Prerequisites
Check the prerequisites for each Offline API version.
When using Offline API v4
To call the Online API v4, Online API v3 or Offline API v4, you must specify your credentials in the HTTP request header.
After you join as a merchant, you can get the channel ID and channel secret key from the merchant center, which you can use to generate credentials.
You can apply for a sandbox account to request a channel ID and channel secret key for the sandbox for testing.
If you already have a channel ID and channel secret key issued by join as a merchant, you can use it in the sandbox environment without separate application.
The HTTP request header that specifies the credentials is as follows.
X-LINE-ChannelIdX-LINE-AuthorizationX-LINE-Authorization-Nonce
Enter the channel ID value in the X-LINE-ChannelId header and a temporary token value, such as a UUID v1 or v4 or a timestamp, in the X-LINE-Authorization-Nonce header.
The value entered in the X-LINE-Authorization header is the Base64-encoded value of the message authentication code (MAC) generated with the HMAC method using the channel secret key and the target message. Depending on the HTTP method of the API being called, configure the MAC generation message as follows.
| HTTP Method | MAC-generation message |
|---|---|
| GET | Channel secret key + API path (apiPath) + query string (queryString) + temporary token (nonce) |
| POST | Channel secret key + API path (apiPath) + request body + temporary token (nonce) |
The following example code enables calling an Online API by adding credentials information to the HTTP request header.
In the code examples below, the
handleBigInteger()function is required when dealing with the transaction ID value. For more information on transaction IDs and thehandleBigInteger()function, see Transaction ID.
const crypto = require("crypto");
function signKey(clientKey, msg) {
const encoder = new TextEncoder();
return crypto
.createHmac("sha256", encoder.encode(clientKey))
.update(encoder.encode(msg))
.digest("base64");
}
async function requestLINEPayAPI({
method,
baseUrl = "https://sandbox-api-pay.line.me",
apiPath,
queryString = "",
data = null,
signal = null,
}) {
const nonce = crypto.randomUUID();
let signature = "";
// Generate MAC for each method
if (method === "GET") {
signature = signKey(
YOUR_CHANNEL_SECRET,
YOUR_CHANNEL_SECRET + apiPath + queryString + nonce
);
} else if (method === "POST") {
signature = signKey(
YOUR_CHANNEL_SECRET,
YOUR_CHANNEL_SECRET + apiPath + JSON.stringify(data) + nonce
);
}
const headers = {
"X-LINE-ChannelId": YOUR_CHANNEL_ID,
"X-LINE-Authorization": signature,
"X-LINE-Authorization-Nonce": nonce,
};
const response = await fetch(
`${baseUrl}${apiPath}${queryString !== "" ? "&" + queryString : ""}`,
{
method: method,
headers: {
"Content-Type": "application/json",
...headers,
},
body: data ? JSON.stringify(data) : null,
signal: signal,
}
);
const processedResponse = handleBigInteger(await response.text());
return processedResponse;
}
When using Offline API v2.x
Prepare the followings when using Offline API v2 or Offline API v2.4:
Set the allowlist of servers
To use Offline API v2 or Offline API v2.4, you need to enable the merchant server to access the sandbox. The merchant center manages an allowlist of servers that can call the LINE Pay API as a menu named Manage Payment Server IP. Register the IP address of your merchant server as follows.
If you are a sandbox merchant and testing the LINE Pay API in sandbox, you do not need to set the allowlist of servers.
-
Log in to the merchant center.
-
Select [Developer Tools > Manage Payment Server IP] from the menu on the left.
-
In the Manage Payment Server IP page, enter the merchant server's IP address and IP address mask value as follows, and click the Add button.
-
(Optional) If you have more than one merchant server to test, click the Add Row button in the upper right corner to add a row, and repeat step 3 as many times as necessary.
Handle API credentials for Offline API v2.x
To use Offline API v2 or Offline API v2.4, you must specify your credentials in the HTTP request header when calling the API.
After you join as a merchant, you can get the channel ID and channel secret key from the merchant center, which you must include in the appropriate HTTP request header.
You can apply for a sandbox account to request a channel ID and channel secret key for the sandbox for testing.
If you already have a channel ID and channel secret key issued by join as a merchant, you can use it in the sandbox environment without separate application.
The HTTP request header that specifies the credentials is as follows.
X-LINE-ChannelIdX-LINE-ChannelSecret
When calling the Offline API, you can also include information about the merchant's device in the HTTP request header. For more information, see API request header section of Offline API v2 or Offline API v2.4.
Enter the channel ID value in the X-LINE-ChannelId header and the channel secret key in the X-LINE-ChannelSecret header. The following example code enables calling an Offline API by adding credentials information to the HTTP request header.
In the code examples below, the
handleBigInteger()function is required when dealing with the transaction ID value. For more information on transaction IDs and thehandleBigInteger()function, see Transaction ID section of Offline API v2 or Offline API v2.4.
const crypto = require("crypto");
async function requestLINEPayAPIv2({
method,
baseUrl = "https://sandbox-api-pay.line.me",
apiPath,
queryString = "",
data = null,
signal = null,
}) {
const headers = {
"X-LINE-ChannelId": YOUR_CHANNEL_ID,
"X-LINE-ChannelSecret": YOUR_CHANNEL_SECRET,
"X-LINE-MerchantDeviceProfileId": YOUR_DEVICE_PROFILE_ID,
"X-LINE-MerchantDeviceType": YOUR_DEVICE_TYPE,
};
const response = await fetch(
`${baseUrl}${apiPath}${queryString !== "" ? "&" + queryString : ""}`,
{
method: method,
headers: {
"Content-Type": "application/json",
...headers,
},
body: data ? JSON.stringify(data) : null,
signal: signal,
}
);
const processedResponse = handleBigInteger(await response.text());
return processedResponse;
}