Update a Service Account

On this page

Resource

Request Path Parameters
Request Query Parameters
Request Body Parameters
Response
Example Request
Example Response
Response Header
Response Body

Cloud Manager will no longer support Automation, Backup, and Monitoring for MongoDB 3.6 and 4.0 after August 30th, 2024. Please upgrade your MongoDB deployment or migrate to Atlas.

OAuth 2.0 authentication for programmatic access to Cloud Manager is available as a Preview feature.: The feature and the corresponding documentation might change at any time during the Preview period. To use OAuth 2.0 authentication, create a service account to use in your requests to the Cloud Manager Public API.

Base URL: https://cloud.mongodb.com/api/public/v1.0

Resource

PATCH /orgs/{ORG-ID}/serviceAccounts/{CLIENT-ID}

Request Path Parameters

Name	Type	Description
`ORG-ID`	string	Unique identifier for the organization whose service account you want to update. Use the /orgs endpoint to retrieve all organizations to which the authenticated user has access.
`CLIENT-ID`	string	Unique identifier for the service account you want to update. Request the /orgs/{ORG-ID}/serviceAccounts endpoint to retrieve all service accounts to which the authenticated user has access for the specified organization.

Request Query Parameters

The following query parameters are optional:

Name

Type

Description

Default

pageNum

integer

Page number (1-index based).

1

itemsPerPage

integer

Number of items to return per page, up to a maximum of 500.

100

pretty

boolean

Indicates whether the response body should be in a prettyprint format.

false

envelope

boolean

Indicates whether or not to wrap the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set "envelope" : true in the query.

For endpoints that return one result, response body includes:

Name	Description
`status`	HTTP response code
`content`	Expected response body

For endpoints that return a list of results, the results object is an envelope. Cloud Manager adds the status field to the response body.

None

Request Body Parameters

Name

Type

Description

description

string

Description of the service account between 1 and 250 characters long. Accepted characters are A-Z, a-z, 0-9, space, period ., apostrophe ', comma ,, underscore _, and dash -.

roles

string array

List of roles that the service account should have. There must be at least one role listed and all roles must be valid for an Organization.

Organization roles include:

Role Value in API	Role
`ORG_OWNER`	`Organization Owner`
`ORG_MEMBER`	`Organization Member`
`ORG_GROUP_CREATOR`	`Organization Project Creator`
`ORG_BILLING_ADMIN`	`Organization Billing Admin`
`ORG_READ_ONLY`	`Organization Read Only`
`ORG_BILLING_READ_ONLY`	`Organization Billing Viewer`

Response

Name	Type	Description
`clientId`	string	Unique identifier for the service account.
`description`	string	Description of the service account. Accepted characters are `A-Z`, `a-z`, `0-9`, space, period `.`, apostrophe `'`, comma `,`, underscore `_`, and dash `-`.
`name`	string	Name of the service account. Accepted characters are `A-Z`, `a-z`, `0-9`, space, period `.`, apostrophe `'`, comma `,`, underscore `_`, and dash `-`.
`createdAt`	timestamp	Service account creation time.
`secrets`	object array	List of service account secrets.
`secrets.id`	string	Unique 24-hexadecimal character string that identifies the secret.
`secrets.secret`	string	Service account secret, available only at creation.
`secrets.maskedSecretValue`	string	Masked secret that only displays the prefix and last four characters.
`secrets.createdAt`	timestamp	Timestamp representing secret creation time.
`secrets.lastUsedAt`	timestamp	Timestamp representing last secret usage.
`secrets.expiresAt`	timestamp	Timestamp representing secret expiration time.
`roles`	object array	Roles that the service account has in the organization. Organization roles include: `ORG_OWNER` `ORG_MEMBER` `ORG_GROUP_CREATOR` `ORG_BILLING_ADMIN` `ORG_READ_ONLY` `ORG_BILLING_READ_ONLY`

Example Request

Note

The user who makes the request can be formatted as {PUBLIC-KEY}:{PRIVATE-KEY}.

curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \
     --header "Accept: application/json" \
     --header "Content-Type: application/json" \
     --request PATCH "https://cloud.mongodb.com/api/public/v1.0/orgs/{ORG-ID}/serviceAccounts/{CLIENT-ID}?pretty=true" \
     --data '{
       "description" : "Updated service account description",
       "roles": ["ORG_MEMBER", "ORG_READ_ONLY"]
     }'

Example Response

Response Header

HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=ISO-8859-1
Date: {dateInUnixFormat}
WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false
Content-Length: {requestLengthInBytes}
Connection: keep-alive

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}

Response Body

{
  "createdAt" : "2024-05-31T17:27:05Z",
  "description" : "Updated service account description",
  "clientId" : "mdb_sa_id_665a086958c92d31a28d452e",
  "name" : "Audit Service Account",
  "roles" : [ "ORG_READ_ONLY", "ORG_MEMBER" ],
  "secrets" : [ {
    "createdAt" : "2024-05-31T17:27:05Z",
    "expiresAt" : "2025-05-31T17:27:05Z",
    "id" : "665a086958c92d31a28d452f",
    "maskedSecretValue" : "mdb_sa_sk_…OEyV"
  } ]
}

Back

Create a Service Account

Delete One Service Account