Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

abgne/messaging-api

Name: messaging-api
Author: abgne

skills/messaging-api/SKILL.md

npx skillsauth add abgne/line-dev messaging-api

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

LINE Messaging API

Do not answer LINE API questions from memory — LINE updates APIs frequently and training data is unreliable. Always consult the references below.

Reference for building, reviewing, and debugging LINE Bots and LINE Messaging API integrations.

Workflow

Build

Read references/api-common.md (rate limits, forward compatibility, error handling)
Load the relevant reference for the feature being implemented
For architecture or design choices, consult references/experts.md for directional guidance
Write code following specs and constraints from references

Review / Debug

Read references/api-common.md (rate limits, error codes)
Load relevant references for the code being reviewed
Cross-check code against specs (size limits, token expiry, counting rules, required fields)
For design pattern concerns, consult references/experts.md
Report violations with reference to specific constraints

Environment Variables

LINE_CHANNEL_ACCESS_TOKEN=Bot access token
LINE_CHANNEL_SECRET=Channel secret (webhook signature verification)

Common Specifications

Read references/api-common.md before writing any LINE bot code. Contains rules that affect all API interactions: forward compatibility (don't use strict schemas — LINE adds fields without notice), rate limits, error handling, retry policy, and logging recommendations.

Webhook

Verification: x-line-signature header (HMAC-SHA256, base64, key = Channel Secret)
Body: {"destination": "U...", "events": [...]}
Bot server must return 200

Signature Verification (pseudocode)

channel_secret = ENV['LINE_CHANNEL_SECRET']
signature = request.headers['x-line-signature']
body = request.body   # raw bytes, do NOT parse/reformat before verification

digest = HMAC_SHA256(key = channel_secret, message = body)
expected = Base64.encode(digest)

if signature != expected:
    return 403  # reject — not from LINE

events = JSON.parse(body)['events']
for event in events:
    handle(event)
return 200

Never deserialize or re-format the body before verification
Use UTF-8 encoding exclusively
Official SDKs handle this automatically — use them when possible

Full event types, properties, and webhook settings → references/webhook-events.md

Message Sending

All require Authorization: Bearer {channel access token}:

| Mode | Endpoint | Purpose | |------|----------|---------| | Reply | POST /v2/bot/message/reply | Reply to user (requires one-time replyToken) | | Push | POST /v2/bot/message/push | Send to a specific user/group at any time | | Multicast | POST /v2/bot/message/multicast | Send to multiple users (max 500) | | Broadcast | POST /v2/bot/message/broadcast | Send to all friends |

Max 5 messages per request
Domain: api.line.me (general) / api-data.line.me (content upload)

Message objects → references/message-objects.md Full sending API (Narrowcast, statistics, validation, etc.) → references/message-sending.md

Flex Message

Three-layer structure:

Container (Bubble / Carousel)
  └── Block (Header / Hero / Body / Footer)
       └── Component (Box / Button / Image / Video / Icon / Text / Span / Separator)

Minimal Flex Message:

{
  "type": "flex", "altText": "Notification",
  "contents": {
    "type": "bubble",
    "body": {
      "type": "box", "layout": "vertical",
      "contents": [{"type": "text", "text": "Hello Flex!", "weight": "bold"}]
    }
  }
}

Full component specs, layout, video → references/flex-message.md Official Flex Message Simulator examples → assets/examples/

Reference Index

| File | Topic | |------|-------| | references/api-common.md | Read first. Rate limits, error handling, forward compatibility | | references/webhook-events.md | Webhook event types and JSON structure | | references/message-objects.md | Message objects, Quick Reply, sender customization | | references/action-objects.md | Action objects (postback, URI, datetimepicker, etc.) | | references/message-sending.md | Reply/Push/Multicast/Narrowcast/Broadcast, statistics | | references/flex-message.md | Flex Message components, layout, styles | | references/rich-menu.md | Rich Menu CRUD, tab switching, display priority | | references/user.md | User profile, follower IDs, account link | | references/group-chat.md | Group/Room messaging and member APIs | | references/audience.md | Audience management (create/add/get/delete) | | references/insights.md | Delivery, follower, and interaction insights | | references/channel-token.md | Channel access token lifecycle | | references/coupon.md | Coupon CRUD, reward types, sending | | references/url-schemes.md | LINE URL schemes for deep linking | | references/experts.md | Expert domain routing and 17 specialist profiles | | assets/examples/ | Flex Message JSON examples (11 showcases) |

SDK

Other languages: use LINE OpenAPI specs with OpenAPI Generator.

abgne/messaging-api

skills/messaging-api/SKILL.md

Comprehensive reference for LINE Messaging API — webhook setup, message sending, Flex Message design, Rich Menu management, audience targeting, insights, coupons, and channel access tokens. This skill should be used when the user asks to "build a LINE Bot", "set up a webhook", "send a push message", "design a Flex Message", "create a Rich Menu", "manage audience targeting", "get messaging insights", "create a coupon campaign", "debug webhook signature verification", or mentions LINE Messaging API, LINE OA chatbot, reply/push/multicast/narrowcast/broadcast, Flex Message JSON, Rich Menu, group chat bot, channel access token, or URL schemes. Always use this skill whenever the user mentions LINE bots, chatbots, LINE OA, or any messaging-related LINE integration, even if they don't explicitly say "Messaging API".

development

Updated Apr 16, 2026

$ install --global

skillsauth

npx skillsauth add abgne/line-dev messaging-api

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 16, 2026, 10:09 AM396.5s27 files scanned

SKILL.md

name:: messaging-api
description:: Comprehensive reference for LINE Messaging API — webhook setup, message sending, Flex Message design, Rich Menu management, audience targeting, insights, coupons, and channel access tokens. This skill should be used when the user asks to "build a LINE Bot", "set up a webhook", "send a push message", "design a Flex Message", "create a Rich Menu", "manage audience targeting", "get messaging insights", "create a coupon campaign", "debug webhook signature verification", or mentions LINE Messaging API, LINE OA chatbot, reply/push/multicast/narrowcast/broadcast, Flex Message JSON, Rich Menu, group chat bot, channel access token, or URL schemes. Always use this skill whenever the user mentions LINE bots, chatbots, LINE OA, or any messaging-related LINE integration, even if they don't explicitly say "Messaging API".

LINE Messaging API

Do not answer LINE API questions from memory — LINE updates APIs frequently and training data is unreliable. Always consult the references below.

Reference for building, reviewing, and debugging LINE Bots and LINE Messaging API integrations.

Workflow

Build

Read references/api-common.md (rate limits, forward compatibility, error handling)
Load the relevant reference for the feature being implemented
For architecture or design choices, consult references/experts.md for directional guidance
Write code following specs and constraints from references

Review / Debug

Read references/api-common.md (rate limits, error codes)
Load relevant references for the code being reviewed
Cross-check code against specs (size limits, token expiry, counting rules, required fields)
For design pattern concerns, consult references/experts.md
Report violations with reference to specific constraints

Environment Variables

LINE_CHANNEL_ACCESS_TOKEN=Bot access token
LINE_CHANNEL_SECRET=Channel secret (webhook signature verification)

Common Specifications

Webhook

Verification: x-line-signature header (HMAC-SHA256, base64, key = Channel Secret)
Body: {"destination": "U...", "events": [...]}
Bot server must return 200

Signature Verification (pseudocode)

channel_secret = ENV['LINE_CHANNEL_SECRET']
signature = request.headers['x-line-signature']
body = request.body   # raw bytes, do NOT parse/reformat before verification

digest = HMAC_SHA256(key = channel_secret, message = body)
expected = Base64.encode(digest)

if signature != expected:
    return 403  # reject — not from LINE

events = JSON.parse(body)['events']
for event in events:
    handle(event)
return 200

Never deserialize or re-format the body before verification
Use UTF-8 encoding exclusively
Official SDKs handle this automatically — use them when possible

Full event types, properties, and webhook settings → references/webhook-events.md

Message Sending

All require Authorization: Bearer {channel access token}:

Max 5 messages per request
Domain: api.line.me (general) / api-data.line.me (content upload)

Message objects → references/message-objects.md Full sending API (Narrowcast, statistics, validation, etc.) → references/message-sending.md

Flex Message

Three-layer structure:

Container (Bubble / Carousel)
  └── Block (Header / Hero / Body / Footer)
       └── Component (Box / Button / Image / Video / Icon / Text / Span / Separator)

Minimal Flex Message:

{
  "type": "flex", "altText": "Notification",
  "contents": {
    "type": "bubble",
    "body": {
      "type": "box", "layout": "vertical",
      "contents": [{"type": "text", "text": "Hello Flex!", "weight": "bold"}]
    }
  }
}

Full component specs, layout, video → references/flex-message.md Official Flex Message Simulator examples → assets/examples/

Reference Index

SDK

Other languages: use LINE OpenAPI specs with OpenAPI Generator.

Related Skills

abgne/line-notification-message

development

VerifiedTrustedCommunity

Reference for LINE Notification Messages — phone-number-based messaging to non-friends, template type (premade layouts) and flexible type (custom Flex Message), delivery completion webhooks, user consent flow, SMS authentication, and billing. Use when the user asks to "send a notification message via phone number", "hash a phone number for PNP", "handle delivery completion webhook", "set up template or flexible notification", "check notification message count", "integrate LON", or mentions LINE notification messages, LINE Official Notification (LON), PNP push, phone-number-based delivery, hashed phone number, notification template, delivery completion event, consent states, or SMS authentication for notifications. Always use this skill whenever the user mentions LINE notification messages, PNP, LON, LINE Official Notification, LINE 通知型訊息, or phone-based LINE messaging to non-friends, even if they don't explicitly say "notification message".

SKILL.mdUpdated Mar 26, 2026

abgne/line-notification-message

abgne/line-mini-app

development

VerifiedTrustedCommunity

Comprehensive reference for LINE MINI App — Service Messages, Common Profile Quick Fill, In-App Purchase, Console setup (3 internal channels), submission review, and performance guidelines for web apps running inside LINE as an enhanced LIFF platform. This skill should be used when the user asks to "build a LINE MINI App", "send a service message", "set up Common Profile Quick Fill", "implement in-app purchase", "configure MINI App Console", "submit MINI App for review", or mentions LINE MINI App, Service Messages, notification token, Common Profile, IAP purchase flow, 3 internal channels, consent simplification, Custom Path, custom share messages, or verified vs unverified MINI App. Always use this skill whenever the user mentions LINE MINI App, mini apps in LINE, or enhanced LIFF features like service messages or in-app purchase, even if they don't explicitly say "MINI App".

SKILL.mdUpdated Mar 26, 2026

abgne/line-login

development

VerifiedTrustedCommunity

Comprehensive reference for LINE Login (OAuth 2.1) — authorization code flow, PKCE, token management, ID token JWT verification, user profiles, bot linking, and login button design. This skill should be used when the user asks to "implement LINE Login", "add Log in with LINE", "set up OAuth authorization flow", "verify an ID token", "refresh an access token", "link a bot to login", "design a login button", or mentions LINE Login, OAuth 2.1, PKCE, authorization code flow, ID token JWT verification, token refresh/revocation, user profile retrieval, bot linking, SSO login, LIFF authentication, or LINE MINI App authentication. Always use this skill whenever the user mentions LINE authentication, social login with LINE, or OAuth flows involving LINE, even if they don't explicitly say "LINE Login".

SKILL.mdUpdated Mar 26, 2026

abgne/line-liff

tools

VerifiedTrustedCommunity

Comprehensive reference for LINE Front-end Framework (LIFF) SDK — building web apps inside LINE with authentication, messaging, QR scanning, permanent links, pluggable SDK, and LIFF plugin development. This skill should be used when the user asks to "build a LIFF app", "initialize liff.init()", "send messages from LIFF", "use Share Target Picker", "scan a QR code in LIFF", "create a permanent link", "develop a LIFF plugin", or mentions LIFF SDK, LINE Front-end Framework, CDN/npm integration, pluggable SDK tree-shaking, LIFF-to-LIFF transitions, LIFF browser vs external browser, Endpoint URL configuration, or server-side ID token verification from LIFF. Always use this skill whenever the user mentions LIFF, web apps inside LINE, or LINE Front-end Framework, even if they don't explicitly say "LIFF SDK".

SKILL.mdUpdated Mar 26, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/abgne/line-dev.git

# Copy into Claude Code skills folder (global)
cp -r line-dev/skills/messaging-api ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

abgne/line-dev

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT