API >
API Resources >
Programmatic API Keys >
Create and Assign One Organization API Key to One Project

Create and Assign One Organization API Key to One Project¶

On this page

Resource
Response
Example Request
Example Response
- Response Header
- Response Body

Base URL: https://cloud.mongodb.com/api/atlas/v1.0

Resource¶

POST /groups/{PROJECT-ID}/apiKeys

Request Path Parameters¶

Name	Type	Description
`PROJECT-ID`	string	Unique identifier for the Project whose API keys you want to retrieve. Use the /groups endpoint to retrieve all organizations to which the authenticated user has access.

Request Query Parameters¶

This endpoint may use any of the HTTP request query parameters available to all Atlas API resources. These are all optional.

Name Type Necessity Description Default

pageNum integer Optional Page number (1-based). 1

itemsPerPage integer Optional Maximum number of items to return, up to a maximum of 100. 100

includeCount boolean Optional Specifies whether the response returns the totalCount field. true

pretty boolean Optional Indicates whether the response body should be in a prettyprint format. false

envelope

boolean

Optional

Flag indicating if Atlas should wrap the response in a JSON envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

For endpoints that return one result, the response body includes:

status	HTTP response code
envelope	Expected response body

For endpoints that return a list of results, the results object is an envelope. Atlas adds the status field to the response body.

false

Request Body Parameters¶

At least one of the two body parameters are required.

Name Type Necessity Description

desc string Conditional Description of the API key. Must be between 1 and 250 characters in length, inclusive.

roles

array of strings

Conditional

List of roles that the API Key needs to have. If you include the roles array:

Provide at least one role
Make sure all roles must be valid for the Project

Project roles include:

GROUP_CLUSTER_MANAGER
GROUP_DATA_ACCESS_ADMIN
GROUP_DATA_ACCESS_READ_ONLY
GROUP_DATA_ACCESS_READ_WRITE
GROUP_OWNER
GROUP_READ_ONLY

Response¶

Name	Type	Description
`desc`	string	Description of this Organization API key assigned to this Project.
`id`	string	Unique identifier for this Organization API key assigned to this Project.
`privateKey`	string	Redacted Private key for this Organization API key assigned to this Project. Note This key displays unredacted when first created.
`publicKey`	string	Public key for this Organization API key assigned to this Project.
`roles`	array of objects	Roles that this Organization API key assigned to this Project has. This array returns all the Organization and Project roles the user has in Atlas.
`roles.groupId`	string	Unique identifier of the Project to which this role belongs.
`roles.orgId`	string	Unique identifier of the Organization to which this role belongs.
`roles.roleName`	string	Name of the role. This resource returns all the roles the user has in Atlas. Possible values are: Organization Roles If this is an `roles.orgId` (Organization), values include: `ORG_OWNER` `ORG_MEMBER` `ORG_GROUP_CREATOR` `ORG_BILLING_ADMIN` `ORG_READ_ONLY` Project Roles If this is an `roles.groupId` (Project), values include: `GROUP_CLUSTER_MANAGER` `GROUP_DATA_ACCESS_ADMIN` `GROUP_DATA_ACCESS_READ_ONLY` `GROUP_DATA_ACCESS_READ_WRITE` `GROUP_OWNER` `GROUP_READ_ONLY`

Example Request¶

Note

The user who makes the request can be formatted either as {USERNAME}:{APIKEY} or {PUBLIC-KEY}:{PRIVATE-KEY}.

copy

curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \
     --header "Accept: application/json" \
     --header "Content-Type: application/json" \
     --include \
     --request POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/{PROJECT-ID}/apiKeys?pretty=true" \
     --data '{
       "desc" : "New API key for test purposes",
       "roles": ["GROUP_READ_ONLY", "GROUP_DATA_ACCESS_ADMIN"]
     }'

Example Response¶

Response Header¶

HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=ISO-8859-1
Date: {dateInUnixFormat}
WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false
Content-Length: {requestLengthInBytes}
Connection: keep-alive

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}

Response Body¶

{
  "desc" : "New API key for test purposes",
  "id" : "{API-KEY}",
  "links" : [ {
    "href" : "https://cloud.mongodb.com/api/atlas/v1.0/orgs/{ORG-ID}/apiKeys/{API-KEY}",
    "rel" : "self"
  } ],
  "privateKey" : "********-****-****-db2c132ca78d",
  "publicKey" : "{PUBLIC-KEY}",
  "roles" : [ {
    "groupId" : "{PROJECT-ID}",
    "roleName" : "GROUP_READ_ONLY"
  }, {
    "groupId" : "{PROJECT-ID}",
    "roleName" : "GROUP_DATA_ACCESS_ADMIN"
  }, {
    "orgId" : "{ORG-ID}",
    "roleName" : "ORG_BILLING_ADMIN"
  } ]
}

← Get All Organization API Keys Assigned to One Project Assign One Organization API Key to One Project →