Best Practices for Application Development

LinkedIn members are more comfortable trusting your application when you are transparent about how you will use their data. We recommend following these best practices to help your application deliver the most value.

Authentication

  • Whenever possible, remind the member that they are logged into your application by displaying their name, portrait, and/or account settings somewhere on the page.
  • Avoid multiple login prompts.
  • Cache the member's access token after they grant your application access and do not bring the member through the authentication flow again unless they log out or the access token expires.
  • Make sure you allow the member to log out, and when they do log out, ensure you destroy their access token.
  • If you authorize the member through the JS SDK, do not send the member through the REST authorization flow. If you do, users will have to re-authorize your application. You can exchange the JS SDK token for an OAuth 2.0 REST access token if you want to make REST calls. Otherwise, use the JS SDK token to make calls with the JS SDK.

If a member authorizes your application through the REST workflow, it does not mean they are automatically logged in to LinkedIn.com. You should not assume that the member has access to resources that are on the LinkedIn.com website when in your application.

Error Handling and Logging

Due to the nature of cloud APIs, LinkedIn's services are occasionally interrupted or temporarily unavailable for reasons outside of LinkedIn's control. Assume that any API call you make to LinkedIn or any third party could potentially fail. Always include error-handling logic in your requests. See the Errors page for API error codes and messages.

A 500 Internal Server Error indicates that LinkedIn is experiencing an internal error. If you continue to receive server errors, record the following details:

  • Request: url, method, header. For example, access_token, body.
  • Response: header. For example, x-li-uuid, x-li-fabric, x-li-request-id, body.
  • Your application configuration. For example, Client ID.

If you continue to get errors, reach out to your partner technical support channel, or see Developer Support.