Docs Menu
Docs Home
/
MongoDB Cloud Manager
/ / / /

Create and Assign One Organization Service Account to One Project

On this page

  • Resource
  • Request Path Parameters
  • Request Query Parameters
  • Request Body Parameters
  • Response
  • Example Request
  • Example Response
  • Response Header
  • Response Body

Base URL: https://cloud.mongodb.com/api/public/v1.0

POST /groups/{PROJECT-ID}/serviceAccounts
Name
Type
Description

PROJECT-ID

string

Unique identifier for the Project you want to create and assign the service account to. Use the /groups endpoint to retrieve all organizations to which the authenticated user has access.

The following query parameters are optional:

Name
Type
Description
Default

pageNum

integer

Page number (1-index based).

1

itemsPerPage

integer

Number of items to return per page, up to a maximum of 500.

100

pretty

boolean

false

envelope

boolean

Indicates whether or not to wrap the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set "envelope" : true in the query.

For endpoints that return one result, response body includes:

Name
Description

status

HTTP response code

content

Expected response body

For endpoints that return a list of results, the results object is an envelope. Cloud Manager adds the status field to the response body.

None

All body parameters are required.

Name
Type
Description

name

string

Name of the service account. Accepted characters are A-Z, a-z, 0-9, space, period ., apostrophe ', comma ,, underscore _, and dash -.

description

string

Description of the service account. Must be between 1 and 250 characters in length. Accepted characters are A-Z, a-z, 0-9, space, period ., apostrophe ', comma ,, underscore _, and dash -.

secretExpiresAfterHours

string

Number of hours after which the secret for this service account expires

roles

string array

List of roles that the service account should have. There must be at least one role listed, and all roles must be valid for a Project.

Project roles include:

Role Value in API
Role

GROUP_AUTOMATION_ADMIN

GROUP_BACKUP_ADMIN

GROUP_BILLING_ADMIN

Project Billing Admin

GROUP_DATA_ACCESS_ADMIN

GROUP_DATA_ACCESS_READ_ONLY

GROUP_DATA_ACCESS_READ_WRITE

GROUP_MONITORING_ADMIN

GROUP_OWNER

GROUP_READ_ONLY

GROUP_USER_ADMIN

Name
Type
Description

clientId

string

Unique identifier for the service account.

createdAt

timestamp

Service account creation time.

name

string

Name of the service account.

description

string

Description of the service account.

roles

string array

List of roles that the service account has in the project.

Project roles include:

secrets

object array

List of service account secrets.

secrets.id

string

Unique 24-hexadecimal character string that identifies the secret.

secrets.createdAt

timestamp

Timestamp representing secret creation time.

secrets.expiresAt

timestamp

Timestamp representing secret expiration time.

secrets.secret

string

Service account secret, available only at creation.

Note

The user who makes the request can be formatted as {PUBLIC-KEY}:{PRIVATE-KEY}.

1curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \
2 --header "Accept: application/json" \
3 --header "Content-Type: application/json" \
4 --include \
5 --request POST "https://cloud.mongodb.com/api/public/v1.0/groups/{PROJECT-ID}/serviceAccounts?pretty=true" \
6 --data '{
7 "name" : "Cloud Manager service account",
8 "description" : "Service account for Cloud Manager users.",
9 "secretExpiresAfterHours" : "3600",
10 "roles": ["GROUP_READ_ONLY", "GROUP_DATA_ACCESS_ADMIN"]
11 }'
HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=ISO-8859-1
Date: {dateInUnixFormat}
WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false
Content-Length: {requestLengthInBytes}
Connection: keep-alive
HTTP/1.1 201 Created
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}

Note

The secret is unredacted in the response body. This example is redacted for security purposes.

1{
2 "createdAt" : "2024-08-03T14:02:40Z",
3 "description" : "Service account for Cloud Manager users.",
4 "clientId" : "mdb_sa_id_66ae38803cdf55582cb01144",
5 "name" : "Cloud Manager service account",
6 "roles" : [ "GROUP_READ_ONLY", "GROUP_DATA_ACCESS_ADMIN" ],
7 "secrets" : [ {
8 "createdAt" : "2024-08-03T14:02:40Z",
9 "expiresAt" : "2024-12-31T14:02:40Z",
10 "id" : "66ae38803cdf55582cb01143",
11 "secret" : "mdb_sa_sk_...hcOL"
12 } ]
13}

Back

Get One