Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
All Verified Plus partners must complete this certification process to be approved for production access. The checklist covers OAuth integration, verification workflows, error handling, and LinkedIn policy compliance.
You must demonstrate and document completion of each requirement with screenshots, logs, or product flow explanations as appropriate.
Certification Areas
The checklist is divided into the following four categories:
Integration Requirements
| ID | Requirement | Expectations |
|---|---|---|
SL-001 |
OAuth 2.0 Integration with Correct Scopes | Implement OAuth 2.0 using the appropriate scopes for your use case. Only request the scopes that are required, such as: r_profile_basicinfo, r_most_recent_education, r_primary_current_experience, and r_verify_details. Requesting additional scopes may result in unnecessarily large responses or data beyond the partner’s intended use case, leading to integration mismatches or unused information. |
SL-002 |
Latest API Endpoint and Version Compliance | Confirm that your integration uses the latest recommended endpoints (/identityMe, /verificationReport, /validationStatus), does not use deprecated APIs, and includes the LinkedIn-Version header with the latest supported version in all requests. See Current API Versions for the latest versions. |
SL-003 |
Token Expiration & Management | Reuse valid access tokens when available. If the access token has expired, use the refresh token to obtain a new one. If the refresh token is also expired or invalid, re-trigger the OAuth flow with the member to obtain a new access token. |
SL-004 |
Breaking Change Policy | Confirm that you have read and agreed to LinkedIn’s breaking change policy. |
SL-005 |
Handle API Errors such as Version Expiry & Rate Limiting | Capture version expiry errors, monitor 426 responses, track X-LI-UUID, include the LinkedIn-Version header in all requests, monitor relevant HTTP errors, handle rate limiting correctly, and comply with LinkedIn’s query tunneling and versioning policies. |
Verification Workflow
| ID | Requirement | Expectations |
|---|---|---|
SL-006 |
Show Complete Verification Flow (New User) | Demonstrate full flow: user clicks the "Verify on LinkedIn" CTA → redirected to LinkedIn → completes verification → redirected back → display verified badge with category (Identity, Workplace) and timestamp. |
SL-007 |
Verification Badge Implementation | Use “Verified on LinkedIn” text, proper LinkedIn branding, link badge to the member’s LinkedIn profile, and display verification category and timestamp. |
SL-008 |
Fetch Basic Member Profile via /identityMe |
Retrieve and use basic member information from /identityMe and explain how it is used in your platform. |
SL-009 |
Verification Flow for Pre-Verified Users | Demonstrate flows for users with identity only, workplace only, both, and multiple verifications. Show ability to request specific verification types based on use case. |
SL-010 |
Handle Incomplete or Cancelled Verification Flow | Handle user cancellations, consent rejection, and OAuth revocation. Ensure proper redirection and clear error messaging. |
SL-011 |
Error Logging & UUID Tracking | Demonstrate error handling with request/response logs including headers, especially X-LI-UUID. |
Data Freshness
| ID | Requirement | Expectations |
|---|---|---|
SL-012 |
Persist Critical Fields for Data Freshness | Store id from /identityMe and /verificationReport, securely store refresh_token, and track lastRefreshedAt to avoid processing stale updates. |
SL-013 |
Validation Status API Polling Workflow | Implement 2-legged OAuth with r_validation_status, call /validationStatus with up to 500 member IDs per request, handle VALID, INVALID, VALID_WITH_UPDATES, and refresh data using /verificationReport and /identityMe only when needed. |
SL-014 |
Push Notifications Handling (if subscribed) | Register webhook endpoint, handle FEDERATED_MEMBER_DATA_STATUS_CHANGE, process isAccessRevoked, use timestamps to avoid duplicate or out-of-order events, and ensure webhook delivery health. |
SL-015 |
Handle Access Revocation | Delete or invalidate stored data and tokens when access is revoked and ensure proper user experience with clear error messaging. |
Integration Compliance
| ID | Requirement | Expectations |
|---|---|---|
SL-016 |
Pass LinkedIn InfoSec Review | Confirm that your application has passed LinkedIn’s InfoSec security assessment. |
SL-017 |
Developer App Admin Management | Ensure all relevant personnel are added as admins and kept up to date. |
SL-018 |
Business Email DL Setup | Create a distribution list (DL) with correct owners and register it as the business email in the LinkedIn Developer Portal. |
SL-019 |
Support Routing Post-GA | Confirm that all post-GA support queries are routed to voli-support@linkedin.com. |
SL-020 |
Subscribe to API Status Page | Subscribe to LinkedIn API Status page and ensure you receive real-time notifications for incidents. |
SL-021 |
Monitor API Release Updates | Regularly review LinkedIn API release documentation to stay up to date with changes. |
Data Use & Retention Guidelines
If LinkedIn has granted you access to the Verified on LinkedIn Plus Program, it will appear in the list of products that your application has access to on the LinkedIn developer portal. Please note that access to certain data fields may be restricted.
Consult your Verified on LinkedIn API Agreement for other restrictions, conditions, and data deletion obligations relating to this data. For example, the Verified on LinkedIn Agreement requires that you obtain an authenticated Member’s consent before storing their verification data. If there is any conflict between these requirements and the requirements in your Agreement, the requirements that are more restrictive or more protective of the data apply. Similarly, if a given data field is encompassed by two or more of the following requirements, the shortest storage/caching duration shall apply.
LinkedIn reserves the right to update these requirements at any time by posting changes on our developer documentation, and it is your responsibility to review and ensure your integration remains compliant with the most current requirements. Partners are expected to make necessary updates to their systems and processes in a timely manner to remain in good standing.
The following requirements do not apply to data that is independently provided to you by your clients and not retrieved via the Verified on LinkedIn API.
API Guides
- Verification Report API Guide
- IdentityMe API Guide
- Validation Status API Guide
- OAuth Authorization Code Flow Guide
Integration Resources
- Quickstart Guide
- OAuth 2.0 Authentication
- Implementation Guidelines
- Data Freshness
- Validation Status API