How to Access LinkedIn Data Without a Browser

LinkedIn is one of the hardest platforms to extract data from. It has no public API for most data types, aggressively detects and blocks automation tools, and restricts even its official API to approved partners. If you're building a recruiting tool, sales intelligence pipeline, or market research agent, LinkedIn data is essential — but accessing it feels impossible.

The standard approaches — scraping with Playwright, using unofficial API wrappers, or buying from data brokers — all have serious problems. There's a more reliable method that most developers haven't considered.

The Problem with LinkedIn Data Access

LinkedIn's data access landscape is uniquely hostile:

• Official API: Requires a LinkedIn developer application with explicit approval. Most endpoints (profile data, job listings, company pages) are restricted to LinkedIn Marketing Partners or specific use cases. Approval takes weeks and most applications are rejected.
• HTML Scraping: LinkedIn employs multi-layered bot detection: browser fingerprinting, behavioral analysis, CAPTCHA challenges, and IP reputation scoring. Headless browsers are detected within minutes. Even rotating proxies and realistic browser profiles get flagged quickly.
• Unofficial API libraries: Libraries like linkedin-api (Python) reverse-engineer LinkedIn's mobile API. They work intermittently but LinkedIn patches them regularly, and using them risks account bans.
• Data brokers: Companies like Proxycurl, People Data Labs, and others sell LinkedIn data for $0.01-0.10 per profile. Expensive at scale and data freshness is questionable.

The core problem is that LinkedIn treats any automated access as adversarial — even when you're accessing your own data or data that's publicly visible to logged-in users.

Shadow APIs: The Alternative

Every time you visit linkedin.com, your browser makes API calls behind the scenes. These internal endpoints return clean JSON data — the same data that renders the profiles, job listings, and search results you see.

LinkedIn's frontend is a sophisticated SPA (built on Ember.js/React hybrid) that communicates with a RESTful API layer. These internal APIs use LinkedIn's proprietary "Voyager" API protocol, returning richly structured data with entity URNs, relationship metadata, and complete field coverage.

Unbrowse captures these shadow APIs automatically from real browsing sessions.

What Unbrowse Discovers on LinkedIn

Browsing LinkedIn through Unbrowse reveals a comprehensive internal API surface:

• Profile View: GET /voyager/api/identity/profiles/{vanityName} — complete profile data including headline, summary, experience, education, skills, certifications, and connection count. Returns more fields than the official API.
• Search (People): GET /voyager/api/graphql?variables=(keywords:{query})&queryId=voyagerSearchDashClusters — people search with filters for company, location, industry, title, and connection degree. Returns structured results with mini-profiles.
• Search (Jobs): GET /voyager/api/graphql?variables=(keywords:{query})&queryId=voyagerJobsDashJobCards — job listings with company, location, salary range (when available), posting date, and applicant count.
• Company Page: GET /voyager/api/organization/companies/{companyId} — company overview including employee count, industry, headquarters, specialties, and recent updates.
• Feed: GET /voyager/api/feed/updatesV2?... — your LinkedIn feed with posts, articles, engagement metrics, and comment threads.

These Voyager API endpoints return LinkedIn's internal entity format — richly typed objects with URN identifiers that can be cross-referenced across endpoints.

How It Works

npm install -g unbrowse
unbrowse resolve "search for machine learning engineers in San Francisco" --url https://linkedin.com

The process:

1. Cookie Injection: Unbrowse extracts your LinkedIn session cookies from your local Chrome or Firefox profile. Your li_at session token is injected into Kuri (Unbrowse's browser engine), giving it your authenticated session without requiring a login flow.
2. Browse: Kuri loads LinkedIn with your real session, complete with anti-detection extensions. LinkedIn sees a real browser with a real user session — because it is one.
3. Capture: Every Voyager API call is intercepted. The fetch/XHR interceptor catches requests that HAR recording might miss (LinkedIn uses complex request batching).
4. Index: Endpoints are analyzed for URL templates, CSRF token patterns (jsessionid cookie + csrf-token header), and parameter semantics. Each endpoint is labeled with what it returns.
5. Cache and Execute: Indexed routes are stored with their auth patterns. Future requests call LinkedIn's Voyager API directly — no browser needed, just your session cookies and CSRF token.

Performance

Metric	Browser Automation (Playwright)	Data Broker (Proxycurl)	Unbrowse (cached)
Speed	~5,000ms	~800ms	<150ms
Tokens consumed	~15,000	N/A	~300
Cost per profile	$0.53	$0.01-0.10	$0.005
Detection risk	High (minutes)	None	None
Data freshness	Real-time	Hours to days	Real-time
Monthly cost	Compute + proxy	$50-500+	Free (open source)

The key advantage over browser automation is detection risk. LinkedIn's anti-bot system is among the most sophisticated on the web. Unbrowse bypasses this entirely because it uses your real browser session — there's nothing to detect.

When to Use This Approach

Recruiting pipeline enrichment: Your AI agent needs to search for candidates matching specific criteria (skills, location, experience level). Instead of building fragile Playwright scrapers that break weekly, Unbrowse gives the agent direct access to LinkedIn's people search API.

Sales intelligence: Pull company data, employee counts, recent hires, and organizational changes for sales prospecting. The company and people search endpoints provide the same data that Sales Navigator surfaces.

Market research: Monitor job postings in specific industries or companies to track hiring trends, salary ranges, and skill demand. The job search endpoint supports all the filters LinkedIn's UI offers.

Professional network analysis: Map connections, shared contacts, and professional relationships using LinkedIn's graph data. The Voyager API exposes relationship metadata that the official API doesn't.

Getting Started

# Install Unbrowse globally
npm install -g unbrowse

# Run initial setup
unbrowse setup

# Make sure you're logged into LinkedIn in Chrome first, then:
unbrowse resolve "search for senior engineers at Google" --url https://linkedin.com

# Cached routes make subsequent queries instant
unbrowse resolve "find data scientists in New York" --url https://linkedin.com

Unbrowse is open source and published on arXiv. It works as an MCP server for Claude, as a LangChain tool, or standalone.

FAQ

Is this legal? Unbrowse uses your authenticated browser session. It accesses the same APIs your browser calls when you browse LinkedIn normally. You're viewing data you already have access to as a logged-in user — Unbrowse just captures and reuses the API patterns.

How is this different from scraping? Scraping parses HTML and simulates clicks. Unbrowse discovers and calls LinkedIn's actual Voyager APIs — the same ones their frontend uses. The data comes back as structured JSON with typed entity objects, not HTML to parse.

Won't LinkedIn detect this? Unbrowse runs a real browser with your real credentials. From LinkedIn's perspective, it's indistinguishable from you browsing normally. The API calls happen at human-like rates using your actual session. There's no fingerprint anomaly to detect.

What about LinkedIn's rate limits? LinkedIn rate-limits its internal APIs, but the limits are designed for real user browsing patterns (hundreds of page views per session). As long as you're not making thousands of requests per minute, you won't hit them.

Can my account get banned? Unbrowse makes the same API calls your browser makes. The risk is comparable to browsing LinkedIn normally. It doesn't create fake accounts, doesn't send automated messages, and doesn't access data you couldn't see by clicking through the UI.