Set Private IP Mode for Project

Enable or disable private IP mode for a project.

What is Private IP Mode?

Private IP mode applies to GCP dedicated clusters only and is required to use GCP VPC Peering.

When enabled, connections from public IPs outside of the peered VPC will not be able to reach MongoDB Atlas dedicated clusters. This setting disables the ability to:

  1. Deploy non-GCP dedicated clusters in this Atlas project, and
  2. Use MongoDB Stitch with dedicated clusters in this Atlas project.

This setting cannot be enabled or disabled while you have dedicated GCP clusters or peering connections in this Project.

Base URL:


PATCH /groups/{GROUP-ID}/privateIpMode

Request Path Parameters

Body Parameter Type Necessity Description
GROUP-ID string Required Unique identifier of the project for which to set the state of private IP mode.

Request Query Parameters

This endpoint may use any of the HTTP request query parameters available to all Atlas API resources. These are all optional.

Name Type Description Default
pretty boolean Indicates whether the response body should be in a prettyprint format. false
envelope boolean

Indicates whether or not to wrap the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

For endpoints that return one result, the response body includes:

status HTTP response code
envelope The expected response body

Request Body Parameters

Body Parameter Type Necessity Description
enabled boolean Required Flag indicating if private IP mode is enabled or disabled for this project.


Body Parameter Type Description
enabled boolean Flag indicating if private IP mode is enabled or disabled for this project.

Example Request

curl --user "{USERNAME}:{APIKEY}" --digest \
  --header "Accept: application/json" \
  --header "Content-Type: application/json" \
  --include \
  --request PATCH "{GROUP-ID}/privateIpMode?pretty=true" \
  --data '
      "enabled" : true

Example Response

Response Header

HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=ISO-8859-1
Date: {dateInUnixFormat}
WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false
Content-Length: {requestLengthInBytes}
Connection: keep-alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}

Response Body

  "enabled" : true