Docs Menu
Docs Home
/
MongoDB Cloud Manager
/
API
/
Resources
/
Service Accounts
/
Project Accounts

Assign One Organization Service Account to Project

On this page

  • Resource
  • Request Path Parameters
  • Request Query Parameters
  • Request Body Parameters
  • Response
  • Response Elements
  • Example Request
  • Example Response
  • Response Header
  • Response Body

Base URL: https://cloud.mongodb.com/api/public/v1.0

Resource

POST /groups/{PROJECT-ID}/serviceAccounts/{CLIENT-ID}:invite

Request Path Parameters

Name
Type
Description

PROJECT-ID

string

Unique identifier for the Project whose service accounts you want to update. Use the /groups endpoint to retrieve all organizations to which the authenticated user has access.

CLIENT-ID

string

Unique identifier for the service account you want to update. Request the /groups/{PROJECT-ID}/serviceAccounts endpoint to retrieve all service accounts to which the authenticated user has access for the specified organization.

Request Query Parameters

The following query parameters are optional:

Name
Type
Description
Default

pageNum

integer

Page number (1-index based).

1

itemsPerPage

integer

Number of items to return per page, up to a maximum of 500.

100

pretty

boolean

Indicates whether the response body should be in a prettyprint format.

false

envelope

boolean

Indicates whether or not to wrap the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set "envelope" : true in the query.

For endpoints that return one result, response body includes:

Name
Description

status

HTTP response code

content

Expected response body

For endpoints that return a list of results, the results object is an envelope. Cloud Manager adds the status field to the response body.

None

Request Body Parameters

Name
Type
Necessity
Description

roles

array

Required

List of roles that the service account should be granted. A minimum of one role must be provided. Any roles provided must be valid for the assigned Project:

Role Value in API
Role

GROUP_AUTOMATION_ADMIN

Project Automation Admin

GROUP_BACKUP_ADMIN

Project Backup Admin

GROUP_BILLING_ADMIN

Project Billing Admin

GROUP_DATA_ACCESS_ADMIN

Project Data Access Admin

GROUP_DATA_ACCESS_READ_ONLY

Project Data Access Read Only

GROUP_DATA_ACCESS_READ_WRITE

Project Data Access Read/Write

GROUP_MONITORING_ADMIN

Project Monitoring Admin

GROUP_OWNER

Project Owner

GROUP_READ_ONLY

Project Read Only

GROUP_USER_ADMIN

Project User Admin

Response

Response Elements

If you set the query element envelope to true, the response is wrapped by the content object.

The HTTP response returns a JSON document that includes the following objects:

Name
Type
Description

clientId

string

Unique identifier for the service account.

createdAt

timestamp

Service account creation time.

name

string

Name of the service account.

description

string

Description of the service account.

roles

string array

List of roles that the service account has in the project.

Project roles include:

secrets

object array

List of service account secrets.

secrets.id

string

Unique 24-hexadecimal character string that identifies the secret.

secrets.createdAt

timestamp

Timestamp representing secret creation time.

secrets.expiresAt

timestamp

Timestamp representing secret expiration time.

secrets.lastUsedAt

timestamp

Timestamp representing last secret usage.

secrets.maskedSecretValue

string

Masked secret that only displays the prefix and last four characters.

Example Request

1curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \
2     --header "Accept: application/json" \
3     --header "Content-Type: application/json" \
4     --include \
5     --request POST "https://cloud.mongodb.com/api/public/v1.0/groups/{PROJECT-ID}/serviceAccounts/{CLIENT-ID}:invite?pretty=true" \
6     --data '{
7       "roles": [ "GROUP_READ_ONLY", "GROUP_DATA_ACCESS_READ_WRITE" ]
8     }'

Example Response

Response Header

HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=ISO-8859-1
Date: {dateInUnixFormat}
WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false
Content-Length: {requestLengthInBytes}
Connection: keep-alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}

Response Body

1{
2  "createdAt" : "2024-08-03T14:02:40Z",
3  "description" : "Service account for developers.",
4  "clientId" : "mdb_sa_id_66ae38803cdf55582cb01144",
5  "name" : "Dev Service Account",
6  "roles" : [ "GROUP_READ_ONLY", "GROUP_DATA_ACCESS_READ_WRITE" ],
7  "secrets" : [ {
8    "createdAt" : "2024-08-03T14:02:40Z",
9    "expiresAt" : "2024-12-31T14:02:40Z",
10    "id" : "66ae38803cdf55582cb01143",
11    "lastUsedAt" : "2024-08-24T21:10:35Z",
12    "maskedSecretValue" : "mdb_sa_sk_...hcOL"
13  } ]
14}

Back

Create & Assign

Next

Modify Details