Processing Applications

Delivery Mechanisms

The Apply with LinkedIn Plugin allows you to receive an application in two ways: e-mail and HTTP POST. Using e-mail is simple to configure, but limits your ability to programmatically process the application, such as putting it into a database. In those cases, use HTTP POST to get the application in XML or JSON.

For email, use the data-email parameter. A summary of the user's application -- as well as his or her full profile in PDF format -- will be sent to the email address you specify. This is a great choice for small groups who just have a few listed jobs, or companies who are just getting started.

For HTTP POST, use the data-url parameter, optionally with data-urlFormat. This is a powerful choice for companies who want to process the application information and store it in their database. The default URL format is JSON, but you can choose to ask for "xml" instead.
      data-url="" data-urlFormat="xml"

JavaScript Callbacks for Clicks and Success

If you have the plugin on a page with other Javascript, you can optionally set two callback handlers for the plugin. To be alerted when a person has clicked on the plugin, set the data-onclick parameter to the name of a Javascript function on the page. Likewise, use the data-onSuccess parameter to be alerted after the application is successfully submitted.

Both callbacks receive an object that contains two attributes. The event attribute is set to click or success. This lets you identify what happened.

The job attibute contains the configuration options of the plugin being used. This lets you identify what was called.


For example:

<script type="text/javascript">
function myOnclickFunction(r) {
        // do something here
function myOnsucesssFunction(r) {
        // do something else here
<script type="IN/Apply" 
      data-jobTitle="Chief Cat Herder" 

In this case, here's what's passed to the data-onsuccess callback:

      "companyName":"XYZ Company",
      "jobTitle":"Chief Cat Herder"

Note: These values should not be the URL of another page to redirect to or reference a JavaScript function not on the original page. These are local functions that are on the application page. If you want to send data back to your server from them, for tracking or other purposes, use AJAX to make a request.

Process Results on your Server

If you chose email as your delivery method, you’re pretty much done. You'll receive a nicely formatted email for each application sent to the e-mail address you specify. You are encouraged to test the plugin to make sure that the e-mail address is working correctly.

If you chose to receive data via HTTP POST, then you need to parse the data structure we send you and feed it into your data pipeline. You can receive results via JSON (the default) or XML.

The data we're sending you is not form POST data. So, if your language or framework has a built-in way of handling forms, it will not work. Instead, you need to consider yourself as a simple REST Web service server that accepts the POST verb.

We've put together a few code samples in PHP, Python and Node.js to demonstrate how to retrieve POST data and convert it into usable objects.

Here's the full schema for application data. You will need to parse and map all the relevant fields to your system.

Verify Authenticity of the Application

If you’re using the POST delivery method, we’ve done some extra work to help you guarantee the authenticity of the data arriving at your endpoint.

Every request from Apply with LinkedIn is signed digitally using the HMAC-SHA1 algorithm. At a high level, the idea is that you run the algorithm using a private key that only you and LinkedIn can know. If the output matches the value of a header that we send along with the request, then you know with certainty that we sent it.


  1. Look up the API secret associated with your API key.
  2. Extract the POST body from the request
  3. Extract the digital signature from the Content-Signature request header
  4. Pass the API secret (from Step 1) and POST body (from Step 2) into the into the HMAC-SHA1 algorithm.
  5. Compare the result with the signature (From Step 3).

If (3) and (4) match, then the request is genuine. If they don’t, then a third party is attempting to post to the endpoint.

If you're having problems getting this to work, this is the same signature encoding used in OAuth 1.0a and our Token Upgrade process. So, look at your OAuth library to see how they generate the signature. Also, be sure to treat the incoming data as UTF-8. If you don't, then the signature may fail because you have converted some characters from UTF-8 to an alternative encoding.

We have code samples in PHP, Python, Node.js, Java, and C# that demonstrate signature verification.

Once you've validated the signature and parsed the results, you can insert them directly into your applicant tracking system, job database, or any tool that you're using to help manage positions and careers at your company.