Generate Service Account Token
On this page
- OAuth 2.0 authentication for programmatic access to Cloud Manager is available as a Preview feature.
- The feature and the corresponding documentation might change at any time during the Preview period. To use OAuth 2.0 authentication, create a service account to use in your requests to the Cloud Manager Public API.
Resource
POST https://cloud.mongodb.com/api/oauth/token
Request Path Parameters
This endpoint doesn't use HTTP request path parameters.
Request Query Parameters
The following query parameters are optional:
Name | Type | Necessity | Description | Default |
---|---|---|---|---|
pretty | boolean | Optional | Flag that indicates whether the response body should be in a prettyprint format. |
|
envelope | boolean | Optional | Flag that indicates whether or not to wrap the response in an envelope. Some API clients cannot access the HTTP response headers or
status code. To remediate this, set For endpoints that return a list of results, the |
|
backupJobsEnabledOnly | boolean | Optional | Flag indicating whether to exclude daemons not enabled for
backing up databases from the response. Set this to |
|
Request Body Parameters
This endpoint doesn't use HTTP request body parameters.
Response
The response includes:
Name | Type | Description |
---|---|---|
access_token | string | The service account access token for authenticating API requests. |
token_type | string | The mechanism for token authorization, here represented as |
expires_in | integer | The duration the access token is valid, in seconds. |
Example Request
Replace {BASE64-AUTH}
in the following example with your base64-encoded service account client ID and secret. To learn more, see Make an API Request.
curl --request POST \ --url https://cloud.mongodb.com/api/oauth/token \ --header 'accept: application/json' \ --header 'cache-control: no-cache' \ --header 'authorization: Basic {BASE64-AUTH}' \ --header 'content-type: application/x-www-form-urlencoded' \ --data 'grant_type=client_credentials'
Example Response
Response Header
200 OK Vary: Accept-Encoding Content-Type: application/json Strict-Transport-Security: max-age=300 Date: {dateInUnixFormat} Connection: keep-alive Content-Length: {requestLengthInBytes} X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}
400 Bad Request Date: {dateInUnixFormat} Content-Type: application/json Content-Length: {requestLengthInBytes} Server: mdbws Strict-Transport-Security: max-age=31536000; includeSubdomains; X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion} ...
401 Unauthorized Content-Type: application/json;charset=ISO-8859-1 Date: {dateInUnixFormat} WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false Content-Length: {requestLengthInBytes} Connection: keep-alive
403 Forbidden Vary: Accept-Encoding Content-Type: application/json Strict-Transport-Security: max-age=300 Date: {dateInUnixFormat} Connection: keep-alive Content-Length: {requestLengthInBytes} X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion} ...
429 Too Many Requests Retry-After: {retryAfterValue} Vary: Accept-Encoding Content-Type: application/json Strict-Transport-Security: max-age=300 Date: {dateInUnixFormat} Connection: keep-alive Content-Length: {requestLengthInBytes} X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion} ...
500 Internal Server Error Vary: Accept-Encoding Content-Type: application/json Strict-Transport-Security: max-age=300 Date: {dateInUnixFormat} Content-Length: {requestLengthInBytes} X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion} ...
503 Service Unavailable Retry-After: {retryAfterValue} Vary: Accept-Encoding Content-Type: application/json Strict-Transport-Security: max-age=300 Date: {dateInUnixFormat} Content-Length: {requestLengthInBytes} X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion} ...
Response Body
{ "access_token":"eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjAwMDAwMDAwLTQwMDBtLTQ0MGEIXkY0IH4IMF84MGYMX2FtperB2miniFzHCJ9.eyJpc3MiOiJodHRwczUvYWxkZXYubW9uZ29kYi5jb20iLCJhdWQiOiJhcGk6Ly9hZG1pbiIsInN1YiI6ImZha2Vfc3ViX2lkXzAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIiwic2lkIjoiZmFrZTNfaWRfMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIiwic2Vzc2lvblN1YiI6ImZha2Vfc2lkXzAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIIDmVlc1NX4adGVyaCBJRCJvbmcxISS8zdeD0pyQwMjNlIiwiYWN0b3JJZCI6ImZha2Vfc2lkXzAwMDAwMDAwMDAwMDOIi8wMDAwMDAwMCIsImlhdCI6MTIzNDU2Nzg5MCwiZXhwIjoxMjM0NTc0OTgwLCJqdGkiOiJmYWtlLWp0aS02MOwNDBQNDBdDOGhyES8xOTY1OGEtMDAwMDAwMDAwMDAwMDAwMDAwMGIwNjRGM3NifQ==.jmbo9d_fgfk32FGB423f09SF0kFSDFoQxh3j9FZ2", "expires_in":3600, "token_type":"Bearer" }
{ "error_description": "The provided credentials are not valid.", "error": "invalid_request" }
{ "error_description": "Invalid grant type.", "error": "unsupported_grant_type" }
{ "error_description": "Invalid grant.", "error": "invalid_grant" }
{ "error_description": "Invalid credentials provided.", "error": "invalid_client" }
{ "error_description": "IP access list validation failed for the service account.", "error": "access_denied" }
{ "error_description": "Resource {URL} is limited to 10 requests every 1 minutes.", "error": "rate_limited" }
{ "error_description": "Unexpected error.", "error": "server_error" }