Service Accounts Overview

Service Accounts (currently available as a Preview feature) introduce a new way to authenticate to Atlas by using the industry standard OAuth 2.0 protocol with the Client Credentials flow.

A service account comes with a client ID and secret, comparable to a username and password, that you use to generate access tokens for API requests. These tokens are valid for one hour to prevent replay attacks, where a leaked access token could be used without a time restriction. To learn how to construct an API request using an access token, see Make an API Request.

Atlas roles determine what operations a service account can perform. Assign roles to service accounts as you would for users to ensure the access token has the necessary permissions for the desired API calls.

A service account is scoped to one organization and can access multiple projects within that organization. To give an organization-level service account access to a project, see Assign Existing Organization Access to a Project.

You can't use a service account or its access token to log into Atlas through the Atlas UI. To learn more about the limitations of service accounts, see MongoDB Limits and Thresholds.