Module 1 - Basics

Client Credential Flow (2-legged OAuth)

If your application needs to access APIs that are not member specific, use the Client Credential Flow. Your application cannot access these APIs by default.

Learn more:

Generate a Token Manually Using the Developer Portal

The LinkedIn Developer Portal has a token generator for manually creating tokens. Visit the LinkedIn Developer Portal Token Generator or follow the steps outlined in Developer Portal Tools.

Step 1: Get Client ID and Client Secret

Each application is assigned a unique Client ID (Consumer key/API key) and Client Secret. Please make a note of these values as they will be integrated into your application config files. Your Client Secret protects your application's security so be sure to keep it secure!

Redirect URLS


Do not share your Client Secret value with anyone, and do not pass it in the URL when making API calls, or URI query-string parameters, or post in support forums, chat, etc.

Step 2: Generate an Access Token

To generate an access token, issue a HTTP POST against accessToken with a Content-Type header of x-www-form-urlencoded and the following parameters in the request body:
Parameter Description Required
grant_type The value of this field should always be client_credentials Yes
client_id The Client ID value generated when you registered your application Yes
client_secret The Client Secret value generated when you registered your application Yes

Sample Request (Secure Approach)


Content-Type: application/x-www-form-urlencoded

A successful access token request returns a JSON object containing the following fields:

  • access_token — The access token for the application. This token must be kept secure.
  • expires_in — Seconds until token expiration.
    • The access token has a 30-minute lifespan and must be used immediately. You may request a new token once your current token expires.

Sample Response

    "access_token": "AQV8...",
    "expires_in": "1800"

Step 3: Make API Requests

Once you've received an access token, you can make API requests by including an Authorization header with your token in the HTTP call to LinkedIn's API.

Sample Request


Connection: Keep-Alive
Authorization: Bearer {access_token}

Error Handling

401 Unauthorized

If you make an API call using an invalid token, you'll receive a 401 Unauthorized response from the server. In this case, the token may need to be regenerated because it expired or was revoked.

These are not the only reasons for an invalid token. Make sure your applications are coded to properly handle a 401 error.