Authorization FAQ

Getting started

What's the easiest way to authorize calls to the LiveChat API?

For fast & easy authorization, we recommend Personal Access Tokens (PATs). They're a way to go if you want to authorize private apps or speed up the development process.

Can I use the same access token to make calls to all APIs?

No. Making calls to the Customer Chat API requires you to use a different token than for all other APIs. Read about Agent authorization flows and Customer authorization flows.

Personal Access Tokens

How can I get a Personal Access Token?

Log in to Developer Console with your LiveChat login and password. Go to Tools > Personal Access Tokens and click Create new token +, or use an existing token if you have one.

Authorizing requests with a Personal Access Token doesn't work.
  1. Remember, PATs use the Basic authentication scheme. Make sure you're not using something else, for example Bearer.
  2. Ensure you're not using a PAT to authorize a call to the Customer Chat API. If that's what you want to achieve, see How can I make calls to the Customer Chat API?
  3. Check if your PAT is valid, complete, and has all necessary scopes. You can use our Token Debugger.

Customer authorization

How can I make calls to the Customer Chat API?

You need to create a customer. Then, you'll use the access token of this customer to authorize your calls to the Customer Chat API. To create a customer, send a request described in Creating a new customer.

The access token of my customer has expired. Do I need to create a new customer?

You don't have to create a new customer. You can request a new access token for the customer of a specific entity_id. entity_id is returned in the response when creating a customer. To get a new access token for your customer, send the following request:

curl '' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <ACCESS_TOKEN>' \
-d '{
  "client_id": "<CLIENT_ID_OF_YOUR_APP>",
  "response_type": "token",
  "entity_id": "<ENTITY_ID_OF_YOUR_CUSTOMER>"

It's the same request as the one to create a new customer. The only difference it that it has an additional parameter, entity_id.

HelpDesk authorization

How does HelpDesk authorization look?

The authentication and authorization system for HelpDesk API is shared with LiveChat. To get more details about it, take a look at:


I get the "Invalid access token" error.
  1. Perhaps, you're trying to authorize your call to the Customer Chat API with an access token valid for the Agent Chat API & Configuration API, or the other way round.

  2. Check if you copy-pasted the token correctly.

  3. Check if your access token contains %3A. If it does, change it to : (a colon).

  4. If you still can't solve the problem, try acquiring a new token. You can follow along our guide, which explains how to make a call to the Agent Chat API and presents the token acquisition in detail.

  5. To check if your token is valid, complete, and has all necessary scopes, you can use our Token Debugger. You can't use this tool to check an access token of a customer.

I get the "Invalid message" error.
  1. Make sure the body of your request is in the JSON format.
  2. Make sure you've got all the commas, quotation marks, and brackets correct.
  3. Compare the payload of your request with the corresponding sample request in the documentation.
I get the "The client is not authorized to request a token using this method" error.

You may get this error when trying to exchange an expired code for token in the OAuth flow. It's because code is only valid for a few minutes after the creation. What's more, it can be exchanged for an access or refresh token only once.

I get the "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed." error.
  1. Make sure the response_type value matches the client type of your application. It should be code for server-side apps and token for web apps.
  2. Ensure the client_id param matches the Client ID of your app. You can find it in the Developer Console.
  3. Make sure redirect_uri matches the URI you defined in the Developer Console, including the slash at the end if you used it.

Here is a sample URL for the web client type:


Here is a sample URL for the server-side client type:


Contact us

If this FAQ doesn't answer your question, reach us at


Join the community
Get in direct contact with us through Discord.
Follow us
Follow our insightful tweets and interact with our content.
See something that's wrong or unclear? Submit a pull request.
Contact us
Want to share feedback? Reach us at: