Authentication

Authenticating with OAuth 2 Bearer tokens

All requests are authenticated with OAuth 2 Bearer authentication provided through the Authorization HTTP header. The value of the header must include an Access TokenAccess Token - Token that grants access to the LiveLike REST API. Access tokens can have two levels: Profile and Admin. Profile access tokens (obtained via the SDK/APIs) allow you to store and access data for specific users, but have restricted functionality. Admin access tokens (obtained via the Producer Site) have no restrictions and allow you full access to the LiveLike REST APIs..

Authorization: Bearer your-access-token

Access Tokens can be obtained by creating a Profile through the API or SDKs, or from inside the Producer Suite.

Profile Access Token

Access Tokens that are obtained by creating a profile are also called Profile Access Tokens, and are scoped to that profile. They are used to do things like interact with widgets and participate in chat.

📘

Use Profile Access Tokens when interacting with widgets and chat on behalf of a particular end user in your application.

Admin Access Token

Access Tokens that are obtained from inside the Producer Site are also called Admin Access Tokens, and have a broader scope and permission set than Profile Access Tokens. These access tokens can be used to create and publish new widgets and perform moderation duties.

📘

Use Admin Access Tokens in management and integration scenarios that are not related to any particular end user in your app, or when special privileges are required.

❗️

Keep Admin Access Tokens secret!

Be cautious with Admin Access Tokens, they are quite permissive and are generally not necessary for client-side integrations.

Personal API Token

Personal API Tokens allow you to perform site-wide and organization-wide administrative tasks such as creating and managing applications. A Personal API Token can be obtained from the My Account page in the LiveLike Producer CMS.

Authorization: Token your-personal-api-token

❗️

Keep Personal API Tokens secret!

Be cautious with Personal API Tokens, they are quite permissive and are generally not necessary for client-side integrations.