diff --git a/wherehows-frontend/app/controllers/api/v2/Dataset.java b/wherehows-frontend/app/controllers/api/v2/Dataset.java
index e8bcd3c1d0..16ca70cfde 100644
--- a/wherehows-frontend/app/controllers/api/v2/Dataset.java
+++ b/wherehows-frontend/app/controllers/api/v2/Dataset.java
@@ -351,18 +351,20 @@ public class Dataset extends Controller {
       return Promise.promise(() -> unauthorized(_EMPTY_RESPONSE));
     }
 
-    String accessType = request().getQueryString("accessType");
-    String businessJustification = request().getQueryString("businessJustification");
-    Long expireAt = NumberUtils.toLong(request().getQueryString("expireAt"), 0);
-    if (businessJustification == null) {
+    JsonNode record = request().body().asJson();
+
+    String accessType = record.hasNonNull("accessType") ? record.get("accessType").asText() : null;
+    Long expiresAt = record.hasNonNull("expiresAt") ? record.get("expiresAt").asLong() : null;
+    if (!record.hasNonNull("businessJustification")) {
       return Promise.promise(() -> badRequest(errorResponse("Missing business justification")));
     }
+    String businessJustification = request().getQueryString("businessJustification");
 
     try {
       if (accessType == null) {
         ACL_DAO.addUserToDatasetAcl(datasetUrn, username, businessJustification);
       } else {
-        ACL_DAO.addUserToDatasetAcl(datasetUrn, username, accessType, businessJustification, expireAt);
+        ACL_DAO.addUserToDatasetAcl(datasetUrn, username, accessType, businessJustification, expiresAt);
       }
     } catch (Exception e) {
       Logger.error("Add user to ACL error", e);
diff --git a/wherehows-frontend/conf/routes b/wherehows-frontend/conf/routes
index 310110c5f1..c67b213bfa 100644
--- a/wherehows-frontend/conf/routes
+++ b/wherehows-frontend/conf/routes
@@ -308,9 +308,9 @@ GET           /api/v2/datasets/:urn/compliance/suggestion
 
 GET           /api/v2/datasets/:urn/acl                                         controllers.api.v2.Dataset.getDatasetAcls(urn: String)
 
-POST          /api/v2/datasets/:urn/acl/add                                     controllers.api.v2.Dataset.addUserToDatasetAcl(urn: String)
+PUT           /api/v2/datasets/:urn/acl/add                                     controllers.api.v2.Dataset.addUserToDatasetAcl(urn: String)
 
-PUT           /api/v2/datasets/:urn/acl/remove                                  controllers.api.v2.Dataset.removeUserFromDatasetAcl(urn: String)
+DELETE        /api/v2/datasets/:urn/acl/remove                                  controllers.api.v2.Dataset.removeUserFromDatasetAcl(urn: String)
 
 # Map static resources from the /public folder to the /assets URL path
 GET           /assets/*file                                                     controllers.Assets.at(path="/public", file)