Get One Project Service Account

On this page

Resource

Request Path Parameters
Request Query Parameters
Request Body Parameters
Response
Response Elements
Example Request
Example Response
Response Header
Response Body

Cloud Manager will no longer support Automation, Backup, and Monitoring for MongoDB 3.6 and 4.0 after August 30th, 2024. Please upgrade your MongoDB deployment or migrate to Atlas.

OAuth 2.0 authentication for programmatic access to Cloud Manager is available as a Preview feature.: The feature and the corresponding documentation might change at any time during the Preview period. To use OAuth 2.0 authentication, create a service account to use in your requests to the Cloud Manager Public API.

Base URL: https://cloud.mongodb.com/api/public/v1.0

Resource

GET /groups/{PROJECT-ID}/serviceAccounts

Request Path Parameters

Name	Type	Description
`PROJECT-ID`	string	Unique identifier for the Project from which you want to retrieve its assigned Organization service accounts. Use the /groups endpoint to retrieve all Projects to which the authenticated user has access.
`CLIENT-ID`	string	The unique identifier for the service account you want to retrieve. Request the /groups/{PROJECT-ID}/serviceAccounts endpoint to retrieve all service accounts for the specified project to which the authenticated user has access.

Request Query Parameters

The following query parameters are optional:

Name

Type

Description

Default

pageNum

integer

Page number (1-index based).

1

itemsPerPage

integer

Number of items to return per page, up to a maximum of 500.

100

pretty

boolean

Indicates whether the response body should be in a prettyprint format.

false

envelope

boolean

Indicates whether or not to wrap the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set "envelope" : true in the query.

For endpoints that return one result, response body includes:

Name	Description
`status`	HTTP response code
`content`	Expected response body

For endpoints that return a list of results, the results object is an envelope. Cloud Manager adds the status field to the response body.

None

Request Body Parameters

This endpoint doesn't use HTTP request body parameters.

Response

Response Elements

If you set the query element envelope to true, the response is wrapped by the content object.

The HTTP response returns a JSON document that includes the following objects:

Name	Type	Description
`clientId`	string	Unique identifier for the service account.
`createdAt`	timestamp	Service account creation time.
`name`	string	Name of the service account.
`description`	string	Description of the service account.
`roles`	string array	List of roles that the service account has in the project. Project roles include: `GROUP_AUTOMATION_ADMIN` `GROUP_BACKUP_ADMIN` `GROUP_BILLING_ADMIN` `GROUP_DATA_ACCESS_ADMIN` `GROUP_DATA_ACCESS_READ_ONLY` `GROUP_DATA_ACCESS_READ_WRITE` `GROUP_MONITORING_ADMIN` `GROUP_OWNER` `GROUP_READ_ONLY` `GROUP_USER_ADMIN`
`secrets`	object array	List of service account secrets.
`secrets.id`	string	Unique 24-hexadecimal character string that identifies the secret.
`secrets.createdAt`	timestamp	Timestamp representing secret creation time.
`secrets.expiresAt`	timestamp	Timestamp representing secret expiration time.
`secrets.lastUsedAt`	timestamp	Timestamp representing last secret usage.
`secrets.maskedSecretValue`	string	Masked secret that only displays the prefix and last four characters.

Example Request

Note

The user who makes the request can be formatted as {PUBLIC-KEY}:{PRIVATE-KEY}.

1 curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \
2      --header "Accept: application/json" \
3      --include \
4      --request GET "https://cloud.mongodb.com/api/public/v1.0/groups/{PROJECT-ID}/serviceAccounts/{CLIENT-ID}?pretty=true"

Example Response

Response Header

HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=ISO-8859-1
Date: {dateInUnixFormat}
WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false
Content-Length: {requestLengthInBytes}
Connection: keep-alive

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}

Response Body

1 {
2   "createdAt" : "2024-08-03T14:02:40Z",
3   "description" : "Service account for developers.",
4   "clientId" : "mdb_sa_id_66ae38803cdf55582cb01144",
5   "name" : "Dev Service Account",
6   "roles" : [ "GROUP_READ_ONLY", "GROUP_DATA_ACCESS_ADMIN" ],
7   "secrets" : [ {
8     "createdAt" : "2024-08-03T14:02:40Z",
9     "expiresAt" : "2024-12-31T14:02:40Z",
10     "lastUsedAt" : "2024-08-24T21:10:35Z",
11     "id" : "66ae38803cdf55582cb01143",
12     "maskedSecretValue" : "mdb_sa_sk_...hcOL"
13   } ]
14 }

Back

Get All Organization Service Accounts Assigned to One Project

Create and Assign One Organization Service Account to One Project

1	curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \
2	--header "Accept: application/json" \
3	--include \
4	--request GET "https://cloud.mongodb.com/api/public/v1.0/groups/{PROJECT-ID}/serviceAccounts/{CLIENT-ID}?pretty=true"

1	{
2	"createdAt" : "2024-08-03T14:02:40Z",
3	"description" : "Service account for developers.",
4	"clientId" : "mdb_sa_id_66ae38803cdf55582cb01144",
5	"name" : "Dev Service Account",
6	"roles" : [ "GROUP_READ_ONLY", "GROUP_DATA_ACCESS_ADMIN" ],
7	"secrets" : [ {
8	"createdAt" : "2024-08-03T14:02:40Z",
9	"expiresAt" : "2024-12-31T14:02:40Z",
10	"lastUsedAt" : "2024-08-24T21:10:35Z",
11	"id" : "66ae38803cdf55582cb01143",
12	"maskedSecretValue" : "mdb_sa_sk_...hcOL"
13	} ]
14	}