Line Messaging OAuth2 Keys
Service Name: LINE Messaging API
Service Description: LINE Messaging API allows developers to integrate LINE's messaging platform into their applications, enabling businesses to communicate with users through chatbots, notifications, and interactive messages.
Service Address: https://developers.line.biz/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured in the LINE Developers Console for webhook endpoints, but not directly for OAuth tokens.
Secret Access Scope: Grants access to send messages, retrieve user information, create rich menus, and interact with users through the LINE platform according to the permissions requested during OAuth authorization.
Secret Revokement URL: https://developers.line.biz/console/
Secret Example: 1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz
Suspicious Activity Investigation Instructions:
- Review the LINE Developers Console for unusual webhook configurations or changes.
- Check message delivery logs for unauthorized messages sent to users.
- Monitor API usage statistics for abnormal patterns or spikes in activity.
- Verify if there are any unauthorized channel access token issuances.
- Review user interaction logs for suspicious engagement patterns.
Mitigation Instructions:
- Log in to the LINE Developers Console.
- Navigate to the Provider and Channel settings for the affected application.
- Reset the channel secret in the Basic settings tab.
- Update the webhook URL if it has been compromised.
- Generate a new channel access token and update it in your applications.
- Revoke any existing tokens by selecting Issue to generate a new channel access token.
- Update your application code with the new credentials.
- Consider implementing additional security measures like IP restrictions for webhooks.
- Review and adjust the permissions granted to your LINE application.