Effective 30th Sep 2025, oAuth1 login for bots will reach the end of its engineering and technical support lifecycle. This means that we will no longer be providing ongoing assistance, updates, or maintenance for the product. While we cannot offer extensive engineering and technical support moving forward, we still want to ensure that our brands have access to troubleshooting assistance when needed. LivePerson will welcome any support cases related to oAuth1 login until April 30th 2026 when the login service for oAuth1 is EOL.

For bots login credentials, please follow the Bot Applications with oAuth2 client_credentials guide Many brands have already switched over but for those who have not, we strongly recommend that brands transition to the new Messaging Platform SDK.

Request

Method URL
POST https://{domain}/api/account/{accountId}/login?v=1.3

Query parameters

Parameter Description Type Required Notes
v API version number Number Required Default Value: 1.3

Headers

Header Description
Content-Type Application/JSON
Accept Application/JSON

Body

Example:

{: .attn-note} accessToken & accessTokenSecret are deprecated values. Below are placeholder values to login a bot user with oAuth2 client_credentials without requiring a change to the API integration.

{
   "username": "name",
   "appKey": "oauth2_client_id",
   "secret": "oauth2_client_secret",
   "accessToken": "dummy",
   "accessTokenSecret": "dummy"
}

Response

Response codes

Code Response
200 OK — Successfully logged in
400 Bad request — Problem with body or query parameters
401 Unauthorized — Bad Authentication (invalid site, agent, or credentials)
429 Too Many Requests — User attempted too many logins; retry after 5 seconds
500 Internal server error

Response cookies

Cookie Description
Session_id Login session ID (should be passed to the refresh and logout methods)

The Bearer can be found at the bottom of the response.

Example:

{
  "csrf": "d5d07326cfe2240b9453e19e8092c59844921dcdc6ebb105c55fea9ed45c9d77",
  "wsuk": "766900772095619056",
  "config": {
    "loginName": "name",
    "userId": "3705342610",
    "userPrivileges": [
      100,
      101,
      1730,
      1731,
      1732,
      1733,
      1734,
      1735
    ],
    "serverCurrentTime": 1474549184722,
    "timeDiff": -25200000,
    "serverTimeZoneName": "Europe/Athens",
    "serverTimeGMTDiff": 10800000,
    "isLPA": false,
    "isAdmin": true,
    "accountTimeZoneId": "Europe/Athens"
  },
  "csdsCollectionResponse": {
    "baseURIs": [
      {
        "account": "123456",
        "baseURI": "domain.domain.net",
        "service": "smt"
      },
      {
        "account": "123456",
        "baseURI": "domain.domain.net",
        "service": "agentVep"
      }
    ]
  },
  "accountData": {
    "agentGroupsData": {
      "items": [
        {
          "id": -1,
          "deleted": false,
          "name": "Main Group"
        }
      ],
      "revision": 1
    }
  },
  "sessionTTl": "28800000",
  "bearer": "9cf6ee24b6a1031e202f292a0ad20c8f52bfd9f01abc8b9489365995052c6603"
}

The response contains csrf (should be saved and used in refresh and logout), bearer, wsuk, siteConfig, csdsCollectionResponse, accountData and sessionTTl.

Retries

See the retry policy for guidelines. Login requests should not be sent more than once every 5 seconds for any given user. Excessive requests will receive a "429 Too Many Requests" response. This response may include a "Retry-After" header whose value specifies the number of milliseconds to wait before the next login request should be attempted.