Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Warning
Deprecation Notice
The Marketing Version 202406 (Marketing June 2024) has been sunset. We recommend that you migrate to the latest versioned APIs to avoid disruptions. See the Migration page for more details.
If you haven’t yet migrated and have questions, submit a request on the LinkedIn Developer Support Portal.
The LinkedIn Campaign Management APIs enable business account administrators to assign roles and functions to specific users. This gives admins the flexibility to grant access to campaign and creative data, as well as other associated campaign collateral.
Permissions
You need the following scope permissions along with one of the listed Ad Account roles:
Scope permissions:
rw_ads(Read/Write)r_ads(Read-Only)
Ad Account Roles:
ACCOUNT_BILLING_ADMINACCOUNT_MANAGERCAMPAIGN_MANAGERCREATIVE_MANAGERVIEWER(Read-Only, even with rw_ads scope)
For more information on the Ad Account roles and permissions:
- Refer to the Ad Account User Role Definitions
- See also: Create and Manage Ad Account Users
Ad Account User Role Definitions
The following table describes in detail what each role provides:
| Control Name | Description |
|---|---|
| VIEWER | View campaign data and reports for the account. No ability to create or edit campaigns or ads |
| CREATIVE_MANAGER | View campaign data and reports for the account. Ability to create and edit ads |
| CAMPAIGN_MANAGER | View campaign data and reports for the account. Ability to create and edit campaigns and ads |
| ACCOUNT_MANAGER | View campaign data and reports for the account. Ability to create and edit campaigns and ads. Edit account data and manage user access for the account. |
| ACCOUNT_BILLING_ADMIN | View campaign data and reports for the account. Ability to create and edit campaigns and ads. Edit account data and manage user access for the account. Can also access billing data and is billed for this account. Note: There should be exactly one user with this role in an account. |
Grant User Access
Each user account can be described by the AccountUser object. For more details please refer to Create and Manage Account Users.
This object consists of the following field types:
| Field | Type | Description |
|---|---|---|
| account | URN | The Ad Account URN to which access is being granted. |
| user | URN | The user URN that you intend to grant access to. |
| role | AccountUserRole | The access type that is granted to the user. Valid values include: |
Note that a URN type is expected for both user and account. These URNs map to the person IDs and account IDs returned by other APIs. However, when managing users for an Ad account, you must format the subject and object as URNs using the IDs of persons and/or Ad accounts. For example, the account ID 777999 would be formatted as urn:li:sponsoredAccount:777999. Similarly, the person ID 12345 is formatted as urn:li:person:12345. Person ID can be retrieved by sending a GET /me request for the authenticated member from your developer application.
Setting up new account users, as well as editing existing account users, can be accomplished via a PUT call to the Ad Account Users API. In either case, the account user resource to be created/edited can be identified by a key composed of a combination of both the user and account.
Sample Request
In the example below, a member is granted read-only access to the Ad account. The body of the PUT request is an adAccountUser object with VIEWER for the role field.
PUT https://api.linkedin.com/rest/adAccountUsers/(account=urn:li:sponsoredAccount:123456789,user=urn:li:person:qZXYVUTSR)
Sample Response
{
"account": "urn:li:sponsoredAccount:12345...",
"role": "VIEWER",
"user": "urn:li:person:56789..."
}
Remove User Access
Use the DELETE method to remove an AdAccountUser resource.
Sample Request
DELETE https://api.linkedin.com/rest/adAccountUsers/(account=urn:li:sponsoredAccount:12345,user=urn:li:person:56789)
Fetch Existing Ad Account Users
When making a GET call to fetch existing users on an account, the authenticated user can only view themselves unless they are an account manager.
Sample Request
GET https://api.linkedin.com/rest/adAccountUsers?accounts=urn:li:sponsoredAccount:123456789&q=accounts
Sample Response
{
"paging": {
"start": 0,
"count": 2147483647,
"links": [],
"total": 1
},
"elements": [
{
"role": "ACCOUNT_BILLING_ADMIN",
"changeAuditStamps": {
"created": {
"time": 1619111821000
},
"lastModified": {
"time": 1619111821000
}
},
"user": "urn:li:person:userId",
"account": "urn:li:sponsoredAccount:123456789"
}
]
}
Fetch a Specific User
Sample Request
GET https://api.linkedin.com/rest/adAccountUsers/(account=urn:li:sponsoredAccount:123456789,user=urn:li:person:eEM1Em1em)
Sample Response
{
"role": "CAMPAIGN_MANAGER",
"changeAuditStamps": {
...
"user": "urn:li:person:eEM1Em1em",
"account": "urn:li:sponsoredAccount:123456789"
}
Verify Access to Create a Video Ad
Use this endpoint to verify if the user has permission to create a Video Ad Dark post. You need rw_ads permission to use this resource.
GET https://api.linkedin.com/rest/organizationalEntityCreateShareAuthorizations/owner=urn:li:company:5590506&loggedInMember=urn:li:person:LBSWch4wcA&agent=urn:li:sponsoredAccount:517753843
You can get a response similar to one of the following with status code of 200.
Denied Response Sample
{
"status": {
"com.linkedin.sharingauth.Denied": {}
}
}
Approved Response Sample
{
"status": {
"com.linkedin.sharingauth.Approved": {}
}
}