LinkedIn Ads OAuth Re-Auth
Use this runbook when AdPilot loses LinkedIn Campaign Manager access, a LinkedIn token reaches the expected re-auth cycle, or the selected ad account no longer grants Marketing API access.
Before You Reconnect
Confirm the LinkedIn setup is still valid:
- The connected LinkedIn user can see the target Campaign Manager account.
- The user has a role that allows the operation being recovered; Viewer access remains read-only.
- The LinkedIn Developer app still has the Advertising API product approved if you use a customer-owned app.
- The OAuth client ID/client secret and Opius redirect URI are still configured.
- The ad account is mapped to the app when the app’s access tier requires mapping.
- Organization Page and conversion-rule access are still valid when those workflows are in scope.
Scope Requirements
| Scope | Purpose |
|---|---|
r_ads | Read ad accounts, campaign structure, and creatives. |
rw_ads | Create or update LinkedIn campaign entities after approval. |
r_ads_reporting | Read performance reporting for monitoring and weekly reports. |
rw_conversions | Manage conversion rules or stream conversion events when conversion workflows are enabled. |
rw_conversions is now part of the standard LinkedIn Ads OAuth request. Existing LinkedIn Ads connections created before this scope was added must reconnect before AdPilot can send LinkedIn conversion events.
Account role still gates the token. A user with Viewer access remains read-only even if the token has a write-capable scope.
How To Identify Expired Auth
The dashboard shows a provider banner on the AdPilot setup, monitoring, or run detail view when LinkedIn Ads needs attention.
| Banner | Meaning | Customer impact |
|---|---|---|
Auth expiring soon | The LinkedIn token is approaching the planned re-auth window. | Monitoring can continue, but reconnect should be scheduled. |
Auth expired | The saved LinkedIn token can no longer be used. | LinkedIn reads and writes stop. |
Reconnect required | AdPilot cannot verify current Campaign Manager access. | Scheduled monitoring for LinkedIn is blocked. |
Missing scope | Required Marketing API permissions were not granted or were removed. | Reporting and spend-changing actions remain blocked. |
LinkedIn access is expected to require periodic customer re-authorization. Plan for a 60-day cycle unless LinkedIn grants a longer-lived app configuration for your account.
Reconnect Steps
- Open Settings -> Integrations for the AdPilot drone.
- Find LinkedIn Ads and select Reconnect. If the dashboard opens a reconnect dialog, use the Reconnect LinkedIn Ads button to start OAuth.
- Sign in with the LinkedIn user that has access to the target Campaign Manager account.
- Approve the requested LinkedIn Marketing permissions.
- After LinkedIn redirects back to Opius Drone, confirm the dashboard shows the reconnect success banner.
- Confirm the LinkedIn Ads provider card returns to
Connected. - Open the AdPilot monitoring view and confirm the LinkedIn schedule is no longer blocked.
If the banner is Auth expiring soon, reconnect before the token expires so scheduled monitoring does not miss the next daily run.
What Data Is Preserved
Re-auth updates the LinkedIn credential record only. It preserves:
- AdPilot configuration, budget caps, target CPA/ROAS, and rules.
- Approval history, including approved, rejected, expired, and stale approvals.
- Campaign plan drafts and pending recommendations.
- Monitoring history and weekly report history.
- Conversion event configuration when LinkedIn conversions are in scope.
- Existing provider campaign IDs and account mappings when the account is still visible.
Rejected or expired approvals are not revived by reconnecting. A new spend-changing action still requires a new approval.
How Monitoring Resumes
After reconnect succeeds, AdPilot refreshes provider status and unblocks LinkedIn scheduled monitoring. The next scheduled daily monitor can read spend, delivery, conversions, provider errors, rejected ads, and pacing again.
Spend-changing actions do not resume automatically from a previous rejected, expired, or stale approval. If AdPilot recommends launch, budget increase, bid-strategy change, or reactivation after re-auth, it sends a new approval card.
60-Day Re-Auth Cycle
Plan to reconnect LinkedIn Ads on a recurring 60-day cycle:
- Day 50: the dashboard can show an expiring-soon banner so you can reconnect early.
- Day 55: AdPilot can send an additional reminder through the customer’s configured notification channel.
- Day 60: LinkedIn operations are blocked if the token has expired.
When LinkedIn auth is expired, AdPilot keeps non-LinkedIn provider monitoring separate. It blocks only LinkedIn reads and writes unless the campaign plan depends on cross-provider data that cannot be safely evaluated.
Common Recovery Notes
- If the account picker does not show the expected ad account, verify Campaign Manager access for the connected LinkedIn user.
- If the banner says
Missing scope, reconnect and accept the full Marketing API permission prompt. - If LinkedIn auth expired mid-run, reconnect first, then ask AdPilot to refresh the plan before approving any spend change.
- If monitoring still says blocked after reconnect, use AdPilot troubleshooting and confirm the selected account is active.
Return to AdPilot.