Effective 30th Sep 2025, oAuth1 AppKeys will reach the end of its engineering and technical support lifecycle and become read only within the oAuth1 API Key Management UI. This means that we will no longer be providing ongoing assistance, updates, or maintenance for the product. While we cannot offer extensive engineering and technical support moving forward, we still want to ensure that our brands have access to troubleshooting assistance when needed. LivePerson will welcome any support cases related to oAuth1 AppKey usage until May 31st 2026 when the protocol for oAuth1 is EOL.
For bots login credentials, please follow the Bot Applications with oAuth2 client_credentials guide Many brands have already switched over but for those who have not, we strongly recommend that brands transition to the new Messaging Platform SDK.
Create an OAuth 1.0 API key
API keys are security tokens that you use to access Conversational Cloud services. The API key gets installed automatically and assumes the security settings granted to the associated user in Conversational Cloud.
You use the API key when you access LivePerson APIs programmatically. You can create up to 100 keys per account. The API key is issued on behalf of the site and not for the user (server to server) which means you don't need a bearer (no need to be logged in) when using an API key.
-
Log into Conversational Cloud with Administrator or Campaign Manager permissions and along the top open the Campaign Builder area.
-
In the footnote click Data Sources.
-
Open the API tab and click Add new.
Alternatively, you can click on an existing key to edit its privileges rather than create a new one.
-
Provide the name of the application and the developer name. Optionally you can provide a description of the app by clicking the Add description link below the Application name field.
-
Select the relevant category for your API, check the relevant checkbox for selecting API permissions and then click Save.
-
Once the API key has been successfully created, the authentication details display for four AUTH request values, which you use in the request body of this API:
-
App key
-
Secret
-
Access token
-
Access token secret
-
-
If the window does not close automatically, click the X in the top right to close the window.
To delete an API key please contact your LivePerson account representative.
-
Using the authentication details, generate an OAuth header according to the OAuth Specification Section 9.
The API key best practices correspond to general oAuth1 best practices. For example, usually, the API key is generated per application/implementation, to make sure that environments have their own unique key.
Example:
Header Name | Authorization |
---|---|
Header Value | OAuth oauth_signature="JA0PvBbTAxmtLmzIWINpSVLshrY%3D", oauth_version="1.0", oauth_nonce="c1c04ec4-3125-44cf-9c39-cccb9343541b", oauth_consumer_key="d392e7ff2e204d6c802e38fd775563d1", oauth_signature_method="HMAC-SHA1", oauth_token="61adad31204a4e6fab68d560f1ffb594", oauth_timestamp="1261039670" Note: The authorization should be contained on a single line. New lines have been inserted for clarity. |