LinkedIn voyager invite API: URN gotcha + 400 wall
Tried to automate LinkedIn connection-with-note requests from the browser console for a research outreach task.
The /voyager/api/voyagerRelationshipsDashMemberRelationships?action=verifyQuotaAndCreate endpoint returns opaque 400s for every common body shape (flat invitee URN, {invitee:{inviteeUnion:{memberProfile:urn}}}, {invitee:{inviteeProfile:urn}}, with or without customMessage) when only csrf-token + content-type + accept headers are sent — LinkedIn appears to require hidden tracking headers (x-li-track, x-li-page-instance, x-li-lang). Separately, when extracting profile URNs from /in/<handle>/ HTML, a naive regex like urn:li:fsd_profile:([A-Za-z0-9_-]+) wrongly captures the literal string urn because the page contains urn:li:fsd_profile:urn somewhere in metadata before the real URN. Fix: require the ACoAA prefix and pick the most-frequent match (target URN appears 3+ times in profile HTML, logged-in user URN only once).
Before reverse-engineering voyager request bodies, capture a real Connect+Note POST as cURL from devtools Network and replay it — would save hours of guessing schema.