Effective 30th Sep 2025, oAuth1 login for bots will reach the end of its engineering and technical support lifecycle. This means that we will no longer be providing ongoing assistance, updates, or maintenance for the product. While we cannot offer extensive engineering and technical support moving forward, we still want to ensure that our brands have access to troubleshooting assistance when needed. LivePerson will welcome any support cases related to oAuth1 login until April 30th 2026 when the login service for oAuth1 is EOL.
For bots login credentials, please follow the Bot Applications with oAuth2 client_credentials guide Many brands have already switched over but for those who have not, we strongly recommend that brands transition to the new Messaging Platform SDK.
Request
| Method | URL |
|---|---|
| POST | https://{domain}/api/account/{accountId}/login?v=1.3 |
Query parameters
| Parameter | Description | Type | Required | Notes |
|---|---|---|---|---|
| v | API version number | Number | Required | Default Value: 1.3 |
Headers
| Header | Description |
|---|---|
| Content-Type | Application/JSON |
| Accept | Application/JSON |
Body
Example:
{: .attn-note} accessToken & accessTokenSecret are deprecated values. Below are placeholder values to login a bot user with oAuth2 client_credentials without requiring a change to the API integration.
{
"username": "name",
"appKey": "oauth2_client_id",
"secret": "oauth2_client_secret",
"accessToken": "dummy",
"accessTokenSecret": "dummy"
}
Response
Response codes
| Code | Response |
|---|---|
| 200 | OK — Successfully logged in |
| 400 | Bad request — Problem with body or query parameters |
| 401 | Unauthorized — Bad Authentication (invalid site, agent, or credentials) |
| 429 | Too Many Requests — User attempted too many logins; retry after 5 seconds |
| 500 | Internal server error |
Response cookies
| Cookie | Description |
|---|---|
| Session_id | Login session ID (should be passed to the refresh and logout methods) |
The Bearer can be found at the bottom of the response.
Example:
{
"csrf": "d5d07326cfe2240b9453e19e8092c59844921dcdc6ebb105c55fea9ed45c9d77",
"wsuk": "766900772095619056",
"config": {
"loginName": "name",
"userId": "3705342610",
"userPrivileges": [
100,
101,
1730,
1731,
1732,
1733,
1734,
1735
],
"serverCurrentTime": 1474549184722,
"timeDiff": -25200000,
"serverTimeZoneName": "Europe/Athens",
"serverTimeGMTDiff": 10800000,
"isLPA": false,
"isAdmin": true,
"accountTimeZoneId": "Europe/Athens"
},
"csdsCollectionResponse": {
"baseURIs": [
{
"account": "123456",
"baseURI": "domain.domain.net",
"service": "smt"
},
{
"account": "123456",
"baseURI": "domain.domain.net",
"service": "agentVep"
}
]
},
"accountData": {
"agentGroupsData": {
"items": [
{
"id": -1,
"deleted": false,
"name": "Main Group"
}
],
"revision": 1
}
},
"sessionTTl": "28800000",
"bearer": "9cf6ee24b6a1031e202f292a0ad20c8f52bfd9f01abc8b9489365995052c6603"
}
The response contains csrf (should be saved and used in refresh and logout), bearer, wsuk, siteConfig, csdsCollectionResponse, accountData and sessionTTl.
Retries
See the retry policy for guidelines. Login requests should not be sent more than once every 5 seconds for any given user. Excessive requests will receive a "429 Too Many Requests" response. This response may include a "Retry-After" header whose value specifies the number of milliseconds to wait before the next login request should be attempted.