API stands for Application Programming Interface, and is essentially a set of rules and procedures for accessing and using an application or service. One of the things that took me a while to grasp is that the documentation of API is language-independent. So, when you decide to read up on Facebook’s Graph API or LinkedIn’s API to make a post, the information is generic and applies to any programming language you happen to be using. It is essentially meant to follow HTTP as that is how your web-based application is communicating with the API.
Before we go any further I would like to talk about this absolutely amazing new tool that I was just informed about — Postman.
If you happen to be the only other Newbie programmer around Postman helps you manage and use APIs. Despite that being the official blurb on it, it is an understatement. To my absolute delight, I learned that you can just enter a few keywords and the application will translate it into code for you — in the language of your choice no less. Honestly, I was in sheer awe of this tool. So please do go ahead and install Postman if you haven’t already done so. It is extremely user-friendly and simple to use and we shall be using it for this example.
Step 1: Configure Your Application
- If you are just getting started, create a new application.
- If you have an existing application, select it to modify its settings.
- After selecting an application, click the “Auth” link in the navigation to view your application’s credentials and configure a callback URL to your server.
Each application is assigned a unique Client ID (also known as Consumer key or API key) and Client Secret. Make note of these values as they have to be integrated into the configuration files or the actual code of your application.
Step 2: Request an Authorisation Code
To request an authorization code, you must direct the member’s browser to LinkedIn’s OAuth 2.0 authorization page, where the member either accepts or denies your application’s permission request.
Go to Postman and create the following request:
Note: In the GET block only type: https://www.linkedin.com/oauth/v2/authorization
(The rest will be added automatically)
By providing valid LinkedIn credentials and clicking Allow, the member approves your application’s request to access their member data and interact with LinkedIn on their behalf. This approval instructs LinkedIn to redirect the member to the callback URL that you defined in your redirect uriparameter.
Attached to the redirect_uri are two important URL arguments that you need to read from the request:
- code — The OAuth 2.0 authorization code.
- state — A value used to test for possible CSRF attacks.
The code is a value that you exchange with LinkedIn for an OAuth 2.0 access token in the next step of the authentication process. For security reasons, the authorization code has a 30-minute lifespan and must be used immediately. If it expires, you must repeat all of the previous steps to request another authorization code.
Before you use the authorization code, your application should ensure that the value returned in the state parameter matches the state value from your original authorization code request. This ensures that you are dealing with the real member and not a malicious script. If the state values do not match, you are likely the victim of a CSRF attack and your application should return a 401 Unauthorized error code in response.
Step 3: Exchange Authorisation Code for an Access Token
In Postman create the following request:
A successful access token request returns a JSON object containing the following fields:
- expires_in — The number of seconds remaining until the token expires. Currently, all access tokens are issued with a 60 day lifespan.
access_token = response.json()[‘access_token’]
Things to Note:
LinkedIn does not generate long-lived access tokens. Make sure your application refreshes access tokens before they expire, to avoid unnecessarily sending your application’s users through the authorization process again. To refresh an access token, go through the authorization process again to fetch a new token. This time however, in the refresh workflow, the authorization screen is bypassed and the member is redirected to your callback URL, provided the following conditions are met:
- The member is still logged into www.linkedin.com
- The member’s current access token has not expired
Retrieving Member ID
Follow the following steps:
Make a Simple Text Post
Create a new Postman request as follows:
(Ensure that the same authorization token has been entered.)
If you want to post an article/URL make the following changes
You have probably made your first LinkedIn post once you execute that request. You can then take the various requests in Postman and translate them into code, in the language of your choice. Have fun integrating it and debugging 🙂
Stay tuned for another post next week on whatever exciting I chance upon.