How to Get a LinkedIn API Access Token
In this tutorial, I will show you how to get a LinkedIn API access token with a real example. LinkedIn’s own Authenticating with OAuth2 contains an overview of how to get authenticated. For anyone who may be a bit confused on how to execute the GET and POST requests required, I have included concrete examples and screenshots of how to do this to help.
Before going into authentication, make sure that you have the right permissions for the kind of LinkedIn API endpoints you hope to call. For example, if you plan on managing a company page, you will need to have admin access to the page. Browse through the header tabs on https://developer.linkedin.com to see what you will need for your application.
LinkedIn Application Creation
To start creating your app, go to My Apps, and click on Create Application.
Once you have filled out the form for your application, you will be redirected to a page with your authentication keys. Enter a valid web address as an authorized redirect URL so that you can receive the authorization code that can be later exchanged for an access token. Note that localhost addresses will not work with OAuth 2.0.
With everything complete, your screen should look something like this. I have all the default application permissions currently checked, but you should check them according to your specific use case.
Getting a LinkedIn Authorization Code
With your callback URL set, you are now ready to retrieve your LinkedIn authorization code. Retrieving the authorization code requires performing a GET request to
https://www.linkedin.com/oauth/v2/authorization with the following parameters:
response_type: this should always be
client_id: this is the first code that appears under Authentication Keys
redirect_uri: this should be one of the Authorized Redirect URLs you specified earlier
state: this is a unique string of your choice designed to protect against CSRF attacks
Given my information with this test application, my parameters look like the following:
Using the information from my parameter values, I have the following url:
Executing the GET request is as simple as pasting that link into your browser of choice and pressing Enter.
You should now see a screen prompting you to login to your LinkedIn account.
Once you press allow, you will be taken to the website you specified as your callback. Copy the link that you see at the top- it should be your callback URL with a code tacked to the end of it.
This is the full link I got after being redirected:
You see the authorization code has been generated and that the state string I previously specified is also at the end of the query. Copy the code in the URL.
Getting a LinkedIn Access Token
Now that you have an authorization token, you will need to make a POST request in order to exchange it for an access token. I will be using Postman to create the POST request, and you can use any other client or library as you see fit. Postman’s free tier covers a lot and will easily allow us to make the POST request to retrieve the access token. If you decide to use Postman and have never used it before, you can get the application on Postman’s official website or download the Chrome extension here. You can also access my Postman requests in the shared folder I created as part of this tutorial.
You will need the following information to get your access token:
grant_type: this will always be
code: this should be the code you got in the redirect url from the previous step
redirect_uri: this is the same as what you specified earlier
client_secret: both fields that are under Authorization Keys (see the screenshot at the top of the article: Application Landing Page)
If using Postman, make sure the request type is changed to POST, and click the Params button on the right to input the parameters defined above. In the POST field, enter
https://www.linkedin.com/oauth/v2/accessToken as the POST URL. Note that as you specify parameters, Postman will automatically concatenate those values to the end of the URL.
In your POST header, make sure that
application/x-www-form-urlencoded. Your Postman request should look something like this:
Assuming everything went well, you will now see your access token displayed in the response! By default, your access token will be good for 60 days.
If you encounter an error stating that it was an invalid request because it was unable to retrieve your access token, it is most likely because the token has expired. Go back to the GET request, login to your LinkedIn account, get a new code in your redirected URL, and copy the new one in your POST request.
Make Sure Your Access Token Really Works
To confirm the validity of your access token, send the following GET request to
In the GET request, leave the parameters blank, and fill in the following details in the header:
Bearer [access token]
Make sure there is a space between “Bearer” and your access token. When you submit the request, you should see your first name returned to you in the response.
Congratulations on setting up your LinkedIn application and access token, and I hope you found the article helpful with getting you ready to use the LinkedIn API. Happy coding!