Navigation
You were redirected from a different version of the documentation. Click here to go back.

Create and Assign One Organization API Key to One Project

All requests to this endpoint must originate from an IP address on the Cloud Manager user’s API whitelist. For complete documentation on configuring API whitelists, see Enable API Whitelisting for Your Organization.

Base URL: https://cloud.mongodb.com/api/public/v1.0

Resource

POST /groups/{PROJECT-ID}/apiKeys

Request Path Parameters

Name Type Description
PROJECT-ID string Unique identifier for the Project whose API keys you want to retrieve. Use the /groups endpoint to retrieve all organizations to which the authenticated user has access.

Request Query Parameters

The following query parameters are optional:

Name Type Description Default
pageNum integer Page number (1-index based). 1
itemsPerPage integer Number of items to return per page, up to a maximum of 500. 100
pretty boolean Indicates whether the response body should be in a prettyprint format. false
envelope boolean

Indicates whether or not to wrap the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set "envelope" : true in the query.

For endpoints that return one result, response body includes:

status HTTP response code
envelope Expected response body

For endpoints that return a list of results, the results object is an envelope. Cloud Manager adds the status field to the response body.

None

Request Body Parameters

At least one of the two body parameters are required.

Name Type Description
desc string Description of the API key. Must be between 1 and 250 characters in length.
roles string array

List of roles that the API Key needs to have. If the roles array is provided:

  • Provide at least one role
  • Make sure all roles must be valid for the Project

Project roles include:

Role Value in API Role
GROUP_AUTOMATION_ADMIN Project Automation Admin
GROUP_BACKUP_ADMIN Project Backup Admin
GROUP_BILLING_ADMIN Project Billing Admin
GROUP_DATA_ACCESS_ADMIN Project Data Access Admin
GROUP_DATA_ACCESS_READ_ONLY Project Data Access Read Only
GROUP_DATA_ACCESS_READ_WRITE Project Data Access Read/Write
GROUP_MONITORING_ADMIN Project Monitoring Admin
GROUP_OWNER Project Owner
GROUP_READ_ONLY Project Read Only
GROUP_USER_ADMIN Project User Admin

Response

Name Type Description
desc string Description of this Organization API key assigned to this Project.
id string Unique identifier for this Organization API key assigned to this Project.
privateKey string

Redacted Private key for this Organization API key assigned to this Project.

Note

This key displays unredacted when first created.

publicKey string Public key for this Organization API key assigned to this Project.
roles object array Roles that this Organization API key assigned to this Project has. This array returns all the Organization and Project roles the user has in Cloud Manager.
roles.groupId string Unique identifier of the Project to which this role belongs.
roles.orgId string Unique identifier of the Organization to which this role belongs.
roles.roleName string

Name of the role. This resource returns all the roles the user has in Cloud Manager. Possible values are:

Organization Roles

If this is an roles.orgId (Organization), values include:

Role Value in API Role
ORG_OWNER Organization Owner
ORG_MEMBER Organization Member
ORG_GROUP_CREATOR Organization Project Creator
ORG_BILLING_ADMIN Organization Billing Administrator
ORG_READ_ONLY Organization Read Only

Project Roles

If this is an roles.groupId (Project), values include:

Role Value in API Role
GROUP_AUTOMATION_ADMIN Project Automation Admin
GROUP_BACKUP_ADMIN Project Backup Admin
GROUP_BILLING_ADMIN Project Billing Admin
GROUP_DATA_ACCESS_ADMIN Project Data Access Admin
GROUP_DATA_ACCESS_READ_ONLY Project Data Access Read Only
GROUP_DATA_ACCESS_READ_WRITE Project Data Access Read/Write
GROUP_MONITORING_ADMIN Project Monitoring Admin
GROUP_OWNER Project Owner
GROUP_READ_ONLY Project Read Only
GROUP_USER_ADMIN Project User Admin

Example Request

Note

The user who makes the request can be formatted either as {USERNAME}:{APIKEY} or {PUBLIC-KEY}:{PRIVATE-KEY}.

1
2
3
4
5
6
7
8
9
curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \
  --header "Accept: application/json" \
  --header "Content-Type: application/json" \
  --include \
  --request POST "https://cloud.mongodb.com/api/public/v1.0/groups/{PROJECT-ID}/apiKeys?pretty=true" \
  --data '{
    "desc" : "New API key for test purposes",
    "roles": ["GROUP_READ_ONLY", "GROUP_DATA_ACCESS_ADMIN"]
  }'

Example Response

Response Header

HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=ISO-8859-1
Date: {dateInUnixFormat}
WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false
Content-Length: {requestLengthInBytes}
Connection: keep-alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}

Response Body

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
{
  "desc" : "New API key for test purposes",
  "id" : "5d1d143c87d9d63e6d694746",
  "links" : [ {
    "href" : "https://cloud.mongodb.com/api/public/v1.0/orgs/5980cfe20b6d97029d82fa63/apiKeys/5d1d143c87d9d63e6d694746",
    "rel" : "self"
  } ],
  "privateKey" : "********-****-****-db2c132ca78d",
  "publicKey" : "{PUBLIC-KEY}",
  "roles" : [ {
    "groupId" : "{PROJECT-ID}",
    "roleName" : "GROUP_READ_ONLY"
  }, {
    "groupId" : "{PROJECT-ID}",
    "roleName" : "GROUP_DATA_ACCESS_ADMIN"
  }, {
    "orgId" : "5980cfe20b6d97029d82fa63",
    "roleName" : "ORG_BILLING_ADMIN"
  } ]
}