For fast & easy authorization, we recommend Personal Access Tokens (PATs). They're a way to go if you want to authorize private apps or speed up the development process.
Log in to Developer Console with your LiveChat login and password. Go to Tools > Personal Access Tokens and click Create new token +, or use an existing token if you have one.
- Remember, PATs use the Basic authentication scheme. Make sure you're not using something else, for example Bearer.
- Ensure you're not using a PAT to authorize a call to the Customer Chat API. If that's what you want to achieve, see How can I make calls to the Customer Chat API?
- Check if your PAT is valid, complete, and has all necessary scopes. You can use our Token Debugger.
You need to create a customer. Then, you'll use the access token of this customer to authorize your calls to the Customer Chat API. To create a customer, send a request described in Creating a new customer.
You don't have to create a new customer. You can request a new access token for the customer of a specific
entity_id is returned in the response when creating a customer.
To get a new access token for your customer, send the following request:
curl 'https://accounts.livechat.com/customer/' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <ACCESS_TOKEN>' \
-X POST \
It's the same request as the one to create a new customer. The only difference it that it has an additional parameter,
The authentication and authorization system for HelpDesk API is shared with LiveChat. To get more details about it, take a look at:
Perhaps, you're trying to authorize your call to the Customer Chat API with an access token valid for the Agent Chat API & Configuration API, or the other way round.
Check if you copy-pasted the token correctly.
Check if your access token contains
%3A. If it does, change it to
If you still can't solve the problem, try acquiring a new token. You can follow along our guide, which explains how to make a call to the Agent Chat API and presents the token acquisition in detail.
- Make sure the body of your request is in the JSON format.
- Make sure you've got all the commas, quotation marks, and brackets correct.
- Compare the payload of your request with the corresponding sample request in the documentation.
You may get this error when trying to exchange an expired
token in the OAuth flow. It's because
code is only valid for a few minutes after the creation. What's more, it can be exchanged for an access or refresh token only once.
I get the "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed." error.
- Make sure the
response_typevalue matches the client type of your application. It should be
codefor server-side apps and
tokenfor web apps.
- Ensure the
client_idparam matches the Client ID of your app. You can find it in the Developer Console.
- Make sure
redirect_urimatches the URI you defined in the Developer Console, including the slash at the end if you used it.
Here is a sample URL for the web client type:
CLIENT TYPE URL EXAMPLE
Here is a sample URL for the server-side client type:
SERVER-SIDE CLIENT TYPE URL EXAMPLE
If this FAQ doesn't answer your question, reach us at email@example.com.