LinkedIn API in 2026: A Developer's Reality Check

The LinkedIn API is notoriously restricted. It gives you three things: a user's name, their email, and the ability to post on their behalf. If your use case is bigger than that — lead enrichment, recruiting data, competitive intelligence, bulk linkedin data extraction — you're about to navigate a very specific minefield.

This is the honest field guide. By the end, you'll know exactly what the official LinkedIn API allows in 2026, why LinkedIn has every incentive to keep it locked down, how the linkedin scraping landscape shifted after Proxycurl shut down, what the hiQ v. LinkedIn case actually decided (including the part everyone skips), and two working Python patterns — one with production-grade rate-limit handling, one showing a unified linkedin data api approach across platforms.

This article is a technical overview, not legal advice. Laws and platform terms vary by jurisdiction — consult qualified counsel before building on public data.

---

What Does the Official LinkedIn API Actually Allow?

The short answer: less than you think.

LinkedIn's developer platform is structured around business lines, not developer needs. Every permission you can enable breaks into two buckets: self-serve (instant) and partner-gated (approval required, weeks to months).

The three self-serve OAuth scopes:

Scope	What it returns	Who can use it
profile	Name, headline, profile photo	Any registered app
email	Primary email address	Any registered app
w_member_social	Post, comment, like on behalf of user	Any registered app

That's it. These three scopes are the only ones any developer can enable without special approval from LinkedIn. They do not expose connections, full work history, bulk profile lookup, company employee directories, or post analytics for pages you don't administer.

Partner-gated programs — what they actually cover:

• Marketing Solutions (MDP): Apply as an Advertising API partner. Covers rw_ads, r_ads_reporting, r_organization_social. 3-legged OAuth only — no client credentials flow for member data. Approval time reported at 2–8 weeks in the developer community.
• Talent Solutions: Recruiter System Connect (RSC), Apply Connect, Job Posting integrations. Also approval-required.
• Sales Solutions (SNAP): Access to r_sales_nav_profiles — matched, publicly available member profile information — but only for Sales Navigator subscribers. It is not arbitrary profile lookup; it's a data layer on top of a seat you've already bought.
• Compliance: Listed "for reference only — access is closed and may not be requested." Per the official docs.

What the official LinkedIn API will never give you:

• Bulk profile lookup for arbitrary members
• The connection graph (who knows whom)
• Full work history, education, or endorsements at scale without individual member consent
• Company follower lists or employee directories
• Post engagement analytics for pages you don't administer

This is not an oversight. LinkedIn's official Microsoft Learn documentation is explicit about the permission scope. Every developer who's arrived at this post after hitting a wall in the docs has found the same thing.

One versioning note: the LinkedIn Marketing API uses monthly versioned releases (e.g., li-lms-2026-06). Marketing Version 202506 was sunset in early 2026. If you're maintaining an older integration, check the migration guides — stale API versions stop returning data, they don't throw helpful errors.

---

How to Get a LinkedIn API Key

If you've decided the official scopes are enough for your use case, here are the exact steps:

1. Go to developers.linkedin.com → My Apps → Create App
2. Fill in: app name, a LinkedIn company page (you must have admin rights to a company page — personal profiles don't work), privacy policy URL, and logo
3. Under Products, request what you need. "Sign in with LinkedIn using OpenID Connect" is self-serve and enables instantly. Marketing Developer Platform requires you to submit a request and wait.
4. Under the Auth tab: add your redirect URL, then grab your Client ID and Client Secret
5. Implement the three-legged OAuth authorization code flow to exchange for access tokens. There is no two-legged (client credentials) flow for member data — every token requires an actual user to authorize your app.

Token expiration: LinkedIn access tokens from the three-legged flow expire after 60 days. The most common source of 401 errors in production LinkedIn integrations is not a permissions problem — it's an expired token. Implement proactive token refresh before expiry, not reactive refresh after a 401.

Rate limits on the official API are endpoint-specific and not published in the documentation. They are only visible in the Developer Portal Analytics tab after making at least one call to that endpoint. The portal sends email alerts at 75% of quota — with a ~1–2 hour lag. Plan around that: by the time the alert arrives, you may already be throttled.

---

Is the LinkedIn API Free? Pricing and Rate Limits Explained

The self-serve tier is free. It covers the three scopes above, and there is no charge to use it within LinkedIn's (unpublished) rate limits.

Commercial access — the Marketing API, Talent Solutions integrations, Sales Navigator data — is not self-service and LinkedIn does not publish pricing. You apply, LinkedIn reviews your use case, and if approved, pricing is negotiated. Developers evaluating LinkedIn for a commercial data use case regularly report that the approval process takes weeks and that commercial access costs are significant.

This creates the situation you're probably in: your use case needs data the free tier doesn't expose, and the commercial tier is either inaccessible or prohibitively expensive. That gap is the entire reason the third-party scraping ecosystem exists. For comparison, see SocialCrawl's credit-based pricing — flat-rate, no approval process.

Rate limits in practice:

• 429 Too Many Requests is the signal you've hit a limit
• LinkedIn's limits use a 24-hour rolling window that resets at midnight UTC
• There are two limit types: application-level (total calls your app can make) and member-level (calls on behalf of a single user token)
• Historical developer community data from pre-2016 APIs suggested ~100 calls/day on People Search — but that API was deprecated and those numbers don't apply to current endpoints. Don't plan around them.

---

Why Does LinkedIn Lock Down API Access — and Will It Ever Change?

LinkedIn reported $19B+ in annual revenue with 12% year-over-year growth in Q3 FY2026. That revenue is structurally dependent on three monetized data products:

• Recruiter — seat-based access to LinkedIn's talent graph
• Sales Navigator — seat-based access to the professional network for prospecting
• Marketing Solutions — ad spend against LinkedIn's targeting data

LinkedIn has 1.3B+ members and 71M+ companies catalogued. That professional graph is the moat. Unrestricted API access to member work histories, company employee directories, and connection graphs would directly cannibalize all three products.

The SNAP partner program exists precisely because LinkedIn wants to control which tools surface Sales Navigator data — and collect a cut on the seat that unlocks it. The API is restricted by design, not by technical limitation.

This is not a complaint — it's an incentive analysis. LinkedIn is not going to open the API. Understanding why means you're not waiting for a policy change that isn't coming, and you can make a clear-eyed decision about your architecture.

---

What Does the LinkedIn Scraping Landscape Look Like in 2026 — and Why Is Proxycurl Gone?

What happened to Proxycurl

Proxycurl was the dominant LinkedIn data API — a ~$10M ARR business before it shut down. On July 4, 2025, CEO Steven Goh announced the closure. His words were direct: "Regardless of the merits of LinkedIn's lawsuit, there is no winning in fighting this."

The backstory matters. On January 24, 2026, LinkedIn's VP of Legal Sarah Wight publicly announced that LinkedIn had filed a federal lawsuit against Proxycurl and its founder for "the unauthorized creation of hundreds of thousands of fake accounts and the scraping of millions of LinkedIn member profiles." The mechanism that killed Proxycurl wasn't the CFAA scraping question — it was fake account creation, a much cleaner legal line.

The Proxycurl team has pivoted to NinjaPear, a competitive intelligence company.

The broader signal: Bright Data, Oxylabs, ZenRows, ScrapingBee, and NinjaPear/Proxycurl have all pulled their LinkedIn scraping tutorial content. The content vacuum in the search results is real — and it's a direct result of legal pressure. This post exists partly because that content disappeared.

What's still active

The linkedin scraping market thinned out after Proxycurl's exit, but several providers remain operational. Here's the current state.

Bright Data offers LinkedIn Scraper API, LinkedIn Profile Scraper, and LinkedIn Company Scraper targeting public data only — no login required. Pricing starts at $0.0015 per record. Bright Data won court cases against Meta and X in 2024 and claims to be the only web scraping company that has prevailed in US courts. 400M+ IPs, 99.99% uptime claimed. Self-interested source, but factually documented.

Scrapingdog offers LinkedIn Jobs API and Profile Scraper API: Lite $40/mo (4,000 profiles), Standard $90/mo (20,000 profiles), Pro $200/mo (60,000 profiles), Premium $350+/mo (120,000 profiles). Public data only, no LinkedIn login required.

Nimble is pay-as-you-go at $3/CPM. Batch processing only — no real-time queries.

Apify actors are community-maintained and a common way to scrape linkedin profile data at low volume. The free tier covers 10 runs/day, 10 profiles/run. The most-cited data point from the Apify community: 300–400 profiles/day triggers account warnings for session-based approaches. That threshold doesn't come from LinkedIn's documentation — it comes from community observation, which means treat it as a floor, not a guarantee.

Account-based automation tools — Phantombuster, LinkedIn Helper, HeyReach, Dripify — automate your own LinkedIn account. Different risk profile entirely: these tools directly violate LinkedIn's prohibition on automating member behavior, and Proxycurl's lawsuit was triggered precisely because it combined fake account creation with scraping. If you use your real account with an automation tool and LinkedIn flags it, you lose the account.

Production Python pattern — handling 429, 999, and 403

No competitor ships code with real error handling. This pattern works against any third-party LinkedIn data endpoint that returns standard HTTP responses plus LinkedIn's unofficial 999 bot-detection status:

import requests
import time
import random

BASE_URL = "https://api.example-linkedin-data-provider.com"

def fetch_profile(api_key: str, profile_url: str, max_retries: int = 5) -> dict | None:
    headers = {"Authorization": f"Bearer {api_key}"}
    params = {"url": profile_url}
    
    for attempt in range(max_retries):
        response = requests.get(f"{BASE_URL}/profile", headers=headers, params=params)
        
        if response.status_code == 200:
            return response.json()
        
        if response.status_code == 403:
            # Hard block — LinkedIn flagged the request pattern.
            # Rotating proxies won't help if the behavioral fingerprint is already flagged.
            print(f"403 Forbidden: stopping. Cool down for 24h+ before retrying.")
            return None
        
        if response.status_code == 999:
            # LinkedIn's unofficial bot-detection response. Not a standard HTTP status.
            # This is account/IP-level flagging, not a transient rate limit.
            print(f"999 Bot detection: hard stop.")
            return None
        
        if response.status_code == 429:
            # Exponential backoff with jitter — prevents thundering herd if
            # multiple workers hit the limit simultaneously.
            wait = (2 ** attempt) + random.uniform(0, 1)
            print(f"429 Rate limited. Waiting {wait:.1f}s before retry {attempt + 1}/{max_retries}")
            time.sleep(wait)
            continue
        
        # Unexpected status — log and break rather than silently retrying.
        print(f"Unexpected status {response.status_code}: {response.text[:200]}")
        return None
    
    print(f"Exhausted {max_retries} retries for {profile_url}")
    return None

The key distinction between 429 and 999: a 429 is a rate limit — back off and retry. A 999 is LinkedIn's anti-bot detection signal — stop immediately. Retrying on 999 escalates the flagging. Same logic applies to 403: the block is behavioral, not per-request, and hammering the endpoint makes it worse.

---

Is LinkedIn Data Extraction Legal? The hiQ v. LinkedIn Case, Explained Correctly

Every competitor in this space has a one-sentence answer to the legal question about linkedin data extraction. Here's the full picture — because the one-sentence version is the one that gets developers into trouble.

The five-stage case timeline

1. 9th Circuit 2019 — hiQ wins on CFAA (preliminary) The Ninth Circuit affirmed a preliminary injunction preventing LinkedIn from blocking hiQ's scraping of public profiles. The court held that hiQ was likely to succeed: the Computer Fraud and Abuse Act probably does not apply to scraping publicly accessible data. hiQ Labs, Inc. v. LinkedIn Corp., 938 F.3d 985 (9th Cir. 2019)

2. Supreme Court 2021 — remanded The Supreme Court vacated and remanded in light of Van Buren v. United States (2021), which narrowed the CFAA's "exceeds authorized access" clause: it applies only when someone with valid system access goes beyond what they're authorized to access — not to publicly accessible data. The CFAA reading was always going to be tight.

3. 9th Circuit April 2022 — CFAA ruling affirmed again On remand, the Ninth Circuit affirmed once more: scraping publicly available data likely does not violate the CFAA. 31 F.4th 1180 (9th Cir. 2022). This is the ruling tech media ran with as "web scraping is legal." It is not wrong — but it is incomplete.

4. District Court November 2022 — LinkedIn wins on breach of contract The same court ruled that LinkedIn's User Agreement "unambiguously prohibits hiQ's scraping and unauthorized use of the scraped data." hiQ had known about the prohibition since 2015 and actively tried to reverse-engineer LinkedIn's systems to avoid detection. LinkedIn won on breach of contract — not CFAA. hiQ went effectively dormant.

5. Settlement late 2022 hiQ and LinkedIn reached a proposed settlement. The case ended with LinkedIn winning on the legal theory that actually mattered in practice.

What this means for your architecture

The CFAA is largely off the table as a weapon against scrapers of public data. That's real. But LinkedIn's User Agreement Section 8.2 explicitly prohibits:

"Develop, support or use software, devices, scripts, robots or any other means or processes (such as crawlers, browser plugins and add-ons or any other technology) to scrape or copy the Services"

If you clicked "I agree" to LinkedIn's terms — and you did, to create your account — and then you scrape, you have a contract problem, not a criminal problem. That's still a real problem. It's the problem that ended Proxycurl.

The practical risk breakdown for most developers:

• Account bans: High risk for session-based tools. This is the most likely outcome for individuals.
• Tool deprecation: Scrapers break when LinkedIn pushes anti-bot updates — which happens frequently.
• Litigation: LinkedIn pursues this route against commercial-scale operators, not individual developers. But "it probably won't happen to me" is a risk tolerance call, not a legal argument.

GDPR sidebar: For EU member profiles, GDPR Article 9 special category data (inferred from profile content like religion, health, political views) does not benefit from the "manifestly made public" exception if the subject didn't clearly intend that disclosure in a GDPR context. LinkedIn is a Microsoft subsidiary; Irish DPA has jurisdiction for EU enforcement. This is a separate risk channel from the US CFAA/contract questions. If your use case touches EU profiles at scale, get qualified legal advice — this post is not it.

---

Is There a LinkedIn Data API That Covers Multiple Platforms at Once?

Here's the architectural framing that's missing from every competitor post in this space: the choice is not binary (official API vs. DIY scraping). There's a third option — a unified social data API that handles the data access layer and exposes LinkedIn data under the same schema as every other platform you're working with.

The maintenance argument: if you need LinkedIn data and you also need Instagram data, TikTok without an official API, or YouTube Data API access — each of those has its own scraping ecosystem, its own proxy rotation requirements, its own rate limit quirks, its own breaking changes. Every LinkedIn enforcement action, every Apify actor update, every proxy policy change hits your scraper pipeline differently. You're not maintaining one scraper; you're maintaining a portfolio.

SocialCrawl covers LinkedIn via /v1/linkedin/* endpoints under a single x-api-key. Same envelope, same credit system, same unified schema across 42 platforms. The computed fields — engagement_rate, content_category, language — are pre-calculated in the response, not raw HTML you parse yourself. Full endpoint reference is in the LinkedIn platform docs.

import os
import requests

API_KEY = os.environ["SOCIALCRAWL_API_KEY"]
BASE_URL = "https://www.socialcrawl.dev"
HEADERS = {"x-api-key": API_KEY}

# LinkedIn profile — one key, one schema
linkedin_response = requests.get(
    f"{BASE_URL}/v1/linkedin/profile",
    headers=HEADERS,
    params={"username": "satya-nadella"}
)
linkedin_data = linkedin_response.json()
print(f"LinkedIn: {linkedin_data['data']['name']} — {linkedin_data['data']['headline']}")

# Same key, same envelope, different platform — no schema translation needed
instagram_response = requests.get(
    f"{BASE_URL}/v1/instagram/profile",
    headers=HEADERS,
    params={"username": "microsoft"}
)
instagram_data = instagram_response.json()
print(f"Instagram: {instagram_data['data']['followers_count']:,} followers")
# Both responses use data.* — same field conventions, same auth pattern

Honest limitation: SocialCrawl is not a magic bypass of LinkedIn's restrictions. It covers publicly available LinkedIn data under the same legal parameters as the other third-party approaches described above. The architectural advantage is the unified layer — not a different legal position. For a deeper look at how to evaluate unified social APIs against platform-specific tools, see the unified social media API complete guide.

For the full platform-by-platform breakdown — including the Threads API and every platform where access is restricted by similar mechanisms — see the best social media scraping APIs in 2026.

---

What Could Go Wrong? Common Errors and Fixes

These are the errors you will hit. The fixes are specific.

401 Unauthorized on the official LinkedIn API Your access token expired. LinkedIn tokens from the three-legged OAuth flow expire after 60 days. The fix is proactive token refresh before expiry, not reactive handling after a 401. Build a token rotation job that runs at day 55, not a catch that waits for the 401.

403 Forbidden mid-scrape LinkedIn has flagged the request as automated. The flag is behavioral — it tracks timing patterns, not just IP. Rotating proxies does not fix this if the behavioral fingerprint is already marked. Stop retrying. Cool down for 24 hours minimum. Then reduce request velocity when you resume.

429 Too Many Requests See the Python pattern above. Back off with exponential jitter. LinkedIn's per-application limits are endpoint-specific and not published, but they are strict. If you're hitting 429 regularly, you are running faster than the limit permits — and the limit will not be documented anywhere you can look it up.

999 status code (LinkedIn-specific) Not a standard HTTP status. LinkedIn uses 999 as its bot-detection response. Treat it as a hard stop — this is account or IP-level flagging, not a transient rate limit. Retrying on 999 escalates the detection. The remediation is cooling down, not retrying harder.

Selenium scraper stopped working overnight LinkedIn pushes frontend changes multiple times per week. CSS selector-based scrapers are inherently fragile — every structural change to LinkedIn's DOM breaks them. This is not a bug you fix once; it is ongoing maintenance overhead that compounds with every LinkedIn product update. If you're running a selector-based scraper in production, build in monitoring and budget for regular breakage.

---

Where to Go From Here

If you're building on the official LinkedIn API, the canonical reference is Microsoft Learn's LinkedIn documentation — not LinkedIn's older developer portal, which has incomplete and sometimes contradictory content.

If you want to explore SocialCrawl's LinkedIn endpoints before writing a line of integration code, see your data in the Explorer — live responses against real endpoints, no setup required.

For the broader multi-platform picture — how LinkedIn compares to Instagram, TikTok, YouTube, and X in terms of access and reliability — see multi-platform social data APIs in 2026.

---

Frequently Asked Questions

Is the LinkedIn API free to use?

The LinkedIn API is LinkedIn's official interface for developers to access limited profile, job, company, and organization data. It's partially free (self-serve tier), but commercial access is heavily restricted and requires partner approval. For unrestricted linkedin data extraction at scale, most developers turn to third-party APIs or unified social data platforms.

The self-serve tier covers three OAuth scopes: name and headline (profile), primary email (email), and social posting on behalf of a user (w_member_social). Commercial access — the Marketing API, Talent Solutions, Sales Navigator data — is not self-service and requires partner approval. LinkedIn does not publish pricing for commercial tiers.

How do I get a LinkedIn API key?

Create an app at developers.linkedin.com, attach it to a LinkedIn company page you administer, and request a product under the Products tab. "Sign in with LinkedIn using OpenID Connect" is self-serve and activates immediately — your Client ID and Client Secret are available in the Auth tab. For partner-gated products like the Marketing Developer Platform, expect a 2–8 week review process. The resulting access tokens use three-legged OAuth (user consent required); there is no client credentials flow for member data.

What are the LinkedIn API rate limits?

LinkedIn does not publish rate limits in its documentation. They are endpoint-specific and only visible in the Developer Portal Analytics tab after making at least one call to that endpoint. Rate-limited requests return 429 Too Many Requests. The portal sends email alerts at 75% of quota with a ~1–2 hour lag. Plan your retry logic around unpublished limits — see the Python pattern in this post for exponential backoff with jitter.

Can I scrape LinkedIn data legally?

The nuanced answer: scraping publicly available LinkedIn profiles probably does not violate the Computer Fraud and Abuse Act, per the Ninth Circuit's April 2022 ruling in hiQ Labs v. LinkedIn, 31 F.4th 1180 (9th Cir. 2022). However, the same case resulted in LinkedIn winning on breach of contract in November 2022 — because LinkedIn's User Agreement Section 8.2 explicitly prohibits scraping, and hiQ agreed to those terms. EU profiles carry additional GDPR risk. This is not legal advice.

What's the difference between the LinkedIn API and a LinkedIn scraper?

The official LinkedIn API requires OAuth authorization from a LinkedIn member and is limited to three self-serve scopes plus partner-approved programs. A scraper bypasses the official API — either via public-page HTTP requests (no login) or by automating a real LinkedIn session (login required). The risks differ: the official API has hard feature limits; scrapers have ToS/contract exposure and account-ban risk. Session-based scrapers (those requiring a LinkedIn login) carry higher risk than public-data scrapers because they directly violate LinkedIn's prohibition on automating member behavior.

Do I need a LinkedIn API key to get LinkedIn data?

For the official LinkedIn API, yes. For third-party data providers — Bright Data, Scrapingdog, Nimble, SocialCrawl — you use their own API keys, not a LinkedIn-issued key. These providers handle the data access layer and expose it through their own authentication systems. The trade-off is that you're dependent on the provider's continued operation and legal position, as the Proxycurl shutdown demonstrated.

Why does LinkedIn restrict API access so heavily?

LinkedIn's core revenue products — Recruiter, Sales Navigator, Marketing Solutions — are all monetized data products built on the professional graph of 1.3B+ members and 71M+ companies. Unrestricted API access to member professional graphs would directly cannibalize those products. The API is restricted by design, not by technical limitation — it is a revenue decision, not an engineering one.