How to Get a LinkedIn API Access Token

In this tutorial, I will show you how to get a LinkedIn API access token with a real example. LinkedIn’s own Authenticating with OAuth2 contains an overview of how to get authenticated. For anyone who may be a bit confused on how to execute the GET and POST requests required, I have included concrete examples and screenshots of how to do this to help.

Before going into authentication, make sure that you have the right permissions for the kind of LinkedIn API endpoints you hope to call. For example, if you plan on managing a company page, you will need to have admin access to the page. Browse through the header tabs on to see what you will need for your application.

LinkedIn Application Creation

To start creating your app, go to My Apps, and click on Create Application.

New LinkedIn Application Creation

Once you have filled out the form for your application, you will be redirected to a page with your authentication keys. Enter a valid web address as an authorized redirect URL so that you can receive the authorization code that can be later exchanged for an access token. Note that localhost addresses will not work with OAuth 2.0.

An example of a valid callback url

With everything complete, your screen should look something like this. I have all the default application permissions currently checked, but you should check them according to your specific use case.

Application Landing Page

Getting a LinkedIn Authorization Code

With your callback URL set, you are now ready to retrieve your LinkedIn authorization code. Retrieving the authorization code requires performing a GET request to with the following parameters:

  • response_type: this should always be code
  • client_id: this is the first code that appears under Authentication Keys
  • redirect_uri: this should be one of the Authorized Redirect URLs you specified earlier
  • state: this is a unique string of your choice designed to protect against CSRF attacks

Given my information with this test application, my parameters look like the following:

response_type: code,
client_id: 78aslxtx2qqi8r,
state: aRandomString

Using the information from my parameter values, I have the following url:

Executing the GET request is as simple as pasting that link into your browser of choice and pressing Enter.

Authorization Payload

You should now see a screen prompting you to login to your LinkedIn account.

Application Login Authentication
Application Authorization Confirmation

Once you press allow, you will be taken to the website you specified as your callback. Copy the link that you see at the top- it should be your callback URL with a code tacked to the end of it.

Redirect URL after Allowing Application Access

This is the full link I got after being redirected:

You see the authorization code has been generated and that the state string I previously specified is also at the end of the query. Copy the code in the URL.

Getting a LinkedIn Access Token

Now that you have an authorization token, you will need to make a POST request in order to exchange it for an access token. I will be using Postman to create the POST request, and you can use any other client or library as you see fit. Postman’s free tier covers a lot and will easily allow us to make the POST request to retrieve the access token. If you decide to use Postman and have never used it before, you can get the application on Postman’s official website or download the Chrome extension here. You can also access my Postman requests in the shared folder I created as part of this tutorial.

You will need the following information to get your access token:

  • grant_type: this will always be authorization_code
  • code: this should be the code you got in the redirect url from the previous step
  • redirect_uri: this is the same as what you specified earlier
  • client_id and client_secret: both fields that are under Authorization Keys (see the screenshot at the top of the article: Application Landing Page)

If using Postman, make sure the request type is changed to POST, and click the Params button on the right to input the parameters defined above. In the POST field, enter as the POST URL. Note that as you specify parameters, Postman will automatically concatenate those values to the end of the URL.

In your POST header, make sure that Content-Type is application/x-www-form-urlencoded. Your Postman request should look something like this:

Assuming everything went well, you will now see your access token displayed in the response! By default, your access token will be good for 60 days.

Successful LinkedIn Access Token Retrieval

If you encounter an error stating that it was an invalid request because it was unable to retrieve your access token, it is most likely because the token has expired. Go back to the GET request, login to your LinkedIn account, get a new code in your redirected URL, and copy the new one in your POST request.

Make Sure Your Access Token Really Works

To confirm the validity of your access token, send the following GET request to

Access Token Successfully Working

In the GET request, leave the parameters blank, and fill in the following details in the header:

  • Authorization: Bearer [access token]

Make sure there is a space between “Bearer” and your access token. When you submit the request, you should see your first name returned to you in the response.

That’s it!

Congratulations on setting up your LinkedIn application and access token, and I hope you found the article helpful with getting you ready to use the LinkedIn API. Happy coding!