LinkedIn REST API Integration in Java Using OAuth 2.0

Integrating the LinkedIn REST API in Java requires implementing OAuth 2.0 authorization flow to securely access user data like profile info, posts, and connections. You obtain an access token via authorization code flow and then use it to call LinkedIn APIs—ensuring secure, scalable, and production-ready integrations.

Introduction

Integrating third-party APIs like LinkedIn sounds simple—until authentication becomes the bottleneck. Developers often struggle with token handling, authorization flows, and API permissions.

In my decade of teaching Java, I’ve seen developers get stuck not because of coding complexity, but due to misunderstanding OAuth flows. Our students in Hyderabad often face issues where APIs fail due to expired tokens or incorrect scopes.

Let’s simplify LinkedIn API integration with OAuth 2.0 step by step.

What is OAuth 2.0?

OAuth 2.0 is an authorization framework that allows applications to access user data without exposing credentials.

Key Components:

• Resource Owner (User)
• Client (Your Application)
• Authorization Server (LinkedIn)
• Access Token

Why OAuth 2.0 is Required for LinkedIn API

Without OAuth:

• Security risks
• Credential exposure
• No controlled access

With OAuth:

• Secure access tokens
• Scoped permissions
• Token expiration control

OAuth 2.0 Authorization Flow (LinkedIn)

Steps:

1. Redirect user to LinkedIn login
2. User grants permission
3. Receive authorization code
4. Exchange code for access token
5. Call LinkedIn APIs using token

Prerequisites

Before coding, you need:

Setup:

• LinkedIn Developer Account
• Client ID & Client Secret
• Redirect URI configured

Java Implementation (Step-by-Step)

Example 1: Generate Authorization URL

java id="5glv4o"
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;

public class LinkedInAuth {
    public static void main(String[] args) {
        String clientId = "YOUR_CLIENT_ID";
        String redirectUri = "http://localhost:8080/callback";
        String scope = "r_liteprofile r_emailaddress";

        String url = "https://www.linkedin.com/oauth/v2/authorization?" +
                "response_type=code" +
                "&client_id=" + clientId +
                "&redirect_uri=" + URLEncoder.encode(redirectUri, StandardCharsets.UTF_8) +
                "&scope=" + URLEncoder.encode(scope, StandardCharsets.UTF_8);

        System.out.println("Authorize URL: " + url);
    }
}

Explanation:

• Redirects user to LinkedIn login page
• Requests permissions

Edge Case:

• Incorrect redirect URI → authorization failure
• Must exactly match LinkedIn app settings

Example 2: Exchange Code for Access Token

java id="u1d3pq"
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;

public class TokenExchange {
    public static void main(String[] args) throws Exception {
        String code = "AUTH_CODE";

        URL url = new URL("https://www.linkedin.com/oauth/v2/accessToken");
        HttpURLConnection conn = (HttpURLConnection) url.openConnection();

        conn.setRequestMethod("POST");
        conn.setDoOutput(true);

        String params = "grant_type=authorization_code" +
                "&code=" + code +
                "&redirect_uri=http://localhost:8080/callback" +
                "&client_id=YOUR_CLIENT_ID" +
                "&client_secret=YOUR_CLIENT_SECRET";

        try (OutputStream os = conn.getOutputStream()) {
            os.write(params.getBytes());
        }

        System.out.println("Response Code: " + conn.getResponseCode());
    }
}

Explanation:

• Exchanges authorization code for access token

Edge Case:

• Code expires quickly (~30 sec)
• Must exchange immediately

Example 3: Calling LinkedIn Profile API

java id="apq4bb"
import java.net.HttpURLConnection;
import java.net.URL;

public class LinkedInProfile {
    public static void main(String[] args) throws Exception {
        String accessToken = "ACCESS_TOKEN";

        URL url = new URL("https://api.linkedin.com/v2/me");
        HttpURLConnection conn = (HttpURLConnection) url.openConnection();

        conn.setRequestProperty("Authorization", "Bearer " + accessToken);

        System.out.println("Response Code: " + conn.getResponseCode());
    }
}

Explanation:

• Uses access token to fetch profile data

Edge Case:

• Expired token → 401 Unauthorized
• Implement token refresh strategy

Example 4: Handling Token Expiry

java id="c2l8xg"
public class TokenManager {

    private String accessToken;
    private long expiryTime;

    public boolean isTokenExpired() {
        return System.currentTimeMillis() > expiryTime;
    }

    public void refreshToken() {
        System.out.println("Refreshing token...");
        // Call LinkedIn API to refresh
    }
}

Explanation:

• Tracks token expiry
• Ensures valid API calls

Edge Case:

• LinkedIn doesn’t always provide refresh tokens
• May require re-authentication

Example 5: Spring Boot Integration

java id="92ijpd"
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class LinkedInController {

    @GetMapping("/linkedin/profile")
    public String getProfile() {
        return "Fetch LinkedIn Profile using OAuth Token";
    }
}

Explanation:

• Integrates API into Spring Boot app
• Exposes endpoint

Edge Case:

• Don’t store tokens in plain text
• Use secure storage (Vault, DB encryption)

OAuth 2.0 vs API Key Authentication

Feature	OAuth 2.0	API Key
Security	High	Low
User Consent	Required	Not required
Token Expiry	Yes	No
Use Case	User data access	Simple APIs
Complexity	Medium	Low

Best Practices for LinkedIn API Integration

Always use HTTPS

Store tokens securely

Handle token expiration

Use minimal scopes

Log API failures

Common Mistakes Developers Make

• Incorrect redirect URI
• Not handling token expiry
• Over-requesting permissions
• Logging sensitive tokens

Real-Time Use Cases

• LinkedIn login integration
• Profile data fetching
• Job posting automation
• Social media analytics

Our students in Hyderabad often build real-time applications integrating LinkedIn APIs, especially for HRTech and job portals.

When NOT to Use LinkedIn API

• If you don’t need user data
• For static integrations
• When simpler APIs are sufficient

Performance Considerations

Optimize By:

• Caching responses
• Minimizing API calls
• Using async processing

Security Considerations

Risks:

• Token leakage
• Unauthorized access

Solutions:

• Encrypt tokens
• Use short-lived tokens
• Implement rate limiting

FAQ Section

1. What is OAuth 2.0 in LinkedIn API?

It is a secure authorization method that allows applications to access user data without exposing credentials.

2. How do I get LinkedIn access token?

By exchanging the authorization code received after user login.

3. Why does my token expire?

For security reasons, LinkedIn tokens have limited validity.

4. Can I use LinkedIn API without OAuth?

No, OAuth is mandatory for accessing user data.

5. Is LinkedIn API free?

Some features are free, but advanced APIs may require approval.

Final Thoughts

Integrating LinkedIn REST APIs using OAuth 2.0 is a must-have skill for modern Java developers, especially those building social, HR, or analytics platforms.

In my decade of teaching Java, I’ve seen developers struggle initially—but once they understand OAuth, it becomes a powerful tool.

To stay ahead in 2026, mastering integrations like this through AI powered Core JAVA Online Training in ameerpet will give you a strong edge in the job market.