Skip to content

Line Messaging OAuth2 Keys

Service Name: LINE Messaging API

Service Description: LINE Messaging API allows developers to integrate LINE's messaging platform into their applications, enabling businesses to communicate with users through chatbots, notifications, and interactive messages.

Service Address: https://developers.line.biz/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the LINE Developers Console for webhook endpoints, but not directly for OAuth tokens.

Secret Access Scope: Grants access to send messages, retrieve user information, create rich menus, and interact with users through the LINE platform according to the permissions requested during OAuth authorization.

Secret Revokement URL: https://developers.line.biz/console/

Secret Example: 1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz

Suspicious Activity Investigation Instructions:

  • Review the LINE Developers Console for unusual webhook configurations or changes.
  • Check message delivery logs for unauthorized messages sent to users.
  • Monitor API usage statistics for abnormal patterns or spikes in activity.
  • Verify if there are any unauthorized channel access token issuances.
  • Review user interaction logs for suspicious engagement patterns.

Mitigation Instructions:

  • Log in to the LINE Developers Console.
  • Navigate to the Provider and Channel settings for the affected application.
  • Reset the channel secret in the Basic settings tab.
  • Update the webhook URL if it has been compromised.
  • Generate a new channel access token and update it in your applications.
  • Revoke any existing tokens by selecting Issue to generate a new channel access token.
  • Update your application code with the new credentials.
  • Consider implementing additional security measures like IP restrictions for webhooks.
  • Review and adjust the permissions granted to your LINE application.