The LinkedIn API lets developers integrate LinkedIn features into their applications, but it comes with strict rules. Here’s what you need to know:
- What You Can Do: Access basic member profile data (name, photo, headline), post or comment on behalf of users with consent, and use specialized tools for approved programs like Marketing or Sales. Daily API calls are capped at 100,000 (similar to LinkedIn’s automation daily limits), and you can only store profile data for 24 hours and social activity data for 48 hours.
- What You Can’t Do: Scrape or combine LinkedIn data with other sources, sell or lease data, use the API for lead generation, or automate posts. Sensitive use cases like credit or employment decisions are also off-limits.
- Key Compliance Rules: Delete user data immediately upon request, adhere to LinkedIn’s privacy standards, and avoid exceeding rate limits. Violations can result in API access being revoked.
The LinkedIn API is a powerful tool for professional applications, but staying compliant with its strict policies is essential to maintain access.
LinkedIn API Allowed vs Prohibited Uses and Compliance Requirements
1. Allowed Uses of the LinkedIn API
Permitted Functionalities
The LinkedIn API allows access to specific authenticated member profile data, but this access is limited and depends on each member’s privacy settings. You can retrieve basic profile details like first name, last name, profile picture, headline, and vanity name [8][9]. Additionally, the API provides access to a member’s primary email address through OpenID Connect [1].
Another key functionality is social actions. With the w_member_social permission, your application can post, comment, or like content on behalf of users who have given their consent. When automating these actions, following LinkedIn automation best practices is essential to protect account health. The API also standardizes location data through the geoLocation field, using Bing Geo taxonomy [1][8].
For developers in specialized programs, LinkedIn offers extra features. Approved partners in Marketing, Sales, and Talent programs can use tools like ad account management, lead syncing, and Sales Navigator analytics [1][5]. Additionally, developers with r_compliance permission can retrieve member activity for purposes like archiving and compliance monitoring [8][1].
| Permission | Functionality | Access Level |
|---|---|---|
profile / r_liteprofile |
Retrieve name and photo of the authenticated user | Open / Consumer |
email |
Retrieve the authenticated user’s primary email address | Open / Consumer |
r_basicprofile |
Retrieve name, photo, headline, and vanity name | Approved Developers |
w_member_social |
Post, comment, and like on behalf of the member | Open / Consumer |
r_sales_nav_profiles |
Access matched, public Sales Navigator profile info | SNAP Partners |
r_compliance |
Retrieve activity for monitoring and archiving | Private / Closed |
These permissions should be used with targeted queries to ensure efficient data handling.
Practical Use Cases
To make the most of the API, it’s important to use field projections when sending requests. Instead of pulling all available data, specify only the fields you need with syntax like ?projection=(id,firstName,lastName) [8][6]. This approach not only improves performance but also helps you stay within the 100,000 daily API call limit [6].
Before attempting to retrieve data, confirm that members haven’t restricted their "Off-LinkedIn Visibility" in their privacy settings [8]. To simplify working with the API, LinkedIn provides official client libraries for JavaScript and Python. These libraries support the Rest.li protocol, which includes 14 different resource methods like GET, BATCH_GET, and FINDER [2].
sbb-itb-8725941
2. Prohibited Uses of the LinkedIn API
Prohibited Activities
LinkedIn has clear rules to protect member privacy and maintain the platform’s integrity. Activities like scraping, crawling, or spidering LinkedIn content without using the official APIs are not allowed. Combining LinkedIn data with information from unauthorized sources is also off-limits [6]. Additionally, selling, renting, leasing, or sublicensing LinkedIn content – such as aggregated member profiles or social activity data – is strictly against their terms [6].
Using the API for marketing or sales prospecting is prohibited. This includes tasks like identifying leads, enhancing CRM systems, or building audience lists [4]. Creating fake accounts to manage multiple clients or automating posts with the API is also forbidden, though many LinkedIn automation tools operate outside these specific API constraints [4][6].
There are even stricter rules for sensitive use cases. You cannot use the API for decisions related to credit, insurance, employment, or housing eligibility. Similarly, any activities that facilitate surveillance or discriminatory practices are strictly banned [6].
Compliance Requirements
LinkedIn enforces strict compliance rules for API usage to ensure data security and user privacy.
If a user requests their data to be deleted or closes their account, developers must immediately delete all collected content on their behalf [6]. For those using the Marketing API, member social activity data can only be stored for up to 48 hours, while most profile data must be deleted within 24 hours [4]. Furthermore, applications using the API must have a privacy policy that is as strong as LinkedIn’s and easily accessible to users before authentication [6].
In cases where LinkedIn suspends or terminates API access due to a violation, all LinkedIn content must be permanently deleted within 10 days or less [7]. LinkedIn also reserves the right to audit your integration at any time. Non-compliance can lead to immediate suspension or termination of access [7]. Violations may result in legal consequences, especially if they breach regulations like GDPR, which can impose fines of up to €20 million or 4% of global annual revenue [10].
LinkedIn API Python Tutorial – Complete Setup & Resources Guide (Part 1)
Pros and Cons
The LinkedIn API offers official OAuth 2.0 integration and access to professional profiles, making it an essential tool for developers looking to integrate LinkedIn features into their applications [1][6]. Tools like Token Inspector, App Analytics, and the Endpoint Catalog are available to help monitor application performance and health [3][5]. Additionally, the self-serve program provides a starting quota of 100,000 daily API calls [6].
However, these benefits come with some clear limitations. For one, self-serve applications are limited to 100,000 lifetime users, and gaining access to premium APIs for marketing, sales, or talent purposes requires a stringent approval process [6][1]. Another drawback is the strict data storage policies, which include tight retention limits and requirements to delete data upon user request [4][6].
Here’s a breakdown of the key advantages and drawbacks:
| Feature | Pros | Cons |
|---|---|---|
| Data Access | Official access to professional profiles, headlines, and photos [8][1] | Limited to "Person IDs" and network data; requires explicit member consent [6][8] |
| Usage Limits | Generous initial quota of 100,000 daily calls [6] | Hard cap of 100,000 lifetime users; exceeding this requires a rigorous review process [6] |
| Integration | Standardized OAuth 2.0 and OpenID Connect support [1] | Complex approval process for Marketing, Sales, and Talent APIs [1] |
| Data Handling | Complies with data privacy regulations like BD DPA [6] | Strict storage limits; data must be deleted upon user request [6] |
| Support Tools | Tools like App Analytics, Webhooks, and Endpoint Catalog [5] | No access to scraped data, and strict branding guidelines must be followed [6] |
Another point to consider is how the API enforces rate limits. While the exact limits are not disclosed, exceeding them triggers a 429 status code, and developers are notified via email when usage reaches 75% of the assigned quota [11]. To manage this, you’ll need to monitor the Analytics tab in the developer portal, where endpoint-specific limits are displayed [11]. Additionally, Member IDs are unique to each application and cannot be reused across different apps [8].
Conclusion
The LinkedIn API provides a way to access LinkedIn’s professional data within clearly defined limits. With it, you can develop productivity tools, enable seamless sign-ins, share content, and conduct approved research. However, activities like scraping data, selling member information, or automating posts are strictly off-limits [6]. At its core, LinkedIn’s mission prioritizes giving members control over their data:
"Our mission is to connect the world’s professionals to allow them to be more productive and successful. To achieve that mission, our Developer Program enables you to create innovative professional applications… while honoring members’ choice and control over their personal data" [6].
To align with LinkedIn’s structured program, start with the Self-Serve API Program for basic integrations. This tier allows up to 100,000 daily API calls and supports up to 100,000 users [6]. For more advanced needs, such as marketing tools, recruitment platforms, or CRM integrations, you’ll need approval for Vetted API Programs, which come with stricter compliance requirements [7][1].
Keep your integration compliant by requesting only the data you truly need and adhering to retention limits [6]. Never share your access credentials except with authorized contractors under a written agreement [6]. Use the developer portal’s Endpoint Catalog to monitor your API usage, and create five test profiles labeled "Test Profile at [Company Name]" for development purposes. These profiles must remain separate from actual LinkedIn members [6].
This approach ensures you can leverage LinkedIn’s API effectively while staying within its policies and maintaining respect for member data.
FAQs
What happens if you violate LinkedIn’s API rules?
Violating LinkedIn’s API rules can have serious repercussions, including losing access to the API or even facing penalties on your LinkedIn account. Developers must adhere to LinkedIn’s API Terms of Use, as breaking these rules could result in losing API privileges or having your application suspended.
Actions like exporting member data, merging it with external datasets, or storing data for more than the permitted 48 hours are strictly prohibited. If caught, LinkedIn may take enforcement actions such as revoking your API keys, disabling your application, or, in extreme cases, pursuing legal action as outlined in their agreements. Following the rules is crucial to avoid these risks and keep your access to the platform intact.
How can developers avoid exceeding LinkedIn API rate limits?
To work within LinkedIn API rate limits, developers need to carefully track their usage and treat these limits as a daily allowance that resets at midnight UTC. There are two key types of limits to be aware of: application-level limits, which cap the total calls your app can make in a 24-hour period, and member-level limits, which restrict the calls made on behalf of individual users. You can monitor both through the Developer Portal’s Analytics tab, which provides detailed usage stats and endpoint-specific limits.
To avoid hitting these limits, build safeguards into your code. Strategies like caching frequently used data, batching multiple requests into one, and distributing API calls evenly throughout the day can help. If you encounter a 429 Too Many Requests response, stop making further requests and wait until the next reset period before trying again. With a combination of proactive tracking, efficient coding, and smart request handling, you can ensure your app stays within LinkedIn’s API limits.
How long can developers store data retrieved through the LinkedIn API?
LinkedIn enforces strict limits on how long you can keep data obtained through its API. For member-level social activity data – things like likes, comments, or shares – you’re allowed to store it for a maximum of 48 hours. When it comes to organization-level social activity data, the retention window extends to six weeks. However, if the data is linked to an organization that has authenticated with your app, you’re permitted to retain it for up to six months. Keeping data beyond these timeframes is a violation of LinkedIn’s terms of service.
It’s essential to familiarize yourself with and adhere to LinkedIn’s data retention rules to ensure compliance and avoid potential issues when working with their API.