Hello again 😊
As a reminder, we said that posting on LinkedIn via API requires having a specific variable named access token. It will be used in the second part of this series to do an API call to post "Hello LinkedIn API :-) ".
How could we get this variable? What's its role? You must be wondering, right? Otherwise why would you be here in the first place 😇
First things first, let's clarify some basic stuff.
API: buzz words aside, an API is a way to let programs communicate with each others. (Think of LinkedIn API as a software running on a distant computer, and the script we we'll be creating as a program running on your machine/computer). These two programs needs a way to communicate. That's what an API is.
Access token: a string of characters that represents the authorization to access a particular resource or service. It is used in the process of authentication, which is the process of verifying the identity of a user or a system. You could think of this as an identifier of the real user communicating with LinkedIn API or even simpler, it has the same role as your login & password when authenticating with LinkedIn website, but programmatically :)
OAuth: a technique that enables users to grant third-party access to their resources without sharing their password. Remember the signing with Google screens? Cool. Think of it like that.
Now, what's the plan?
That's a very accurate question. We need one.
How things work, in plain English
To be able to use LinkedIn API to publish a post, we need -as described above- an access token that help LinkedIn identifies the request we'll be doing and approving it. Now to get the access token, we need to understand how OAuth works when interacting with LinkedIn API.
OAuth authentication is based on information's exchange, a two-step process during which, we:
- get an authorization code from LinkedIn API
(Remember the Sign In with Google? Cool. That's simply asking the user to authorize the application being run to interact with LinkedIn on his behalf. The result of this operation is an authorization code)
- exchanging this authorization code with an access token:
Once user authorizes LinkedIn app prompt screen, LinkedIn API will generate an authorization code. This code will be sent to our application so we will use it to ask for (or exchange it with) an authentication token. Yes? you guessed it right. This is our beloved access token we've been talking about. Once we get this access token. Everything becomes easy-peasy.
Don't be intimidated by the above explanation. In a later section, I've prepared everything required to get this access token for you.
Let's get the hands dirty.
Steps to get the access token:
- Create an app on LinkedIn:
- Sign in to the LinkedIn developer portal.
- Click "Create app" to create a new app.
- Enter basic details such as the app's name and logo.
- You will need to associate your app with a company page. If you don't have any pages, create one.
- Request App Verification From the Company Page: go to the Settings tab and press the "Verify" button to receive a verification link. Open this link if you're the company's page administrator or send it to administrator(s) of the company page you previously selected. When you/the administrator opens the link, you/they will be prompted to confirm their responsibility for your app. If you/they confirm, you will receive a notification that your app has been verified and you can continue with other settings.
- Request Access to Features
- Go to Products tab, Do you see “Share on LinkedIn” and “Sign In with LinkedIn.” ? Cool, you need to request access to both scopes.
- (Applies only when you want to post on company pages) To post on company pages, you must request access to the "Marketing Developer Platform" and provide details about your application. Your request will be reviewed and, if approved, you will be granted access to the platform.
- It is possible that the review process for your application may take some time, and it is not uncommon to experience a few rejections before it is ultimately approved. (Mine was instant)
- Review the authorization process for your application:
Go to <Auth> tab, scroll down. You should see a screen similar to the one below: (if you requested marketing platform access, you will also see
w_organization_social in the list of requested scopes):
Now, locate the section called <OAuth 2.0 settings>. You need to edit this <Authorized redirect URLs for your app> to http://localhost:3000/callback like the image below (I will explain this later 😉)
Now, bring a pen and a paper. Take note of
client ID and
client secret (displayed on Application credentials section) & <Authorized redirect URLs for your app>, we will need them.
- Run a helper script to handle the LinkedIn OAuth for you
When I've been working on this, I built a very straightforward script to get me an access from LinkedIn API. The project is hosted on Github https://github.com/azizfcb/linkedin-oauth-helper . I've created a detailed guide on how to use it to get an access token. Here's a summary:
- You need to clone the project using git & install it's dependencies using npm.
- You need to update two environment variables: LINKEDIN_CLIENT_ID & LINKEDIN_CLIENT_SECRET with respectively
client secretwe got on previous step. Now you might be asking about <Authorized redirect URLs for your app>, the variable that I told you to take a note of.
Totally legit. That variable is the url that will get the authorization code sent by LinkedIn after authorization process. It points to local nodejs server running locally. You don't have to change it but I made it customizable for you.
- You need to start the server. This will launch your browser, ask you to login &/or allow access for our app. Once done and approved, the script will continue its execution and you will get your access token displayed in the browser, along with the user ID (the identifier of the user that allowed the LinkedIn prompt screen) (and also in the console). Tada 🎉😃
I hope that you made it this far, and that things worked for you. The first time I got the access token, I felt like a world champion 😎
In this first part of the series, we explained what's required to communicate with LinkedIn API, shared some basic definitions, explained how things work in very simple English terms and detailed the required steps to get the access token. If something didn't work for you or you had problem on one of the steps or when running the helper script, I will be happy to help you with that, don't hesitate to reach out to me.
Now we've got the access token (and user ID as a bonus), the relatively difficult part is done. The rest should be easy compared to this. Go celebrate, have your break and get back.
Welcome back! Let's got to the second part!
(Subscribe to get it right at your inbox ⚡📧)