Docs Menu
Docs Home
/
MongoDB Cloud Manager
/ / / /

Create a Service Account Secret

On this page

  • Resource
  • Request Path Parameters
  • Request Query Parameters
  • Request Body Parameters
  • Response
  • Example Request
  • Example Response
  • Response Header
  • Response Body

Base URL: https://cloud.mongodb.com/api/public/v1.0

POST /groups/{PROJECT-ID}/serviceAccounts/{CLIENT-ID}/secrets/
Name
Type
Description

PROJECT-ID

string

Unique identifier for the Project to which the target service account belongs. Use the /groups endpoint to retrieve all Projects to which the authenticated user has access.

CLIENT-ID

string

Unique identifier for the service account you want to create a secret for. Use the /groups/{PROJECT-ID}/serviceAccounts endpoint to retrieve all service accounts to which the authenticated user has access for the specified Project.

The following query parameters are optional:

Name
Type
Description
Default

pageNum

integer

Page number (1-index based).

1

itemsPerPage

integer

Number of items to return per page, up to a maximum of 500.

100

pretty

boolean

false

envelope

boolean

Indicates whether or not to wrap the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set "envelope" : true in the query.

For endpoints that return one result, response body includes:

Name
Description

status

HTTP response code

content

Expected response body

For endpoints that return a list of results, the results object is an envelope. Cloud Manager adds the status field to the response body.

None

This body parameter is required.

Name
Type
Description

secretExpiresAfterHours

string

Number of hours after which the secret for this service account expires. The minimum is 8 hours. The maximum is 8766 hours (one year).

Name
Type
Description

id

string

Unique 24-hexadecimal character string that identifies the secret.

secret

string

Service account secret, available only at creation.

createdAt

timestamp

Timestamp representing creation time.

expiresAt

timestamp

Timestamp representing secret expiration time.

Note

The user who makes the request can be formatted as {PUBLIC-KEY}:{PRIVATE-KEY}.

curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--request POST "https://cloud.mongodb.com/api/public/v1.0/groups/{PROJECT-ID}/serviceAccounts/{CLIENT-ID}/secrets/?pretty=true" \
--data '{
"secretExpiresAfterHours": "3600"
}'
HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=ISO-8859-1
Date: {dateInUnixFormat}
WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false
Content-Length: {requestLengthInBytes}
Connection: keep-alive
HTTP/1.1 201 Created
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}

Note

The secret is unredacted in the response body. This example is redacted for security purposes.

{
"createdAt" : "2024-08-08T22:19:45Z",
"expiresAt" : "2025-01-05T22:19:45Z",
"id" : "66b544825867ba071c85469d",
"secret" : "mdb_sa_sk_...AOk5"
}

Back

Unassign