Create and Assign One Organization Service Account to One Project
On this page
Cloud Manager will no longer support Automation, Backup, and Monitoring for MongoDB 3.6 and 4.0 after August 30th, 2024. Please upgrade your MongoDB deployment or migrate to Atlas.
- OAuth 2.0 authentication for programmatic access to Cloud Manager is available as a Preview feature.
- The feature and the corresponding documentation might change at any time during the Preview period. To use OAuth 2.0 authentication, create a service account to use in your requests to the Cloud Manager Public API.
Base URL: https://cloud.mongodb.com/api/public/v1.0
Resource
POST /groups/{PROJECT-ID}/serviceAccounts
Request Path Parameters
Name | Type | Description |
|---|---|---|
PROJECT-ID | string | Unique identifier for the Project you want to create and assign the service
account to. Use the
/groups endpoint
to retrieve all organizations to which the authenticated
user has access. |
Request Query Parameters
The following query parameters are optional:
Name | Type | Description | Default | ||||||
|---|---|---|---|---|---|---|---|---|---|
pageNum | integer | Page number (1-index based). | 1 | ||||||
itemsPerPage | integer | Number of items to return per page, up to a maximum of 500. | 100 | ||||||
pretty | boolean | Indicates whether the response body should be in a
prettyprint format. | false | ||||||
envelope | boolean | Indicates whether or not to wrap the response in an envelope. Some API clients cannot access the HTTP response headers or
status code. To remediate this, set For endpoints that return one result, response body includes:
For endpoints that return a list of results, the | None |
Request Body Parameters
All body parameters are required.
Name | Type | Description | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
name | string | Name of the service account. Accepted characters are A-Z, a-z,
0-9, space, period ., apostrophe ', comma ,, underscore _,
and dash -. | ||||||||||||||||||||||
description | string | Description of the service account. Must be between 1 and 250
characters in length. Accepted characters are A-Z, a-z,
0-9, space, period ., apostrophe ', comma ,, underscore _,
and dash -. | ||||||||||||||||||||||
secretExpiresAfterHours | string | Number of hours after which the secret for this service account expires | ||||||||||||||||||||||
roles | string array | List of roles that the service account should have. There must be at least one role listed, and all roles must be valid for a Project. Project roles include:
|
Response
Name | Type | Description |
|---|---|---|
clientId | string | Unique identifier for the service account. |
createdAt | timestamp | Service account creation time. |
name | string | Name of the service account. |
description | string | Description of the service account. |
roles | string array | List of roles that the service account has in the project. Project roles include: |
secrets | object array | List of service account secrets. |
secrets.id | string | Unique 24-hexadecimal character string that identifies the secret. |
secrets.createdAt | timestamp | Timestamp representing secret creation time. |
secrets.expiresAt | timestamp | Timestamp representing secret expiration time. |
secrets.secret | string | Service account secret, available only at creation. |
Example Request
Note
The user who makes the request can be formatted as {PUBLIC-KEY}:{PRIVATE-KEY}.
1 curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \ 2 --header "Accept: application/json" \ 3 --header "Content-Type: application/json" \ 4 --include \ 5 --request POST "https://cloud.mongodb.com/api/public/v1.0/groups/{PROJECT-ID}/serviceAccounts?pretty=true" \ 6 --data '{ 7 "name" : "Cloud Manager service account", 8 "description" : "Service account for Cloud Manager users.", 9 "secretExpiresAfterHours" : "3600", 10 "roles": ["GROUP_READ_ONLY", "GROUP_DATA_ACCESS_ADMIN"] 11 }'
Example Response
Response Header
401 Unauthorized Content-Type: application/json;charset=ISO-8859-1 Date: {dateInUnixFormat} WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false Content-Length: {requestLengthInBytes} Connection: keep-alive
201 Created Vary: Accept-Encoding Content-Type: application/json Strict-Transport-Security: max-age=300 Date: {dateInUnixFormat} Connection: keep-alive Content-Length: {requestLengthInBytes} X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}
Response Body
Note
The secret is unredacted in the response body. This
example is redacted for security purposes.
1 { 2 "createdAt" : "2024-08-03T14:02:40Z", 3 "description" : "Service account for Cloud Manager users.", 4 "clientId" : "mdb_sa_id_66ae38803cdf55582cb01144", 5 "name" : "Cloud Manager service account", 6 "roles" : [ "GROUP_READ_ONLY", "GROUP_DATA_ACCESS_ADMIN" ], 7 "secrets" : [ { 8 "createdAt" : "2024-08-03T14:02:40Z", 9 "expiresAt" : "2024-12-31T14:02:40Z", 10 "id" : "66ae38803cdf55582cb01143", 11 "secret" : "mdb_sa_sk_...hcOL" 12 } ] 13 }