Getting a LinkedIn API access token allows you to access LinkedIn’s APIs and build applications that leverage LinkedIn’s data. Here is a step-by-step guide on how to get a LinkedIn API access token:
Prerequisites
Before you can get a LinkedIn API access token, you need:
- A LinkedIn user account
- A LinkedIn app that you’ve created from the LinkedIn Developer Portal
If you don’t already have a LinkedIn user account, head over to LinkedIn.com and sign up for a new account. It’s free to sign up.
Once you have a LinkedIn account, you’ll need to create a LinkedIn app. This can be done from the LinkedIn Developer Portal. Click on “Create Application” and follow the prompts to create a new LinkedIn app. Make sure to specify the appropriate app permissions that your app will need.
Step 1: Get Your LinkedIn App Credentials
Once your LinkedIn app is created, you’ll need to grab your LinkedIn app’s credentials to use when getting your access token. These include:
- Client ID – The unique ID LinkedIn assigns to your app
- Client Secret – A secret key used to authenticate your app when getting the access token
You can find these under the “Auth” section for your app in the LinkedIn Developer Portal. Make sure to copy these somewhere safe as you’ll need them in the next step.
Step 2: Generate the Access Token
To generate the actual access token, you’ll need to make an authenticated API call to LinkedIn with your app credentials. This is typically done via HTTP POST to:
https://www.linkedin.com/oauth/v2/accessToken
The POST data should include the following parameters:
- grant_type – Set to “client_credentials”
- client_id – Your app’s client ID
- client_secret – Your app’s client secret
Here is an example cURL command to generate the access token (replace client values with your own):
curl --request POST \ --url https://www.linkedin.com/oauth/v2/accessToken \ --header 'content-type: application/x-www-form-urlencoded' \ --data 'grant_type=client_credentials&client_id=12345&client_secret=abcdef'
The above cURL command will return a JSON response containing your access token:
{ "access_token": "ABCD123...", "expires_in": 5184000 }
The access_token value is your API access token. Copy this value somewhere safe, as you’ll need it to authenticate when making API calls.
Step 3: Use the Access Token
Once you have your LinkedIn API access token, you can start using it to make API calls!
The access token should be included in an Authorization header with each API request:
Authorization: Bearer ABCD123...
For example, here is how to use the access token to call the LinkedIn API to retrieve profile data:
curl --request GET \ --url https://api.linkedin.com/v2/me \ --header 'Authorization: Bearer ABCD123...'
The access token is valid for a certain duration (as specified by the expires_in field). Once it expires, you will need to generate a fresh access token.
Conclusion
Getting a LinkedIn API access token requires first creating a LinkedIn developer app and then making an authenticated API call with your app credentials to generate the token. The access token can then be used to make API calls by passing it in the request headers.
With a LinkedIn access token, you can leverage the capabilities of LinkedIn’s APIs within your own applications!
Frequently Asked Questions
What permissions should my LinkedIn app request?
When creating your LinkedIn app, you should carefully select the permissions based on what data your app needs to access. For read-only access to basic profile data, r_liteprofile permission is sufficient. For write access or access to more sensitive data, additional permissions need to be requested.
How long do LinkedIn access tokens last?
LinkedIn access tokens acquired using the client credentials grant type are typically valid for 1-2 months. The exact expiry time is provided in the expires_in field when generating the token.
Can I refresh an expired LinkedIn access token?
Yes, you can generate a new access token even if the old one has expired, using the same client credentials grant process. There is no dedicated token refresh endpoint on LinkedIn.
Is there a limit to the number of access tokens I can create?
There is no hard limit enforced by LinkedIn on the number of access tokens that can be generated. However, generating large numbers of unnecessary tokens is discouraged.
Can I revoke a LinkedIn access token if compromised?
Unfortunately LinkedIn does not provide a way to explicitly revoke an access token. The tokens will automatically expire based on the expiry duration set when generated.
Sample LinkedIn API Requests
Here are some sample API requests using a LinkedIn access token:
Get current member’s profile
GET https://api.linkedin.com/v2/me Authorization: Bearer {access-token}
Search for other members
GET https://api.linkedin.com/v2/search?q=software&count=10 Authorization: Bearer {access-token}
Share a new post
POST https://api.linkedin.com/v2/shares Authorization: Bearer {access-token} { "comment": "Check out this cool article!", "content": { "submitted-url": "https://example.com/article", "title": "A Cool Article" }, "visibility": { "com.linkedin.ugc.MemberNetworkVisibility": "PUBLIC" } }
Refer to the LinkedIn API documentation for more examples.
Troubleshooting
Invalid client credentials error
This error occurs when the client ID or client secret passed when generating the access token is incorrect. Double check that you are using the right credentials for your LinkedIn app.
Permission denied error
This suggests your LinkedIn app lacks the permissions to access the requested data. Verify the permissions enabled for your LinkedIn app match what the API call is attempting to access.
Access token invalid or expired
The access token has either expired or is invalid. Generate a fresh access token and try the API call again.
Alternative Methods of Authentication
Besides the client credentials grant flow, LinkedIn also supports some other methods of authentication:
Authorization Code Grant
This allows acquiring an access token on behalf of a LinkedIn member after they authenticate and authorize access to their account. Useful for building apps that connect to a member’s LinkedIn account.
Implicit Grant
Similar to authorization code grant, but the access token is returned immediately without exchanging an authorization code. Can be simpler but less secure.
User Password Credentials
Exchanges a LinkedIn member’s username and password directly for an access token. Not recommended as it requires handling user credentials.
For more details on these alternative authentication methods, refer to the LinkedIn authentication documentation.
Wrapping Up
Here are some key points to recap on getting a LinkedIn API access token:
- Register a LinkedIn developer app and grab the credentials
- Make an authenticated API call with credentials using client credentials grant
- Access token is returned – save this for making API calls
- Pass access token in the Authorization header when making API requests
- Handle expiry and regenerate tokens when necessary
With this, you should have a good understanding of acquiring a LinkedIn API access token and leveraging it to access LinkedIn data in your own applications!