LinkedIn API Getting Started: Account, Keys, First Request (2026)

Getting started overview

Access to the LinkedIn API is primarily managed through specific partnership programs and use cases, distinguishing it from many publicly available APIs. This means that direct, open access for all developers to all functionalities is not standard. Instead, developers typically need to apply for access, often aligned with specific business objectives such as recruitment solutions, marketing campaigns, or learning and development platforms, which are core products of LinkedIn. The documentation for the LinkedIn API is hosted on Microsoft Learn, reflecting LinkedIn's acquisition by Microsoft.

The general workflow for getting started with the LinkedIn API involves several key steps:

1. Application for Access: Identifying your specific use case and applying for the relevant API program. This is the critical first step as it determines what APIs you can access.
2. Account and Application Setup: Once approved, creating a developer account and registering an application within the LinkedIn Developer Portal.
3. Credential Generation: Obtaining necessary API keys and secrets (Client ID and Client Secret) for authentication.
4. Authentication Flow: Implementing an OAuth 2.0 authentication flow to authorize your application and obtain access tokens.
5. Making Requests: Constructing and sending your first authenticated API request to a LinkedIn endpoint.

This getting started guide focuses on the technical steps assuming you have either gained or are in the process of gaining access.

Create an account and get keys

To interact with the LinkedIn API, you first need to establish a developer presence and register an application. This process is centralized within the LinkedIn Developer Portal, which is accessible after your application for API access has been approved.

1. Apply for API Access

Before you can create an application and get keys, you must apply for access to the LinkedIn API. The specific process varies depending on the API you intend to use (e.g., Marketing API, Talent Solutions API). You can find information on the various LinkedIn APIs and their access requirements on the Microsoft Learn documentation. This application often involves detailing your use case and business needs.

2. Create a Developer Account (if necessary)

If you don't already have a LinkedIn account, you will need one to access the Developer Portal. Your LinkedIn account serves as your developer identity.

3. Register Your Application

Once your API access is approved, navigate to the LinkedIn Developer Portal. You will need to create a new application, which involves:

• Application Name: A descriptive name for your application.
• Application Description: A brief explanation of what your application does.
• Application Logo: An image to represent your application.
• Privacy Policy URL: A link to your application's privacy policy. This is a critical requirement for user consent and data handling.
• Redirect URLs (OAuth 2.0): These are the URLs to which LinkedIn will redirect users after they grant or deny permissions to your application. For development, you might use http://localhost or a specific development domain.

After registering your application, the Developer Portal will provide you with your unique Client ID and Client Secret. These credentials are vital for authenticating your application with the LinkedIn API. Treat your Client Secret as sensitive information and protect it from unauthorized access.

Your first request

With your Client ID and Client Secret, the next step is to perform an OAuth 2.0 authorization flow to obtain an access token. This token is then used to make authenticated requests to LinkedIn API endpoints.

1. Initiate OAuth 2.0 Authorization

The LinkedIn API uses the Authorization Code Grant flow. Your application will redirect the user's browser to a LinkedIn authorization URL. This URL typically includes:

• response_type=code
• client_id (your application's Client ID)
• redirect_uri (one of your registered Redirect URLs)
• scope (a space-separated list of permissions your application requests, e.g., r_liteprofile for a basic profile read, w_member_social for posting updates)
• state (an opaque value used to prevent CSRF attacks, recommended)

Example authorization URL structure (replace placeholders):

GET https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id={YOUR_CLIENT_ID}&redirect_uri={YOUR_REDIRECT_URI}&state={YOUR_STATE_VALUE}&scope={REQUESTED_SCOPES}

The user will be prompted to grant permissions. Upon approval, LinkedIn redirects the user back to your redirect_uri with an authorization code and your state parameter.

2. Exchange Authorization Code for Access Token

Once your application receives the code, it must exchange it for an access token by making a POST request to LinkedIn's token endpoint. This request is made server-side and includes:

• grant_type=authorization_code
• code (the authorization code received in the previous step)
• client_id (your application's Client ID)
• client_secret (your application's Client Secret)
• redirect_uri (the same redirect URI used in the initial authorization request)

Example request to the token endpoint:

POST https://www.linkedin.com/oauth/v2/accessToken
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code={AUTHORIZATION_CODE}&client_id={YOUR_CLIENT_ID}&client_secret={YOUR_CLIENT_SECRET}&redirect_uri={YOUR_REDIRECT_URI}

If successful, LinkedIn will respond with a JSON object containing an access_token, its expires_in duration, and potentially other information. This access token is what you will use to authenticate subsequent API calls.

3. Make an Authenticated API Request

With your access token, you can now make your first authenticated request. A common first request is to retrieve the authenticated user's basic profile. For this, you would use the r_liteprofile scope and make a GET request to the LinkedIn Profile API endpoint:

GET https://api.linkedin.com/v2/me
Authorization: Bearer {YOUR_ACCESS_TOKEN}

The response will be a JSON object containing the user's basic profile information, such as ID, first name, and last name.

Common next steps

After successfully making your first authenticated request, consider these common next steps to further develop your integration:

1. Explore More APIs and Scopes: Review the LinkedIn API Reference documentation to understand the full range of available APIs (e.g., Marketing, Talent, Learning) and the specific scopes required for each functionality. Plan which additional permissions your application needs and update your OAuth flow accordingly.
2. Implement Refresh Tokens: Access tokens have a limited lifespan (e.g., 60 days). Implement a mechanism to refresh tokens before they expire to maintain continuous access without requiring users to re-authorize. While the core OAuth 2.0 flow includes refresh tokens, LinkedIn's implementation may vary for specific APIs. Consult the LinkedIn Authentication documentation for details on managing token lifecycles.
3. Error Handling: Implement robust error handling for API responses. LinkedIn API errors typically include HTTP status codes and a JSON body with an errorCode and message to help diagnose issues.
4. Webhooks (if applicable): For real-time updates (e.g., changes to company pages or ad campaign statuses), explore LinkedIn's webhook capabilities. This allows LinkedIn to push notifications to your application, reducing the need for polling.
5. Production Deployment: Prepare your application for production by securing your Client Secret, using HTTPS for all communication, and ensuring compliance with LinkedIn's Developer Agreement and Privacy Policy.
6. Rate Limiting: Be aware of and design your application to handle LinkedIn's API rate limits to avoid getting temporarily blocked. Implement retry mechanisms with exponential backoff for rate-limited responses (HTTP 429).

Troubleshooting the first call

Encountering issues during your initial API calls is common. Here are some troubleshooting tips:

• Incorrect Client ID/Secret: Double-check that you are using the exact Client ID and Client Secret provided in your LinkedIn Developer Portal. Typos are a frequent cause of authentication failures.
• Mismatched Redirect URI: The redirect_uri parameter in your authorization request must exactly match one of the Redirect URLs registered for your application in the Developer Portal, including scheme (HTTP vs. HTTPS) and trailing slashes.
• Missing or Incorrect Scopes: Ensure the scope parameter in your authorization request includes all necessary permissions for the API endpoint you are trying to access. If you request a scope that isn't granted or isn't available to your application, the authorization will fail. Refer to the LinkedIn Permissions and Scopes documentation.
• Expired Access Token: Access tokens have a limited lifespan. If you're using a token obtained previously, ensure it hasn't expired. Implement a token refresh mechanism for long-lived applications.
• Invalid Authorization Code: The authorization code received after user consent is single-use and short-lived. If you try to exchange an already used or expired code for an access token, it will fail.
• Network Issues or Firewall: Verify that your server can make outbound requests to https://www.linkedin.com and https://api.linkedin.com. Firewall rules or network configurations can sometimes block these connections.
• Check API Response for Error Messages: Always inspect the API response body for specific error codes and messages. LinkedIn's error messages are often detailed and can point you directly to the problem. Common HTTP status codes include 400 (Bad Request), 401 (Unauthorized), 403 (Forbidden), and 429 (Too Many Requests).
• Consult Documentation: The official LinkedIn API documentation on Microsoft Learn is the definitive source for error codes, endpoint specifics, and authentication flows.
• Use a Tool Like Postman or cURL: Before integrating into your application, test the OAuth flow and API calls using a tool like cURL or Postman to isolate issues related to your code versus the API itself.