The Dux-Soup API


The Dux-Soup API allows you to control and automate all aspects of your LinkedIn outreach. This open API can be used by anyone with a Dux-Soup Turbo or Cloud Edition license. The following sub-APIs are included:

LinkedIn Activity API

This API enables the scheduling of activities to be executed by the Dux-Soup extension. LinkedIn activities are always added to a queue to allow for the activity to be throttled according to the user's settings. This API was formerly known as the Remote Control API.

Browse the LinkedIn Activity API

User Settings API

This API provides full read and write access to all the Dux-Soup user configuration parameters.

Browse the User Settings API

Extension Control API

This API provides access to a subset of the available UI actions that are commonly triggered by the end-user. 

Browse the Extension Control API

Queue Management API

This API provides access and control over the queued activity.

Browse the Queue Management API

User Profile API

This API provides access to the details of the end user.

Browse the User Profile API

Prospect API

This API provides access to the details of the prospects in a campaign.

Browse the Prospect API

Connecting to the API 

Each sub-API has its own URL, or in some cases multiple URLs. Please refer to each specific sub-API for these details.

Authenticating API calls

All API calls to Dux-Soup require authentication. Authentication of the API calls is done using a cryptographically signed header ‘X-Dux-Signature: [SomeHash]’. This calculation is done using the Authentication Key as found in Dux-Soup Options -> Connect

The value can be calculated using the following example Javascript function. In this example code we use the jsSHA Javascript library [1], but any SHA library will work as long as it support SHA-1, HMAC and BASE64 encoded output:

function calculateHMAC(apikey, message){

var shaObj = new jsSHA("SHA-1", "TEXT");

shaObj.setHMACKey(apikey, "TEXT");


var hmac = shaObj.getHMAC("B64");

return hmac;


  • For HTTP POST requests The inputs for the function are 1) the apikey of the user, as found in the options panel, and 2) the JSON BODY of the HTTP request.
  • For HTTP GET requests The inputs for the function are 1) the apikey of the user, and 2) the URL of the API endpoint of the HTTP request. 

The resulting HMAC contains the required hash. This hash needs to be included as a HTTP Header value: ‘X-Dux-Signature: <<HMAC>>’.

Required Fields

All API POST calls to Dux-Soup API require a JSON request body. 

In addition, the following HTTP headers need to be included

Content-type application/json
X-Dux-Signature Valid HMAC value ( See above )

The HTTP body needs to contain a JSON object with the following fields, to ensure acceptance by the server:

targeturl The target URL of this command, where the command is delivered. Should start with
timestamp Current ‘unix’ time in milliseconds. The timestamp needs to be within 5 minutes of the current time.
userid The userid to which the command will be sent for execution. Should correspond to the userid in the target URL.

Testing API calls

Dux-Soup includes a tool that allows you to execute any API call, or generate the corresponding ‘curl’ [2] commands to execute from a command line. It's the easiest way to try the API. To use this tool just point your browser to

Demo: See how to generate the curl command for inserting a connection request into the queue. See how to execute the API call from the test tool, and learn where to find the newly queued activity.