Skip to content

Get LinkedIn posting credentials

Set up a LinkedIn app so keryx auth linkedin can capture an access token and keryx post linkedin can post a rendered reel as a video share to your feed. LinkedIn is a standard OAuth2 provider, so auth is the same loopback flow as YouTube — the wrinkle is the token model: a standard app gets a ~60-day access token and no refresh token, so you re-authorize every ~60 days (refresh tokens need Marketing Developer Platform approval — see the spec 0009-linkedin.md §3.1).

Status: app-registration steps (§1–§4) are ready to follow now.

What you need

  • A LinkedIn account and a LinkedIn Company Page (apps must be linked to a Page; create one at https://www.linkedin.com/company/setup/new/ if needed).
  • ~15 minutes. No per-post audit (unlike TikTok) — w_member_social member posting is available once the product is added.

1. Create the app

  1. Go to LinkedIn Developershttps://www.linkedin.com/developers/appsCreate app.
  2. Associate it with your Company Page and verify the Page (the portal walks you through a verification link).
  3. From the Auth tab, note the Client ID and Client Secret:
  4. platforms.linkedin.client_id (non-secret) — goes in keryx config.
  5. LINKEDIN_CLIENT_SECRET (secret) — env var / keychain, never committed.

2. Add the products

On the Products tab, add:

  • Share on LinkedIn — grants w_member_social (post on behalf of the member).
  • Sign In with LinkedIn using OpenID Connect — grants openid + profile (so keryx can read your Person URN, the post author).

Both are self-serve and usually approved instantly.

3. Register the redirect URI

On the Auth tab → Authorized redirect URLs, add a loopback URL:

http://127.0.0.1:8765/

keryx defaults to an ephemeral http://127.0.0.1:<port>/; LinkedIn requires the exact URL to be registered (no wildcard ports), so pin a fixed port and pass it: keryx auth linkedin --redirect http://127.0.0.1:8765/. If LinkedIn rejects http, register an https:// URL and pass that instead (keryx serves a self-signed loopback in that case).

4. Token model & the ~60-day re-auth

  • Standard apps get a ~60-day access token, no refresh token. keryx stores the token + its expiry; when it expires, keryx post linkedin fails with a clear "re-run keryx auth linkedin" message. Just re-authorize.
  • Refresh tokens (no re-auth) require Marketing Developer Platform approval — an advertising/marketing program, overkill for personal posting (spec §3.1). keryx auto-uses a refresh token if one is ever returned, so no code change is needed if you later get MDP access.

Official references

  • LinkedIn — Share on LinkedIn, Sign In with LinkedIn using OpenID Connect.
  • LinkedIn — Posts API and Videos API (versioned).
  • LinkedIn — Refresh Tokens with OAuth 2.0 (MDP-only).

5. Authorise keryx

With the client id in config (platforms.linkedin.client_id) and the secret in the environment (LINKEDIN_CLIENT_SECRET):

keryx auth linkedin --redirect http://127.0.0.1:8765/

It opens the authorize URL, captures the code on the loopback (paste fallback for headless boxes), reads your Person URN, and stores the access token. platforms.linkedin.enabled flips true. Then keryx post linkedin posts a reel as a video share.

Note on visibility: LinkedIn has no private ("only me") option — a post is PUBLIC or CONNECTIONS. For a first live test, set platforms.linkedin.visibility: CONNECTIONS (or delete the test post after), since it will be visible. Video must be MP4, 3 s–30 min, 75 KB–500 MB.