Sync ACLs

Article
05/08/2023

The visibility of your customer's synced entities within LinkedIn products will depend on the ACLs you sync.

See ACL Overview before attempting to sync ACLs.

Throttle Limits

Throttle Limits	Requests Per Day (UTC)	Records Per Minute
Application maximum	100,000	10,000

Securable Entity Types

The Middleware Platform supports ACLs for the following entities:

Entity	EntityId Field	Description	Enum
Job Postings	externalJobPostingId	A public or private job synced to the Middleware Platform.	JOB_POSTING

Sync Entity ACLs

Upsert Entity ACLs

Use the following endpoint to create and update ACLs for entities:

PUT https://api.linkedin.com/v2/atsEntityAcls?ids[0].atsEntityAclId={id1}&ids[0].dataProvider=ATS&ids[0].integrationContext={organization URN}&ids[0].atsEntityId={entity id}&ids[0].atsEntityType={entity type}

Note

Please submit batch calls grouped with no more than 100 records in sequential order.
Do not assign more than 10 ACLs per user.
Update ACLs when users or jobs are added or updated to prevent visibility issues.

For each id specified in the request:

Use your security group or role id as the value of ids[i].atsEntityAclId .
Use the customer's organization id as the value of ids[i].integrationContext . The format should be "urn:li:organization:{id}".
Use "ATS" as the value of ids[i].dataProvider .
Use your entity identifier for the value of ids[i].atsEntityId .
Use one of the Securable Entity Type enums for the value of ids[i].atsEntityType .

Sample Request

curl -L -X POST 'https://api.linkedin.com/v2/atsEntityAcls' \
-H 'X-HTTP-Method-Override: PUT' \
-H 'Content-Type: multipart/mixed; boundary=xyz' \
-H 'x-restli-method: batch_update' \
-H 'Authorization: Bearer {token}' \
--data $'--xyz\r\n
Content-Type: application/x-www-form-urlencoded\r\n\r\nids[0].atsEntityAclId=eng_managers&ids[0].dataProvider=ATS&ids[0].integrationContext=urn:li:organization:2414183&ids[0].atsEntityId=JOBP123&ids[0].atsEntityType=JOB_POSTING\r\n--xyz\r\n 
Content-Type: application/json\r\n\r\n{
  "entities": {
    "dataProvider=ATS&integrationContext=urn:li:organization:2414183&atsEntityType=JOB_POSTING&atsEntityId=JOBP123&atsEntityAclId=eng_managers": {}
  }
}\r\n--xyz--'

If you would like to set a particular securable entity or a set of entities to be visible to all users (regardless of their ACL assignment) you can assign them to a special atsEntityAcl where the ids[i].atsEntityAclId parameter is set to ALL_PRODUCT_USERS . All securable entities assigned to this special ACL will be visible to all users.

Refer to the sample call below for more details:

PUT https://api.linkedin.com/v2/atsEntityAcls?ids[0].atsEntityAclId=ALL_PRODUCT_USERS&ids[0].dataProvider=ATS&ids[0].integrationContext={organization URN}&ids[0].atsEntityId={entity id}&ids[0].atsEntityType={entity type}

Sample Request

Headers:

Authorization: Bearer {token}
x-restli-method: batch_update

Request Body:

{
  "entities": {
    "dataProvider=ATS&integrationContext=urn:li:organization:2414183&atsEntityType=JOB_POSTING&atsEntityId=JOBP123&atsEntityAclId=ALL_PRODUCT_USERS": {}
  }
}

Retrieve Entity ACLs

Use the following endpoint to retrieve ACLs:

GET https://api.linkedin.com/v2/atsEntityAcls?atsEntityId={entity id}&atsEntityType={entity type}&dataProvider=ATS&integrationContext={organization URN}&q=criteria

The parameters in the URL are as follows:

Use the customer's organization id as the value of integrationContext. The format should be "urn:li:organization:{id}".
Use "ATS" as the value of dataProvider.
Use your entity identifier for the value of atsEntityId.
Use one of the Securable Entity Type enums for the value of atsEntityType.

Sample Response

A successful request will return 200 OK response code with the following response body:

Sample Response Body

{
    "elements": [
        {
            "atsEntityAclId": "eng_managers",
            "atsEntityId": "JOBP123",
            "atsEntityType": "JOB_POSTING",
            "dataProvider": "ATS",
            "integrationContext": "urn:li:organization:2414183"
        }
    ],
    "paging": {
        "count": 10,
        "links": [],
        "start": 0
    }
}

Delete Entity ACLs

curl -L -X POST 'https://api.linkedin.com/v2/atsEntityAcls' \
-H 'X-HTTP-Method-Override: DELETE' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Authorization: Bearer {token}' \
--data 'ids[0].atsEntityAclId={id1}&ids[0].dataProvider=ATS&ids[0].integrationContext={organization URN}&ids[0].atsEntityId={entity id}&ids[0].atsEntityType={entity type}’

Sample Response

A successful request to upsert or delete will return a 200 OK response code, and you will find the status of each entity in the response body.

Sample Response Body

{
    "errors": {},
    "results": {
        "dataProvider=ATS&integrationContext=urn%3Ali%3Aorganization%3A1000&atsEntityType=JOB_POSTING&atsEntityId=JOBP123&atsEntityAclId=eng_managers": {
            "status": 204
        }
    }
}

Note

Be sure to check the response for error statuses corresponding to individual entities you submit.
Upon success, all copies of data will be deleted.

Sync Entity ACL Assignees

Upsert Entity ACL Assignees

Use the following endpoint to create and update ACL entities for assignees:

PUT https://api.linkedin.com/v2/atsEntityAclAssignees?ids[0].atsEntityAclId={id1}&ids[0].dataProvider=ATS&ids[0].integrationContext={organization URN}&ids[0].assignee={person URN}&ids[0].atsEntityType={entity type}

The maximum number of records which can be submitted during one batch call is 100. If you would like to submit more than 100 at a time, please group the records in to collections of 100 and make multiple batch calls.

For each id specified in the request:

Use your security group or role id as the value of id[i].atsEntityAclId .
Use the customer's organization id as the value of id[i].integrationContext . The format should be "urn:li:organization:{id}".
Use "ATS" as the value of id[i].dataProvider .
Use the user's corresponding Person URN for the value of id[i].assignee . The format should be "urn:li:person:{id}". See Bind Customer Users for details on mapping your users with Person Ids.

Sample Request

curl -L -X POST 'https://api.linkedin.com/v2/atsEntityAclAssignees' \
-H 'X-HTTP-Method-Override: PUT' \
-H 'Content-Type: multipart/mixed; boundary=xyz' \
-H 'x-restli-method: batch_update' \
-H 'Authorization: Bearer {token}' \
--data $'--xyz\r\n
Content-Type: application/x-www-form-urlencoded\r\n\r\nids[0].atsEntityAclId=eng_managers&ids[0].dataProvider=ATS&ids[0].integrationContext=urn:li:organization:2414183&ids[0].assignee=urn:li:person:AxQ35l9xp6Z&ids[0].atsEntityType=JOB_POSTING\r\n--xyz\r\n 
Content-Type: application/json\r\n\r\n{
  "entities": {
    "dataProvider=ATS&integrationContext=urn:li:organization:2414183&assignee=urn:li:person:AxQ35l9xp6Z&atsEntityAclId=eng_managers": {}
  }
}\r\n--xyz--'

Retrieve Entity ACL Assignee

Use the following endpoint to retrieve ACL assignees:

GET https://api.linkedin.com/v2/atsEntityAclAssignees?q=criteria&assignee={person URN}&dataProvider=ATS&integrationContext={organization URN}

The parameters in the URL are as follows:

Use the user's corresponding Person URN for the value of assignee. The format should be "urn:li:person:{id}". See Bind Customer Users for details on mapping your users with Person Ids.
Use the customer's organization id as the value of integrationContext. The format should be "urn:li:organization:{id}".
Use "ATS" as the value of dataProvider.

Sample Response

A successful request will return 200 OK response code with the following response body:

Sample Response Body

{
    "elements": [
        {
            "assignee": "urn:li:person:AxQ35l9xp6Z",
            "atsEntityAclId": "eng_managers",
            "dataProvider": "ATS",
            "integrationContext": "urn:li:organization:2414183"
        }
    ],
    "paging": {
        "count": 10,
        "links": [],
        "start": 0
    }
}

Delete Entity ACL Assignees

curl -L -X POST 'https://api.linkedin.com/v2/atsEntityAclAssignees' \
-H 'X-HTTP-Method-Override: DELETE' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Authorization: Bearer {token}' \
--data 'ids[0].atsEntityAclId={id1}&ids[0].dataProvider=ATS&ids[0].integrationContext={organization URN}&ids[0].assignee={person URN}&ids[0].atsEntityType={entity type}’

Sample Response

A successful request to upsert or delete will return a 200 OK response code, and you will find the status of each entity in the response body.

Sample Response Body

{
    "errors": {},
    "results": {
        "dataProvider=ATS&integrationContext=urn%3Ali%3Aorganization%3A1000&assignee=urn%3Ali%3Aperson%3AAxQ35l9xp6Z&atsEntityAclId=eng_managers": {
            "status": 204
        }
    }
}

Note

Be sure to check the response for error statuses corresponding to individual entities you submit.
Upon success, all copies of data will be deleted.

Sync ACLs

Throttle Limits

Securable Entity Types

Sync Entity ACLs

Upsert Entity ACLs

Sample Request

Sample Request

Retrieve Entity ACLs

Sample Response

Sample Response Body

Delete Entity ACLs

Sample Response

Sample Response Body

Sync Entity ACL Assignees

Upsert Entity ACL Assignees

Sample Request

Retrieve Entity ACL Assignee

Sample Response

Sample Response Body

Delete Entity ACL Assignees

Sample Response

Sample Response Body

Feedback

Feedback

Additional resources