Docs Menu
Docs Home
/
MongoDB Cloud Manager
/ / /

Generate Service Account Token

On this page

  • Resource
  • Request Path Parameters
  • Request Query Parameters
  • Request Body Parameters
  • Response
  • Example Request
  • Example Response
  • Response Header
  • Response Body
POST https://cloud.mongodb.com/api/oauth/token

This endpoint doesn't use HTTP request path parameters.

The following query parameters are optional:

Name
Type
Necessity
Description
Default

pretty

boolean

Optional

false

envelope

boolean

Optional

Flag that indicates whether or not to wrap the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope : true in the query.

For endpoints that return a list of results, the content object is an envelope. Cloud Manager adds the status field to the response body.

false

backupJobsEnabledOnly

boolean

Optional

Flag indicating whether to exclude daemons not enabled for backing up databases from the response. Set this to false to include daemon configurations with the backupJobsEnabled flag set to false.

true

This endpoint doesn't use HTTP request body parameters.

The response includes:

Name
Type
Description

access_token

string

The service account access token for authenticating API requests.

token_type

string

The mechanism for token authorization, here represented as Bearer.

expires_in

integer

The duration the access token is valid, in seconds.

Replace {BASE64-AUTH} in the following example with your base64-encoded service account client ID and secret. To learn more, see Make an API Request.

curl --request POST \
--url https://cloud.mongodb.com/api/oauth/token \
--header 'accept: application/json' \
--header 'cache-control: no-cache' \
--header 'authorization: Basic {BASE64-AUTH}' \
--header 'content-type: application/x-www-form-urlencoded' \
--data 'grant_type=client_credentials'
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}
HTTP/1.1 400 Bad Request
Date: {dateInUnixFormat}
Content-Type: application/json
Content-Length: {requestLengthInBytes}
Server: mdbws
Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}
...
HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=ISO-8859-1
Date: {dateInUnixFormat}
WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false
Content-Length: {requestLengthInBytes}
Connection: keep-alive
HTTP/1.1 403 Forbidden
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}
...
HTTP/1.1 429 Too Many Requests
Retry-After: {retryAfterValue}
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}
...
HTTP/1.1 500 Internal Server Error
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}
...
HTTP/1.1 503 Service Unavailable
Retry-After: {retryAfterValue}
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}
...
{
"access_token":"eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjAwMDAwMDAwLTQwMDBtLTQ0MGEIXkY0IH4IMF84MGYMX2FtperB2miniFzHCJ9.eyJpc3MiOiJodHRwczUvYWxkZXYubW9uZ29kYi5jb20iLCJhdWQiOiJhcGk6Ly9hZG1pbiIsInN1YiI6ImZha2Vfc3ViX2lkXzAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIiwic2lkIjoiZmFrZTNfaWRfMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIiwic2Vzc2lvblN1YiI6ImZha2Vfc2lkXzAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIIDmVlc1NX4adGVyaCBJRCJvbmcxISS8zdeD0pyQwMjNlIiwiYWN0b3JJZCI6ImZha2Vfc2lkXzAwMDAwMDAwMDAwMDOIi8wMDAwMDAwMCIsImlhdCI6MTIzNDU2Nzg5MCwiZXhwIjoxMjM0NTc0OTgwLCJqdGkiOiJmYWtlLWp0aS02MOwNDBQNDBdDOGhyES8xOTY1OGEtMDAwMDAwMDAwMDAwMDAwMDAwMGIwNjRGM3NifQ==.jmbo9d_fgfk32FGB423f09SF0kFSDFoQxh3j9FZ2",
"expires_in":3600,
"token_type":"Bearer"
}
{
"error_description": "The provided credentials are not valid.",
"error": "invalid_request"
}
{
"error_description": "Invalid grant type.",
"error": "unsupported_grant_type"
}
{
"error_description": "Invalid grant.",
"error": "invalid_grant"
}
{
"error_description": "Invalid credentials provided.",
"error": "invalid_client"
}
{
"error_description": "IP access list validation failed for the service account.",
"error": "access_denied"
}
{
"error_description": "Resource {URL} is limited to 10 requests every 1 minutes.",
"error": "rate_limited"
}
{
"error_description": "Unexpected error.",
"error": "server_error"
}

Back

Service Accounts