Create an Atlas User¶

Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.

The following resource creates a new Atlas user and assigns it to one or more of your Atlas projects and organizations.

Note

Atlas sends an email to the selected users inviting them to join the project. Invited users do not have access to the project until they accept the invitation. Invitations expire after 30 days.

The Atlas API authenticates using HTTP Digest Authentication. Provide a programmatic API public key and corresponding private key as the username and password when constructing the HTTP request.

To learn how to configure API access for an Atlas project, see Configure Atlas API Access.

Important

Atlas limits Atlas user membership to a maximum of 250 Atlas users per team.

Atlas limits Atlas user membership to 500 Atlas users per project and 500 Atlas users per organization, which includes the combined membership of all projects in the organization.

Atlas raises an error if an operation exceeds these limits.

Example

You have an organization with five projects. Each project has 100 Atlas users. Each Atlas user belongs to only one project. You cannot add any Atlas users to this organization without first removing existing Atlas users from the organization membership.

Create a new user.

Resource¶

Base URL: https://cloud.mongodb.com/api/atlas/v1.0

POST /users

Request Path Parameters¶

This endpoint does not use HTTP request path parameters.

Request Query Parameters¶

This endpoint might use any of the HTTP request query parameters available to all Atlas API resources. All of these are optional.

Name Type Necessity Description Default

pretty boolean Optional Flag indicating whether the response body should be in a prettyprint format. false

envelope

boolean

Optional

Flag indicating if Atlas should wrap the response in a JSON envelope.

This option may be needed for some API clients. These clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

For endpoints that return one result, the response body includes:

status	HTTP response code
envelope	Expected response body

false

Request Body Parameters¶

Body Parameter Type Necessity Description

country string Required ISO-3166-1 alpha 2 country code of the Atlas user's country of residence.

emailAddress string Required Atlas user's email address.

firstName string Required Atlas user's first name.

id string Required Unique identifier for the Atlas user.

lastName string Required Atlas user's last name.

links array of objects Required One or more links to sub-resources and/or related resources. The relation-types between URL s are explained in the Web Linking Specification.

mobileNumber string Required Atlas user's mobile or cell phone number, if it is listed in the user's profile.

password

string

Required

Password. Atlas doesn't return this parameter except in response to creating a new user.

You cannot update the password via API once set. The user must log into Atlas and update their password from the Atlas console.

roles array of objects Required Each object in the array represents either an Atlas organization or project the Atlas user is assigned to and the Atlas role has for the associated organization or project. You can specify either roles.orgId or roles.groupId per object.

roles.groupId string Required unique identifier of the project in which the user has the specified roles.roleName.

roles.orgId string Required unique identifier of the organization in which the user has the specified roles.roleName.

roles.roleName

string

Required

name of the role.

When associated to roles.orgId, the valid roles and their mappings are:

Role	Mapping
ORG_OWNER	`Organization Owner`
ORG_GROUP_CREATOR	`Organization Project Creator`
ORG_BILLING_ADMIN	`Organization Billing Admin`
ORG_READ_ONLY	`Organization Read Only`
ORG_MEMBER	`Organization Member`

When associated to roles.groupId, the valid roles and their mappings are:

Role	Mapping
GROUP_OWNER	`Project Owner`
GROUP_CLUSTER_MANAGER	`Project Cluster Manager`
GROUP_READ_ONLY	`Project Read Only`
GROUP_DATA_ACCESS_ADMIN	`Project Data Access Admin`
GROUP_DATA_ACCESS_READ_WRITE	`Project Data Access Read/Write`
GROUP_DATA_ACCESS_READ_ONLY	`Project Data Access Read Only`

teamIds array of strings Required Unique identifiers for each team to which the user belongs.

username string Required Atlas username. Must use email address formatting. You cannot modify the username once set.

Response¶

The JSON document contains each of the following elements:

Response Parameter Type Required Description

country string Required ISO-3166-1 alpha 2 country code of the Atlas user's country of residence.

emailAddress string Required Atlas user's email address.

firstName string Required Atlas user's first name.

id string Required Unique identifier for the Atlas user.

lastName string Required Atlas user's last name.

links array of objects Required One or more links to sub-resources and/or related resources. The relation-types between URL s are explained in the Web Linking Specification.

mobileNumber string Required Atlas user's mobile or cell phone number, if it is listed in the user's profile.

password

string

Required

Password. Atlas doesn't return this parameter except in response to creating a new user.

You cannot update the password via API once set. The user must log into Atlas and update their password from the Atlas console.

roles array of objects Required Each object in the array represents either an Atlas organization or project the Atlas user is assigned to and the Atlas role has for the associated organization or project. You can specify either roles.orgId or roles.groupId per object.

roles.groupId string Required unique identifier of the project in which the user has the specified roles.roleName.

roles.orgId string Required unique identifier of the organization in which the user has the specified roles.roleName.

roles.roleName

string

Required

name of the role.

When associated to roles.orgId, the valid roles and their mappings are:

Role	Mapping
ORG_OWNER	`Organization Owner`
ORG_GROUP_CREATOR	`Organization Project Creator`
ORG_BILLING_ADMIN	`Organization Billing Admin`
ORG_READ_ONLY	`Organization Read Only`
ORG_MEMBER	`Organization Member`

When associated to roles.groupId, the valid roles and their mappings are:

Role	Mapping
GROUP_OWNER	`Project Owner`
GROUP_CLUSTER_MANAGER	`Project Cluster Manager`
GROUP_READ_ONLY	`Project Read Only`
GROUP_DATA_ACCESS_ADMIN	`Project Data Access Admin`
GROUP_DATA_ACCESS_READ_WRITE	`Project Data Access Read/Write`
GROUP_DATA_ACCESS_READ_ONLY	`Project Data Access Read Only`

teamIds array of strings Required Unique identifiers for each team to which the user belongs.

username string Required Atlas username. Must use email address formatting. You cannot modify the username once set.

Example Request¶

1 curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest --include \
2      --header "Accept: application/json" \
3      --header "Content-Type: application/json" \
4      --request POST "https://cloud.mongodb.com/api/atlas/v1.0/users/" \
5      --data '
6        {
7          "username" : "john.doe@example.com",
8          "password" : "myPassword1@",
9          "emailAddress" : "john.doe@example.com",
10          "mobileNumber" : "2125550198",
11          "firstName" : "John",
12          "lastName" : "Doe",
13          "roles" : [
14            {
15              "orgId" : "8dbbe4570bd55b23f25444db",
16              "roleName" : "ORG_MEMBER"
17            },
18            {
19              "groupId" : "2ddoa1233ef88z75f64578ff",
20              "roleName" : "GROUP_READ_ONLY"
21            }
22          ],
23          "country" : "US"
24        }'

Example Response¶

Response Header¶

HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=ISO-8859-1
Date: {dateInUnixFormat}
WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false
Content-Length: {requestLengthInBytes}
Connection: keep-alive

HTTP/1.1 201 Created
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}

Response Body¶

1 {
2   "emailAddress": "john.doe@example.com",
3   "firstName": "John",
4   "id": "5b06ed7083fb5a40df86e93b",
5   "lastName": "Doe",
6   "links": [
7     {
8       "href": "https://cloud.mongodb.com/api/atlas/v1.0/users/5b06ed7083fb5a40df86e93b",
9       "rel": "self"
10     },
11     {
12       "href": "https://cloud.mongodb.com/api/atlas/v1.0/users/5b06ed7083fb5a40df86e93b/accessList",
13       "rel": "http://mms.mongodb.com/accessList"
14     }
15   ],
16   "mobileNumber" : "2125550198",
17   "roles": [
18     {
19       "orgId" : "8dbbe4570bd55b23f25444db",
20       "roleName" : "ORG_MEMBER"
21     },
22     {
23       "groupId" : "2ddoa1233ef88z75f64578ff",
24       "roleName" : "GROUP_READ_ONLY"
25     }
26   ],
27   "teamIds": [],
28   "username": "john.doe@example.com"
29 }

Give Feedback

← Get an Atlas User by Name Update an Atlas User →

1	curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest --include \
2	--header "Accept: application/json" \
3	--header "Content-Type: application/json" \
4	--request POST "https://cloud.mongodb.com/api/atlas/v1.0/users/" \
5	--data '
6	{
7	"username" : "john.doe@example.com",
8	"password" : "myPassword1@",
9	"emailAddress" : "john.doe@example.com",
10	"mobileNumber" : "2125550198",
11	"firstName" : "John",
12	"lastName" : "Doe",
13	"roles" : [
14	{
15	"orgId" : "8dbbe4570bd55b23f25444db",
16	"roleName" : "ORG_MEMBER"
17	},
18	{
19	"groupId" : "2ddoa1233ef88z75f64578ff",
20	"roleName" : "GROUP_READ_ONLY"
21	}
22	],
23	"country" : "US"
24	}'

1	{
2	"emailAddress": "john.doe@example.com",
3	"firstName": "John",
4	"id": "5b06ed7083fb5a40df86e93b",
5	"lastName": "Doe",
6	"links": [
7	{
8	"href": "https://cloud.mongodb.com/api/atlas/v1.0/users/5b06ed7083fb5a40df86e93b",
9	"rel": "self"
10	},
11	{
12	"href": "https://cloud.mongodb.com/api/atlas/v1.0/users/5b06ed7083fb5a40df86e93b/accessList",
13	"rel": "http://mms.mongodb.com/accessList"
14	}
15	],
16	"mobileNumber" : "2125550198",
17	"roles": [
18	{
19	"orgId" : "8dbbe4570bd55b23f25444db",
20	"roleName" : "ORG_MEMBER"
21	},
22	{
23	"groupId" : "2ddoa1233ef88z75f64578ff",
24	"roleName" : "GROUP_READ_ONLY"
25	}
26	],
27	"teamIds": [],
28	"username": "john.doe@example.com"
29	}