verify whether an access token is valid, send an HTTP POST request to the following endpoint with the access token in the request body.

POST https://api.line.me/v2/oauth/verify

Request header

Header Description
Content-Type application/x-www-form-urlencoded

Request body

Parameter Description
access_token Access token string

Example request

curl -X POST \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'access_token=bNl4YEFPI/hjFWhTqexp4MuEw5YPs7qhr6dJDXKwNPuLka...' \
https://api.line.me/v2/oauth/verify

Response

If the access token is valid, a JSON response is returned with the following information about the access token.

Property Type Description
scope String “P”. Default permission to access the user’s LINE profile information.
client_id String Channel ID
expires_in String Amount of time in seconds until access token expires.
client_secret String Channel secret. Found on the Channel Console.

The following is an example response.

{
   "scope":"P",
   "client_id":"1350031035",
   "expires_in":2591965
}

Example error response

If the access token is invalid, a 400 Bad Request status code is returned with the following JSON object.

{
    "error": "invalid_request",
    "error_description": "access_token invalid"
}

Refreshing access tokens

To refresh an access token, make an HTTP POST request to the following endpoint with the refresh token in the request body.

POST https://api.line.me/v2/oauth/accessToken

Request header

Header Description
Content-Type application/x-www-form-urlencoded

Request body

Parameter Type Description
grant_type String refresh_token
refresh_token String Refresh token to reissue an access token
client_id String Channel ID. Found on the Channel Console.
client_secret String Channel secret. Found on the Channel Console.

Example request

curl -X POST \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'client_id={CLIENT_ID}' \
--data-urlencode 'client_secret={CLIENT_SECRET}' \
--data-urlencode 'refresh_token={REFRESH_TOKEN}' \
https://api.line.me/v2/oauth/accessToken

Response

If the call is successful, a new access token and refresh token are returned.

Property Type Description
token_type String “Bearer”
scope String “P”. Default permission to access the user’s LINE profile information.
accessToken String Access token
expires_in String Amount of time in seconds until access token expires.
refresh_token String Token used to reissue an access token. Valid up to 10 days after the access token expires.

Example error response

If the refresh token is invalid, a 400 Bad Request status code is returned with the following JSON object.

{
    "error": "invalid_grant",
    "error_description": "invalid refresh_token"
}

Error responses

The following HTTP status codes are returned when an API is called.

Status code Description
200 OK Request successful
400 Bad Request Problem with the request. Check the request parameters and JSON format.
401 Unauthorized Check that the authorization header is correct.
403 Forbidden Not authorized to use the API. Confirm that your account or plan is authorized to use the API.
429 Too Many Requests Make sure that you are within the rate limits for requests.
500 Internal Server Error Temporary error on the API server.

Related pages

For more information on the Social REST API, see the following pages.