Service Accounts Overview
On this page
Service Accounts (currently available as a Preview feature) introduce a new way to authenticate to Atlas by using the industry standard OAuth 2.0 protocol with the Client Credentials flow.
A service account comes with a client ID and secret, comparable to a username and password, that you use to generate access tokens for API requests. These tokens are valid for one hour to prevent replay attacks, where a leaked access token could be used without a time restriction. To learn how to construct an API request using an access token, see Make an API Request.
Atlas roles determine what operations a service account can perform. Assign roles to service accounts as you would for users to ensure the access token has the necessary permissions for the desired API calls.
A service account is scoped to one organization and can access multiple projects within that organization. To give an organization-level service account access to a project, see Assign Existing Organization Access to a Project.
You can't use a service account or its access token to log into Atlas through the Atlas UI. To learn more about the limitations of service accounts, see MongoDB Limits and Thresholds.
Next Steps
To use and manage service accounts, see any of the following procedures: