Create a Service Account Secret
On this page
- OAuth 2.0 authentication for programmatic access to Cloud Manager is available as a Preview feature.
- The feature and the corresponding documentation might change at any time during the Preview period. To use OAuth 2.0 authentication, create a service account to use in your requests to the Cloud Manager Public API.
Base URL: https://cloud.mongodb.com/api/public/v1.0
Resource
POST /groups/{PROJECT-ID}/serviceAccounts/{CLIENT-ID}/secrets/
Request Path Parameters
Name | Type | Description |
---|---|---|
| string | Unique identifier for the Project to which the target service account belongs. Use the /groups endpoint to retrieve all Projects to which the authenticated user has access. |
| string | Unique identifier for the service account you want to create a secret for. Use the /groups/{PROJECT-ID}/serviceAccounts endpoint to retrieve all service accounts to which the authenticated user has access for the specified Project. |
Request Query Parameters
The following query parameters are optional:
Name | Type | Description | Default | ||||||
---|---|---|---|---|---|---|---|---|---|
pageNum | integer | Page number (1-index based). |
| ||||||
itemsPerPage | integer | Number of items to return per page, up to a maximum of 500. |
| ||||||
pretty | boolean | Indicates whether the response body should be in a prettyprint format. |
| ||||||
envelope | boolean | Indicates whether or not to wrap the response in an envelope. Some API clients cannot access the HTTP response headers or
status code. To remediate this, set For endpoints that return one result, response body includes:
For endpoints that return a list of results, the | None |
Request Body Parameters
This body parameter is required.
Name | Type | Description |
---|---|---|
| string | Number of hours after which the secret for this service account expires. The minimum is 8 hours. The maximum is 8766 hours (one year). |
Response
Name | Type | Description |
---|---|---|
| string | Unique 24-hexadecimal character string that identifies the secret. |
| string | Service account secret, available only at creation. |
| timestamp | Timestamp representing creation time. |
| timestamp | Timestamp representing secret expiration time. |
Example Request
Note
The user who makes the request can be formatted as {PUBLIC-KEY}:{PRIVATE-KEY}
.
curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \ --header "Accept: application/json" \ --header "Content-Type: application/json" \ --request POST "https://cloud.mongodb.com/api/public/v1.0/groups/{PROJECT-ID}/serviceAccounts/{CLIENT-ID}/secrets/?pretty=true" \ --data '{ "secretExpiresAfterHours": "3600" }'
Example Response
Response Header
401 Unauthorized Content-Type: application/json;charset=ISO-8859-1 Date: {dateInUnixFormat} WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false Content-Length: {requestLengthInBytes} Connection: keep-alive
201 Created Vary: Accept-Encoding Content-Type: application/json Strict-Transport-Security: max-age=300 Date: {dateInUnixFormat} Connection: keep-alive Content-Length: {requestLengthInBytes} X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}
Response Body
Note
The secret
is unredacted in the response body. This
example is redacted for security purposes.
{ "createdAt" : "2024-08-08T22:19:45Z", "expiresAt" : "2025-01-05T22:19:45Z", "id" : "66b544825867ba071c85469d", "secret" : "mdb_sa_sk_...AOk5" }