Docs Menu
Docs Home
/
MongoDB Atlas
/
Programmatic Access
/
Atlas Administration API
/
More API Resources

Generate Service Account Token

On this page

  • Resource
  • Request Path Parameters
  • Request Query Parameters
  • Request Body Parameters
  • Response
  • Example Request
  • Example Response
  • Response Header
  • Response Body

If you use service accounts, a token is required to make requests to the Atlas Administration API. To learn more, see Service Accounts Overview.

Resource

POST https://cloud.mongodb.com/api/oauth/token

Request Path Parameters

This endpoint doesn't use HTTP request path parameters.

Request Query Parameters

The following query parameters are optional:

Name
Type
Necessity
Description
Default

pretty

boolean

Optional

Flag that indicates whether the response body should be in a prettyprint format.

false

envelope

boolean

Optional

Flag that indicates whether or not to wrap the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope : true in the query.

For endpoints that return a list of results, the content object is an envelope. Atlas adds the status field to the response body.

false

Request Body Parameters

This endpoint doesn't use HTTP request body parameters.

Response

The response includes:

Name
Type
Description

access_token

string

The service account access token for authenticating API requests.

token_type

string

The mechanism for token authorization, here represented as Bearer.

expires_in

integer

The duration the access token is valid, in seconds.

Example Request

Replace {BASE64-AUTH} in the following example with your base64-encoded service account client ID and secret. To learn more, see Make an API Request.

curl --request POST \
  --url https://cloud.mongodb.com/api/oauth/token \
  --header 'accept: application/json' \
  --header 'cache-control: no-cache' \
  --header 'authorization: Basic {BASE64-AUTH}' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data 'grant_type=client_credentials'

Example Response

Response Header

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}
HTTP/1.1 400 Bad Request
Date: {dateInUnixFormat}
Content-Type: application/json
Content-Length: {requestLengthInBytes}
Server: mdbws
Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}
...
HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=ISO-8859-1
Date: {dateInUnixFormat}
WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false
Content-Length: {requestLengthInBytes}
Connection: keep-alive
HTTP/1.1 403 Forbidden
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}
...
HTTP/1.1 429 Too Many Requests
Retry-After: {retryAfterValue}
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}
...
HTTP/1.1 500 Internal Server Error
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}
...
HTTP/1.1 503 Service Unavailable
Retry-After: {retryAfterValue}
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}
...

Response Body

{
  "access_token":"eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjAwMDAwMDAwLTQwMDBtLTQ0MGEIXkY0IH4IMF84MGYMX2FtperB2miniFzHCJ9.eyJpc3MiOiJodHRwczUvYWxkZXYubW9uZ29kYi5jb20iLCJhdWQiOiJhcGk6Ly9hZG1pbiIsInN1YiI6ImZha2Vfc3ViX2lkXzAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIiwic2lkIjoiZmFrZTNfaWRfMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIiwic2Vzc2lvblN1YiI6ImZha2Vfc2lkXzAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIIDmVlc1NX4adGVyaCBJRCJvbmcxISS8zdeD0pyQwMjNlIiwiYWN0b3JJZCI6ImZha2Vfc2lkXzAwMDAwMDAwMDAwMDOIi8wMDAwMDAwMCIsImlhdCI6MTIzNDU2Nzg5MCwiZXhwIjoxMjM0NTc0OTgwLCJqdGkiOiJmYWtlLWp0aS02MOwNDBQNDBdDOGhyES8xOTY1OGEtMDAwMDAwMDAwMDAwMDAwMDAwMGIwNjRGM3NifQ==.jmbo9d_fgfk32FGB423f09SF0kFSDFoQxh3j9FZ2",
  "expires_in":3600,
  "token_type":"Bearer"
}
{
  "error_description": "The provided credentials are not valid.",
  "error": "invalid_request"
}
{
  "error_description": "Invalid grant type.",
  "error": "unsupported_grant_type"
}
{
  "error_description": "Invalid grant.",
  "error": "invalid_grant"
}
{
  "error_description": "Invalid credentials provided.",
  "error": "invalid_client"
}
{
  "error_description": "IP access list validation failed for the service account.",
  "error": "access_denied"
}
{
  "error_description": "Resource {URL} is limited to 10 requests every 1 minutes.",
  "error": "rate_limited"
}
{
  "error_description": "Unexpected error.",
  "error": "server_error"
}

Back

Custom Role Actions

Next

Revoke Service Account Token