Enterprise OAuth System User Flow
Enterprise OAuth flow extension is used for issuing access tokens without enterprise user context referred to as System User tokens. This is required for the enterprise integrations which require API access without enterprise user login or having user context. For example periodic batch script runs, offline analytical queries.
Note
The Enterprise OAuth is currently available for LinkedIn Talent and Sales programs only.
Step 1: Get the Client ID, Client Secret and system-user-id
Get the client-id, client-secret and system-user-id.
Step 2: Generate an Access Token
To generate an access token, issue a HTTP POST against accessToken with a Content-Type header of x-www-form-urlencoded and the following parameters in the request body:
https://www.linkedin.com/oauth/v2/accessToken
| Parameter | Description | Required |
|---|---|---|
| grant_type | The value of this field should always be client_credentials |
Yes |
| client_id | The Client ID value associated with the API key. | Yes |
| client_secret | The Client Secret value associated with the API key. | Yes |
| li_system_user_id | The System user value associated with the API key. | Yes |
Sample Request (Secure Approach)
curl --location POST 'https://www.linkedin.com/oauth/v2/accessToken' \
-header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id={your_client_id}' \
--data-urlencode 'client_secret={your_client_secret}' \
--data-urlencode 'li_system_user_id={your_li_system_user_id}'
A successful access token request returns a JSON object containing the following fields:
access_token— The access token for the application. This token must be kept secure.expires_in— Seconds until token expiration.- The access token has a 30-minute lifespan and must be used immediately. You may request a new token once your current token expires.
Sample Response
{
"access_token": "AQV8...",
"expires_in": "1800"
}
Step 3: Make API Requests
Once you have received an access token, you can make API requests by including an Authorization header with your token in the HTTP call to LinkedIn's API.
Sample API Request
To customize your private integration, use your application credentials to call the following API:
GET /simpleJobPostings?integrationContext=foo&listedAt=10&q=attributes&states=List(REVIEW,SUSPENDED,SUSPENDED)
Sample Response
Content-Type:application/json
X-RestLi-Protocol-Version:2.0.0
{
"elements": [
{
"forTesting": true,
"externalJobPostingId": "foo",
"listingType": "BASIC",
"description": "Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.",
"availability": "PRIVATE_TO_ATS_INTEGRATION",
"workplaceTypes": [],
"title": "bar",
"employmentStatus": "baz",
"listedAt": 10,
"workRemoteAllowed": true,
"showPosterInfo": false,
"industries": [],
"state": "BEING_LISTED",
"hireCostCenterCode" : "ABC100",
"hireCostCenterName" : "ABC"
},
{
"forTesting": false,
"externalJobPostingId": "foo",
"listingType": "PREMIUM",
"description": "Organic american apparel eiusmod, high life craft beer mollit polaroid lo-fi sed culpa.",
"availability": "PRIVATE_TO_ATS_INTEGRATION",
"workplaceTypes": [],
"title": "baz",
"employmentStatus": "baz",
"listedAt": 7,
"workRemoteAllowed": false,
"showPosterInfo": true,
"industries": [],
"state": "BEING_LISTED",
"hireCostCenterCode" : "ABC100",
"hireCostCenterName" : "ABC"
}
],
"paging": {
"count": 10,
"start": 0,
"links": []
}
}
Error Handling
401 Unauthorized
If you make an API call using an invalid token, you'll receive a 401 Unauthorized response from the server. In this case, the token may need to be regenerated because it expired or was revoked.
These are not the only reasons for an invalid token. Make sure your applications are coded to properly handle a 401 error.
Feedback
Submit and view feedback for