APIs · Developers

LinkedIn API access tokens - under what circumstances have they been revoked for startups in the past?

Evelyn Hu -

September 18th, 2013

Does anyone have stories about LinkedIn's unpredictable revoking of their API access tokens?  Any details about the  circumstances around how and why startups were denied API access would be helpful.

It seems like certain companies might be more at risk ( e.g. recruiting startups).  But a large competitior like Jobvite has seemed to always be able to pulling their users' connections through LinkedIn API requests.

Does a startup need to develop a relationship with someone on a particular LinkedIn team to ensure the token access isn't randomly revoked at some point after launch?

We've developed a feature that consumes the LinkedIn API in accordance with their policies.  One thing we are doing is saving parts of the raw response on the client side until the user has a chance to review and re-purpose the data for saving on our site.  

I'm interested to know if there are any particular issues we should be thinking about in advance of a launch with regards to the LinkedIn API.  We want to ensure a stable reliance on the API going forward, and would like to plan properly.  Any stories or details you could share would be great.

Mohammad Forouzani CEO at Forecast.net

September 19th, 2013

I have worked with the linkedin api with many different startups (including the one I am currently a founder of). Basically, the only real point when linkedin will revoke your access is if they deem you to be a "competitor". (or doing something against their TOS)

The truth is, if you are using the linkedin api for anything more than just signing in... you are probably doing something in the "job/recruitment/professional social network" space - so you ARE a competitor.

Once you start hitting their API hard, you should be providing a "benefit" to linkedin's users (as part of linkedin, not just part of your company). If you do, linkedin is unlikely to revoke your access. If not, you better have some really good relationships high up in the linkedin food chain.

Alec Lebedev Team Architect: Proofpoint Social Platform for Archiving

September 18th, 2013

We've been dealing with similar issues, Evelyn. So I'd also like to hear how other people dealt with LinkedIn token expiration/revoking policies.

Evelyn Hu -

September 19th, 2013

Hi Mohammad, thanks for your insights. Did LinkedIn ever state in those times the reason behind their revoking access? Were your startups doing anything outside the policy permissions, like saving data on the backend or sending too many messages, etc? Also, what would you specifically think are benefits to linkedin (e.g. in Jobvite's case or any other competitor whose tokens haven't been revoked)?

Mohammad Forouzani CEO at Forecast.net

September 19th, 2013

I never actually got access revoked, but it was one of the things that were on my mind constantly. We always had to have a "plan b" in case linkedin shut off their API.


Alec Lebedev Team Architect: Proofpoint Social Platform for Archiving

September 19th, 2013

Mohammad, I am curious how you handled 60-date oath token expiration? Did you send users an email asking to re-auth your app with LinkedIn? Do you know if becoming a LinkedIn business partner will help us ge tokens that never expire?

Thanks

Mohammad Forouzani CEO at Forecast.net

September 20th, 2013

Ive never needed more than a few days of auth, so never ran into the 60 day issue. AFAIK being a biz partner does not give you longer tokens.

All I know is that trying to keep a site in sync with some other 3rd party such as linkedin is a whole heap of pain - make sure you are up for the maintenance headache before you go down that route.

Having said that, you can renew the auth token without "authorization" from the user, you just have to send them to linkedin and they will redirect the user straight back (as long as they are logged in to linkedin).

Alec Lebedev Team Architect: Proofpoint Social Platform for Archiving

September 20th, 2013

Right, but even though the user doesn't need to retype the user name and password, it still requires the user to click on the link, which we are trying to avoid.

You said that keeping in sync with linkedin is a pain. Is that because LinkedIn API changes frequently?

Mohammad Forouzani CEO at Forecast.net

September 20th, 2013

no, the api doesnt change that often, its more the process of diffing and merging of all the different text from all the different entities, and having to do it regularly to stay in sync.

so if you allow users to update something on your website, the next time you try to get their linkedin data, it will be different - you are now out of sync.

Alec Lebedev Team Architect: Proofpoint Social Platform for Archiving

September 20th, 2013

Good point. Fortunately, we don't have this problem since we only read LinkedIn data and don't need to sync it.

Did you run into any issues with throttle limits? I understand per application and per user throttle limits, but not so clear on per developer throttle limits. How did you set up your LinkedIn app developers?

Evelyn, sorry for hijacking the thread. Hopefully this discussion is useful to you as well.

Mohammad Forouzani CEO at Forecast.net

September 20th, 2013

I never ran into rate limiting so cant help you there.