Creating a Atlas Database user with x509 using Atlas API

Kanaka_Raju · 2024-11-30T14:32:24.286Z

Hey, I’m trying to create a database user in MongoDB Atlas using the Administrative API, but I keep encountering a 401 Unauthorized error.

Here’s the command I’m using:

curl --request POST “https://cloud.mongodb.com/api/atlas/v1.0/groups//databaseUsers”
–user “:”
–header “Content-Type: application/json”
–data ‘{
“databaseName”: “$external”,
“groupId”: “”,
“roles”: [
{
“databaseName”: “test”,
“roleName”: “readWrite”
}
],
“username”: “CN=test_user”,
“x509Type”: “CUSTOMER”
}’

The API keys I’m using have Project Owner access, I get the following

error:{ "error" : 401, "reason" : "Unauthorized", "detail" : "You are not authorized for this resource." }

chris · 2024-11-30T16:18:27.672Z

Hi @Kanaka_Raju

Remember to use digest authentication using --digest and to supply the api version header
and the resource version that is expected in response: --header "Accept: application/vnd.atlas.2024-11-13+json"

ref:

mongodb.com

Get Started with the Atlas Administration API - MongoDB Atlas

Kanaka_Raju · 2024-11-30T17:06:36.209Z

chris:

–digest

Hi Chris, Thanks I was able to get this sorted by running the below command.

curl --user "<private>:<public>" --digest \
  --header "Content-Type: application/json" \
  --include \
  --request POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/<group-id>/databaseUsers" \
  --data '{
    "databaseName": "$external",
    "roles": [
      {
        "databaseName": "test",
        "roleName": "readWrite"
        
      }
    ],
    "username": "CN=test_user",
    "x509Type": "CUSTOMER"
  }'

Also, is there a mechanism to specify the collection name as well? I couldn’t find it here in this document.
https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Database-Users/operation/updateDatabaseUser

chris · 2024-11-30T18:09:59.137Z

In the role add collectionName .

 "roles" : [ {
      "collectionName" : "baz",
      "databaseName" : "test",
      "roleName" : "read"
    } ],