How to Get a LinkedIn API Access Token

Esther Liao
Jul 26, 2018 · 6 min read

Updated July 2019 to reflect new LinkedIn changes

Are you trying to create a LinkedIn application? In this article, I will show you how to get a LinkedIn API access token with OAuth2. LinkedIn’s own Authenticating with OAuth2 contains an overview of how to get authenticated. Here, I walkthrough the process of getting the access token in detail. For anyone who may be a bit confused on how to execute the GET and POST requests required, I have concrete examples and screenshots of how to do so.

Before going into authentication, make sure that you have the right permissions for the kind of LinkedIn API endpoints you hope to call. For example, if you plan on managing a company page, you will need to have admin access to the page. Browse through the header tabs on LinkedIn’s developer page to see what you will need for your application.

LinkedIn Application Creation

To start creating your app, go to My Apps, and click on Create Application.

New LinkedIn Application Creation

Once you enter relevant details about your application, you will be redirected to a page with your authentication keys. For this example, I only added the Share on LinkedIn and Sign In with LinkedIn products since this is only an example. You may also need to complete company verification if you haven’t done so already.

Authorizing Permissions

It is important to understand which kind of permission you need for your application. According to LinkedIn’s permissions page, there are two kinds:

  • Member Authorization: Your application works with member account data to make requests on their behalf.
  • Application Authorization: Your application accesses LinkedIn APIs that are not member specific.

OAuth 2.0

Enter a valid web address as an authorized redirect URL so that you can receive the authorization code that can be later exchanged for an access token. Note that localhost addresses will not work with OAuth 2.0.

An example of a valid callback url

With everything complete, your screen should look something like this. I have all the default application permissions currently checked, but you should check them according to your specific use case.

Application Landing Page

Updated July 2019: If you are creating an application with Application Authorization permissions, your redirect URL will need to take on the form: https://example.com/auth/callback. For more details on valid callback URL’s, take a look at LinkedIn’s Client Credential Flow page.

Getting a LinkedIn Authorization Code (Member Authorization)

With your redirect URL set, you are now ready to retrieve your LinkedIn authorization code. If you are creating a non-member application authorization, skip this setp. Otherwise, you will need to perform a GET request to https://www.linkedin.com/oauth/v2/authorization with the following parameters:

  • response_type: this should always be code
  • client_id: this is the first code that appears under Authentication Keys
  • redirect_uri: this should be one of the Authorized Redirect URLs you specified earlier
  • state: this is a unique string of your choice designed to protect against CSRF attacks

Given my information with this test application, my parameters look like the following:

response_type: code,
client_id: 78aslxtx2qqi8r,
redirect_uri: https://www.thewirelesspost.com,
state: aRandomString

Using the information from my parameter values, I have the following url:

https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=78aslxtx2qqi8r&redirect_uri=https://www.thewirelesspost.com&state=aRandomString

Executing the GET request is as simple as pasting that link into your browser of choice and pressing Enter.

Authorization Payload

You should now see a screen prompting you to login to your LinkedIn account.

Application Login Authentication
Application Authorization Confirmation

Once you press allow, you will be taken to the website you specified as your callback. Copy the link that you see at the top- it should be your callback URL with a code tacked to the end of it.

Redirect URL after Allowing Application Access

This is the full link I got after being redirected: https://www.thewirelesspost.com/?code=AQTSY5hPC1vNVCxujHXBxS2fcA9eZ_4QmDHiTPaIPgKzJEIXRm3soZRZEHyhH21nIwQyn-VuX3mci47V5ctMsgMSBhL860bvyrg6_nJkI5pRu418Hg8MzLbjjjrkh-dyzaLf0VIlmi2NVPgdHqq17S4Q_XpYYaFjtqlu5DF8&state=aRandomString

You see the authorization code has been generated and that the state string I previously specified is also at the end of the query. Copy the code in the URL.

Getting a LinkedIn Access Token

Now that you have an authorization token, you will need to make a POST request in order to exchange it for an access token. I will be using Postman to create the POST request, and you can use any other client or library as you see fit. Postman’s free tier covers a lot and will easily allow us to make the POST request to retrieve the access token. If you decide to use Postman and have never used it before, you can get the application on Postman’s official website or download the Chrome extension here. You can also access my Postman requests in the shared folder I created as part of this tutorial.

You will need the following information to get your access token:

  • grant_type: this will always be authorization_code
  • code: this should be the code you got in the redirect url from the previous step
  • redirect_uri: this is the same as what you specified earlier
  • client_id and client_secret: both fields that are under Authorization Keys (see the screenshot at the top of the article: Application Landing Page)

If using Postman, make sure the request type is changed to POST, and click the Params button on the right to input the parameters defined above. In the POST field, enter https://www.linkedin.com/oauth/v2/accessToken as the POST URL. Note that as you specify parameters, Postman will automatically concatenate those values to the end of the URL.

In your POST header, make sure that Content-Type is application/x-www-form-urlencoded. Your Postman request should look something like this:

Assuming everything went well, you will now see your access token displayed in the response! By default, your access token will be good for 60 days.

Successful LinkedIn Access Token Retrieval

If you encounter an error stating that it was an invalid request because it was unable to retrieve your access token, it is most likely because the token has expired. Go back to the GET request, login to your LinkedIn account, get a new code in your redirected URL, and copy the new one in your POST request.

Make Sure Your Access Token Really Works

To confirm the validity of your access token, send the following GET request to https://api.linkedin.com/v1/people/~:(first-name)

Access Token Successfully Working

In the GET request, leave the parameters blank, and fill in the following details in the header:

  • Authorization: Bearer [access token]

Make sure there is a space between “Bearer” and your access token. When you submit the request, you should see your first name returned to you in the response.

That’s it!

Congratulations on setting up your LinkedIn application and access token, and I hope you found the article helpful with getting you ready to use the LinkedIn API. Happy coding!

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store