Developer Program Transition Guide

On February 12th 2015 we announced a series of changes to our developer program.  These changes have now begun to take affect and will be rolled out to the entire LinkedIn application base between May 12th - May 19th, 2015.

Please read through this guide for more information about what has changed and some helpful troubleshooting tips if you are experiencing errors with your LinkedIn API integration.

If you are an existing LinkedIn partner, these changes will not impact your existing partnership or the associated APIs that your partnership allows you to access.  

If you are experiencing issues as a result of the May 12th changes, please reach out to your LinkedIn Business Development representative immediately.

What's changed

API availability

After the grace period expires, several REST API endpoints will no longer be available for general use.  The following endpoints are the only ones that will remain available for use:

  • Profile API — /v1/people/~
  • Share API — /v1/people/~/shares
  • Companies API — /v1/companies/{id}

If your application is currently using any other API services (e.g. Connections, Groups, People Search, Invitation, Job Search, etc.) you will have to apply to become a member of a relevant Partner Program that provides the necessary API access to continue to leverage any of the endpoints that are not listed above.

New sharing permission

The rw_nus member permission will be deprecated.  Going forward, if your application shares content on behalf of a LinkedIn member, your application will require the w_share member permission to be granted.

The new w_share permission will grant you the permission to share content on LinkedIn as you could previously, however you will no longer be able to read shared content from a user's LinkedIn feed using the API.  We suggest you transition to using w_share as soon as possible, in anticipation of the upcoming changes.

Note that users with existing OAuth grants will have to re-authenticate due to the change in requested permissions.

New requirement for Companies API

All calls to Companies API endpoints will require the authenticated user to be flagged as an administrator of the LinkedIn Company Page that is the target of the API call.  You become the administrator of a page when you create it.  If the page already exists, you will have to contact the existing administrator to grant admin access to other LinkedIn members.

Your API call will return a 403 Forbidden error if you do not have the appropriate admin permission to interact with the target company.

Access to "r_fullprofile" & “r_contactinfo” permissions

The r_fullprofile and  r_contactinfo member permissions are now only available exclusively to applications accepted to the Apply with LinkedIn partner program.  As a result, you will only be able to request this member permission if your application has been approved by LinkedIn for this particular use.

Updated API Terms of Use

LinkedIn's API Terms of Use have been revised, effective immeditely.  There were no substantial policy changes involved, however edits were made to provide additional clarity in certain examples and to make the document easier to understand for the developer community. 

Please read and familiarize yourself with the new Terms of Use to ensure that your applications remain compatible with the new rules of conduct.

Miscellany, errata, etc.

Effective immeditately, the id field is now returned by default in a default Profile API request.

Troubleshooting

If you have not yet adjusted your application to work around these changes, you will begin to see critical errors occuring now, or in the near future when your authentication tokens next expire.  Here are some tips for solving some of the common issues you could expect to run into:

  1. The most common problem that will occur as a result of the API changes is that your authentication workflow will fail because your app is attempting to request member permissions that you no longer have access to.

    To correct this issue, ensure that the scope parameter in your authorization workflow is no longer requesting any of the following member permissions:

    r_fullprofile, r_network, r_contactinfo, rw_nus, rw_groups, w_messages.

    Alternatively, if you rely on the default scope rather than explicitely passing your own scope values, go into the "Authentication" tab of your application's configuration and ensure you've unchecked all of the member permissions listed above from the Default Application Permissions section of the configuration.

    Pay special attention to any 3rd party libraries that you are using for authenticating with LinkedIn, as they may be asking for more member permissions than you realize!

    Note that by removing member permissions, you may also be required to remove API calls that depend on those permissions being present, so you will need to thoroughly review your application and ensure that all of the API calls that it makes can be done under the remaining member permissions.
  2. The second most common issue that can occur is that you are attempting to make a call to the Companies API to retrieve data for a company that the user is not an administrator of.  Since this call was not previously restricted in this way, it is probable that even though you or your users believe that you are administrators of your company, that this is not actually the case and you are now restricted from making Companies API calls that you believe you should be able to.

    To work around this issue, first ensure that LinkedIn identifies you or your application's users as administrators of a Company Page.  Second, code your application defensively by programmatically checking that the current user is a valid administrator, before attempting to make a Companies API call.
  3. Finally, remember that for a period of at most the next two months, you may still have some users with an access token that allows them to make the API calls that were available prior to the recent API changes. 

    Do not assume that just because your application appears to be functional today (post-changes), that everything is a-ok.  Your application may not feel the impact of these changes until several days from now when your current access tokens start to expire and you are forced to refresh them to continue making API calls.