API >
API Resources >
Programmatic API Keys >
Create and Assign One Organization API Key to One Project

Create and Assign One Organization API Key to One Project¶

On this page

Resource
Response
Example Request
Example Response
- Response Header
- Response Body

Base URL: https://cloud.mongodb.com/api/atlas/v1.0

Resource¶

POST /groups/{GROUP-ID}/apiKeys

Request Path Parameters¶

Name	Type	Description
`GROUP-ID`	string	Unique identifier for the Project whose API keys you want to retrieve. Use the /groups endpoint to retrieve all organizations to which the authenticated user has access.

Request Query Parameters¶

This endpoint may use any of the HTTP request query parameters available to all Atlas API resources. These are all optional.

Name Type Description Default

pageNum integer Page number (1-based). 1

itemsPerPage integer Maximum number of items to return, up to a maximum of 100. 100

pretty boolean Indicates whether the response body should be in a prettyprint format. false

envelope

boolean

Indicates whether or not to wrap the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

For endpoints that return one result, response body includes:

`status`	HTTP response code
`envelope`	The expected response body

For endpoints that return a list of results, the results object is an envelope. Atlas adds the status field to the response body.

Request Body Parameters¶

At least one of the two body parameters are required.

Name Type Description

desc string Description of the API key. Must be between 1 and 250 characters in length.

roles

string array

List of roles that the API Key needs to have. If the roles array is provided:

Provide at least one role
Make sure all roles must be valid for the Project

Project roles include:

GROUP_CHARTS_ADMIN
GROUP_CLUSTER_MANAGER
GROUP_DATA_ACCESS_ADMIN
GROUP_DATA_ACCESS_READ_ONLY
GROUP_DATA_ACCESS_READ_WRITE
GROUP_OWNER
GROUP_READ_ONLY

Response¶

Name	Type	Description
`desc`	string	Description of this Organization API key assigned to this Project.
`id`	string	Unique identifier for this Organization API key assigned to this Project.
`privateKey`	string	Redacted Private key for this Organization API key assigned to this Project. Note This key displays unredacted when first created.
`publicKey`	string	Public key for this Organization API key assigned to this Project.
`roles`	object array	Roles that this Organization API key assigned to this Project has. This array returns all the Organization and Project roles the user has in Atlas.
`roles.groupId`	string	Unique identifier of the Project to which this role belongs.
`roles.orgId`	string	Unique identifier of the Organization to which this role belongs.
`roles.roleName`	string	Name of the role. This resource returns all the roles the user has in Atlas. Possible values are: Organization Roles If this is an `roles.orgId` (Organization), values include: `ORG_OWNER` `ORG_MEMBER` `ORG_GROUP_CREATOR` `ORG_BILLING_ADMIN` `ORG_READ_ONLY` Project Roles If this is an `roles.groupId` (Project), values include: `GROUP_CHARTS_ADMIN` `GROUP_CLUSTER_MANAGER` `GROUP_DATA_ACCESS_ADMIN` `GROUP_DATA_ACCESS_READ_ONLY` `GROUP_DATA_ACCESS_READ_WRITE` `GROUP_OWNER` `GROUP_READ_ONLY`

Example Request¶

Note

The user who makes the request can be formatted either as {USERNAME}:{APIKEY} or {PUBLIC-KEY}:{PRIVATE-KEY}.

copy

curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \
  --header "Accept: application/json" \
  --header "Content-Type: application/json" \
  --include \
  --request POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/5953c5f380eef53887615f9a/apiKeys?pretty=true" \
  --data '{
    "desc" : "New API key for test purposes",
    "roles": ["GROUP_READ_ONLY", "GROUP_DATA_ACCESS_ADMIN"]
  }'

Example Response¶

Response Header¶

HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=ISO-8859-1
Date: {dateInUnixFormat}
WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false
Content-Length: {requestLengthInBytes}
Connection: keep-alive

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}

Response Body¶

{
  "desc" : "New API key for test purposes",
  "id" : "5d1d143c87d9d63e6d694746",
  "links" : [ {
    "href" : "https://cloud.mongodb.com/api/atlas/v1.0/orgs/5980cfe20b6d97029d82fa63/apiKeys/5d1d143c87d9d63e6d694746",
    "rel" : "self"
  } ],
  "privateKey" : "********-****-****-db2c132ca78d",
  "publicKey" : "{PUBLIC-KEY}",
  "roles" : [ {
    "groupId" : "5953c5f380eef53887615f9a",
    "roleName" : "GROUP_READ_ONLY"
  }, {
    "groupId" : "5953c5f380eef53887615f9a",
    "roleName" : "GROUP_DATA_ACCESS_ADMIN"
  }, {
    "orgId" : "5980cfe20b6d97029d82fa63",
    "roleName" : "ORG_BILLING_ADMIN"
  } ]
}

← Get All Organization API Keys Assigned to One Project Assign One Organization API Key to One Project →