# LINE Login v2.1 API reference

# Common specifications

# Rate limits

If you send a large number of requests to the LINE Login API within a short period of time, and it is determined that it will affect the operation of the LINE Platform, we may temporarily restrict your requests. Refrain from sending large numbers of requests for any purpose, including load testing.

On rate limit thresholds

Rate limit thresholds for the LINE Login API are not disclosed.

# Status codes

These HTTP status codes are returned after an API call. We follow the HTTP status code specification (opens new window) unless otherwise stated.

Status code Description
200 OK The request succeeded.
400 Bad Request There was a problem with the request. Check the request parameters and JSON format.
401 Unauthorized Check that the authorization header is correct.
403 Forbidden You are not authorized to use the API. Confirm that your account or plan is authorized to use the API.
413 Payload Too Large Request exceeds the max size of 2MB. Make the request smaller than 2MB and try again.
429 Too Many Requests Temporarily restricting requests because rate-limit has been exceeded by a large number of requests.
500 Internal Server Error There was a temporary error on the API server.

# Response headers

The following HTTP headers are included in LINE Login API responses:

Response header Description
x-line-request-id Request ID. An ID is issued for each request.

# OAuth

# Issue access token

POST https://api.line.me/oauth2/v2.1/token

Issues access tokens.

The access tokens managed through the LINE Login API attest that an app has been granted permission to access user data (such as user IDs, display names, profile images, and status messages) saved on the LINE Platform.

LINE Login API calls require you to provide an access token or refresh token that was sent in an earlier response.

Note
  • This is the reference for the LINE Login v2.1 endpoint. For information on the v2.0 endpoint, see Issue access token in the v2.0 API reference.
  • As new LINE Login features are added and existing features are modified, the structure of the JSON objects in responses and ID tokens may change. These changes may cause properties to be added or ordered differently; whitespace and line breaks to be added or removed between elements; and the size of the data to vary. Design your backend to be tolerant of future payloads that are structured differently.

Example request

# Request headers

Content-Type

Required

application/x-www-form-urlencoded

# Request body

grant_type

String

Required

authorization_code

code

String

Required

Authorization code received from the LINE Platform

redirect_uri

String

Required

Same value as redirect_uri specified in the authorization request.

client_id

String

Required

Channel ID. Found in the LINE Developers Console.

client_secret

String

Required

Channel secret. Found in the LINE Developers Console.

code_verifier

String

Optional

A random 43-128 character string consisting of single-byte alphanumeric characters and symbols (e.g. wJKN8qz5t8SSI9lMFhBB6qwNkQBkuPZoCxzRhwLRUo1).

If your LINE Login implements PKCE, you can add this parameter to verify the validity of the code_verifier on the LINE Platform side before returning the access token.

For more information on how to implement PKCE, see Implement PKCE for LINE Login in the LINE Login documentation.

# Response

Returns status code 200 and a JSON object with the following information.

access_token

String

Access token. Valid for 30 days.

expires_in

Number

Number of seconds until the access token expires.

id_token

String

JSON Web Token (JWT) (opens new window) with information about the user. This property is returned only if you requested the openid scope. For more information about ID tokens, see Get profile information from ID tokens.

refresh_token

String

Token used to get a new access token (refresh token). Valid for 90 days after the access token is issued.

For more information, see Refresh access token.

scope

String

Permissions granted to the access token. For more information on scopes, see Scopes.

Note that the email scope isn't returned as a value of the scope property even if access to it has been granted.

token_type

String

Bearer

Example response

# Verify access token validity

Verifies if an access token is valid.

For general recommendations on how to securely handle user registration and login with access tokens, see Creating a secure login process between your app and server in the LINE Login documentation.

Note

This is the reference for the LINE Login v2.1 endpoint. For information on the v2.0 endpoint, see Verify access token validity in the LINE Login v2.0 API reference.

Example request

# HTTP request

GET https://api.line.me/oauth2/v2.1/verify

# Query parameters

access_token

Required

Access token

# Response

If the access token is valid, a 200 OK status code is returned with a JSON object that has the following information.

scope

String

Permissions granted to the access token. To learn more about scopes, see Scopes.

client_id

String

Channel ID for which the access token is issued

expires_in

Number

Number of seconds until the access token expires.

Example response

# Error response

If the access token has expired, a 400 Bad Request HTTP status code and a JSON response are returned.

Example error response

# Refresh access token

Gets a new access token using a refresh token.

A refresh token is returned along with an access token once user authentication is complete.

Note
  • This is the reference for the LINE Login v2.1 endpoint. For information on the v2.0 endpoint, see Refresh access token in the LINE Login v2.0 API reference.
  • You can't use this to refresh a channel access token for the Messaging API.

Example request

# HTTP request

POST https://api.line.me/oauth2/v2.1/token

# Request headers

Content-Type

Required

application/x-www-form-urlencoded

# Request body

grant_type

String

Required

refresh_token

refresh_token

String

Required

The refresh token corresponding to the access token to be reissued. Valid for up to 90 days after the access token was issued. If the refresh token expires, you must prompt the user to log in again to generate a new access token.

client_id

String

Required

Channel ID. Found in the LINE Developers Console.

client_secret

String

See description

Channel secret. Found in the LINE Developers Console.

  • Required for channels whose App types is only Web app
  • Ignored for channels whose App types is Mobile app and Web app
  • Ignored for channels whose App types is only Mobile app

# Response

If the access token is successfully refreshed, a new access token and refresh token are returned.

access_token

String

Access token. Valid for 30 days.

token_type

String

Bearer

refresh_token

String

Refresh token you specified for the refresh_token property when requesting to reissue an access token. Getting a new access token won't extend the expiration date of the refresh token.

expires_in

Number

Expiration date of the access token. Expressed in the remaining number of seconds to expiry from when the API was called.

scope

String

Permissions obtained through the access token. For more information on scopes, see Scopes.

Example response

# Error response

If the refresh token has expired, a 400 Bad Request HTTP status code and a JSON response are returned.

Example error response

# Revoke access token

Invalidates a user's access token.

Note
  • This is the reference for the LINE Login v2.1 endpoint. For information on the v2.0 endpoint, see Revoke access token in the LINE Login v2.0 API reference.
  • You can't use this to invalidate a channel access token for the Messaging API.

Example request

# HTTP request

POST https://api.line.me/oauth2/v2.1/revoke

# Request headers

Content-Type

Required

application/x-www-form-urlencoded

# Request body

access_token

String

Required

Access token

client_id

String

Required

Channel ID. Found in the LINE Developers Console.

client_secret

String

See description

Channel secret. Found in the LINE Developers Console.

  • Required for channels whose App types is only Web app
  • Ignored for channels whose App types is Mobile app and Web app
  • Ignored for channels whose App types is only Mobile app

# Response

Returns status code 200 and an empty response body.

# Verify ID token

ID tokens are JSON web tokens (JWT) with information about the user. It's possible for an attacker to spoof an ID token. Use this call to verify that a received ID token is authentic, meaning you can use it to obtain the user's profile information and email.

Example request

# HTTP request

POST https://api.line.me/oauth2/v2.1/verify

# Request headers

Content-Type

Required

application/x-www-form-urlencoded

# Request body

id_token

String

Required

ID token

client_id

String

Required

Expected channel ID. Unique identifier for your channel issued by the LINE Platform. Found in the LINE Developers Console.

nonce

String

Optional

Expected nonce value. Use the nonce value provided in the authorization request. Omit if the nonce value was not specified in the authorization request.

user_id

String

Optional

Expected user ID. Learn how to get the user ID from Get user profile.

# Response

The ID token payload is returned when the specified ID token is successfully verified.

iss

String

URL used to generate the ID token.

sub

String

User ID for which the ID token was generated.

aud

String

Channel ID

exp

Number

The expiry date of the ID token in UNIX time.

iat

Number

Time when the ID token was generated in UNIX time.

auth_time

Number

Time the user was authenticated in UNIX time. Not included if the max_age value wasn't specified in the authorization request.

nonce

String

The nonce value specified in the authorization URL. Not included if the nonce value wasn't specified in the authorization request.

amr

Array of strings

A list of authentication methods used by the user. Not included in the payload under certain conditions.

One or more of:

  • pwd: Log in with email and password
  • lineautologin: LINE automatic login (including through LINE SDK)
  • lineqr: Log in with QR code
  • linesso: Log in with single sign-on
  • mfa: Log in with two-factor authentication

name

String

User's display name. Not included if the profile scope wasn't specified in the authorization request.

picture

String

User's profile image URL. Not included if the profile scope wasn't specified in the authorization request.

email

String

User's email address. Not included if the email scope wasn't specified in the authorization request.

Example response

# Error response

A JSON object is returned when the specified ID token fails to be verified.

error_description Description
Invalid IdToken. The ID token is malformed or the signature is invalid.
Invalid IdToken Issuer. The ID token was generated on a site other than "https://access.line.me".
IdToken expired. The ID token has expired.
Invalid IdToken Audience. The ID token's Audience value is different from the client_id specified in the request.
Invalid IdToken Nonce. The ID token's Nonce value is different from the nonce specified in the request.
Invalid IdToken Subject Identifier. The ID token's SubjectIdentifier value is different from the user_id specified in the request.

Example error response

# Get user information

Gets a user's ID, display name, and profile image. The scope required for the access token is different for the Get user profile endpoint.

Note

Requires an access token with the openid scope. For more information, see Authenticating users and making authorization requests and Scopes in the LINE Login documentation.

Example request

# HTTP request

GET https://api.line.me/oauth2/v2.1/userinfo

POST https://api.line.me/oauth2/v2.1/userinfo

# Request headers

Authorization

Required

Bearer {access token}

# Response

sub

String

User ID

name

String

User's display name. Not included if the profile scope wasn't specified in the authorization request.

picture

String

User's profile image URL. Not included if the profile scope wasn't specified in the authorization request.

Example response

# Profile

# Get user profile

Gets a user's ID, display name, profile image, and status message. The scope required for the access token is different for the Get user information endpoint.

Note

Requires an access token with the profile scope. For more information, see Authenticating users and making authorization requests and Scopes in the LINE Login documentation.

Example request

# HTTP request

GET https://api.line.me/v2/profile

# Request headers

Authorization

Required

Bearer {access token}

# Response

userId

String

User ID

displayName

String

User's display name

pictureUrl

String

Profile image URL. This is an HTTPS URL. It's only included in the response if the user has set a profile image.

Profile image thumbnails:

You can get a thumbnail version of a user's profile image by appending any of the following suffixes to their profile image URL.

Suffix Thumbnail size
/large 200 x 200
/small 51 x 51

e.g. https://profile.line-scdn.net/abcdefghijklmn/large

statusMessage

String

User's status message. Not included in the response if the user doesn't have a status message.

Example response

# Friendship status

# Get friendship status

Gets the friendship status between a user and the LINE Official Account linked to your LINE Login channel.

For more information on how to use the add friend option, see Add a LINE Official Account as a friend when logged in (add friend option) in the LINE Login documentation.

Example request

# HTTP request

GET https://api.line.me/friendship/v1/status

# Request headers

Authorization

Required

Bearer {access token}

Note

Requires an access token with the profile scope. For more information, see Authenticating users and making authorization requests and Scopes in the LINE Login documentation.

# Response

friendFlag

Boolean

  • true: The user has added the LINE Official Account as a friend and has not blocked it.
  • Otherwise, false.

Example response