Navigation

Add Entries to Project IP Whitelist

Important
Access List Replaces Whitelist

Atlas now refers to its cluster firewall management as IP Access Lists. Atlas has deprecated the whitelist resource and will disable it in June 2021. Revise your whitelist endpoints to use the IP Access List resource.

Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.

Important

The /groups/{GROUP-ID}/whitelist endpoint manages the Project IP Whitelist. This endpoint is distinct from the /users/{USER-ID}/whitelist endpoint, which manages an Atlas user's API whitelist.

This endpoint does not support concurrent POST requests. Multiple POST requests must be submitted synchronously.

The Atlas API authenticates using HTTP Digest Authentication. Provide a programmatic API public key and corresponding private key as the username and password when constructing the HTTP request.

To learn how to configure API access for an Atlas project, see Configure Atlas API Access.

https://cloud.mongodb.com/api/atlas/v1.0

POST /groups/{GROUP-ID}/whitelist
Path Element
Type
Necessity
Description
GROUP-ID
string
Required
Unique identifier for the project to which you want to add one or more whitelist entries.

This endpoint may use any of the HTTP request query parameters available to all Atlas API resources. These are all optional.

Name
Type
Necessity
Description
Default
pageNum
integer
Optional
Page number, starting with one, that Atlas returns of the total number of objects.
1
itemsPerPage
integer
Optional
Number of items that Atlas returns per page, up to a maximum of 500.
100
includeCount
boolean
Optional
Flag that indicates whether Atlas returns the totalCount parameter in the response body.
true
pretty
boolean
Optional
Flag that indicates whether Atlas returns the JSON response in the prettyprint format.
false
envelope
boolean
Optional

Flag that indicates whether Atlas wraps the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

Endpoints that return a list of results use the results object as an envelope. Atlas adds the status parameter to the response body.

false

Specify an array of documents, where each document represents one whitelist entry you want to add to the project. You must specify an array even if you add a single whitelist entry to the project.

Important
How Whitelist Updates Work

The whitelist might change depending upon what you submit in the POST request. This request attempts to find an existing whitelist entry that has the same awsSecurityGroup, ipAddress, or cidrBlock value. If the whitelist entry:

Whitelist Entry Match
comment Value
Whitelist Update
Yes
Unchanged
Makes no change.
No
Added
Appends request as new whitelist entry.
Yes
Changed
Updates comment value in whitelist entry with matching awsSecurityGroup, ipAddress, or cidrBlock value.
Name
Type
Description
awsSecurityGroup
string

ID of the AWS security group to whitelist. Mutually exclusive with cidrBlock and ipAddress.

Note

You must configure VPC peering for your project before you can whitelist an AWS security group.

cidrBlock
string
Whitelist entry in Classless Inter-Domain Routing (CIDR) notation. Mutually exclusive with awsSecurityGroup and ipAddress.
ipAddress
string
Whitelisted IP address. Mutually exclusive with awsSecurityGroup and cidrBlock.
comment
string
Optional Comment associated with the whitelist entry.
deleteAfterDate
date

Optional ISO-8601-formatted UTC date after which Atlas removes the entry from the whitelist. The specified date must be in the future and within one week of the time you make the API request.

Important

You cannot set AWS security groups as temporary whitelist entries.

Note

You may include an ISO-8601 time zone designator to ensure that the expiration date occurs with respect to the local time in the specified time zone.

The response JSON document includes an array of result objects, an array of link objects and a count of the total number of result objects retrieved.

Name
Type
Description
results
array of objects
One object for each item detailed in the results Embedded Document section.
links
array of objects

One or more links to sub-resources and/or related resources. The relations between URLs are explained in the Web Linking Specification

totalCount
integer
Count of the total number of items in the result set. It may be greater than the number of objects in the results array if the entire result set is paginated.

Each element in the result array is one whitelist entry associated to the project IP whitelist.

Name
Type
Description
awsSecurityGroup
string
ID of the whitelisted AWS security group. Mutually exclusive with cidrBlock and ipAddress.
cidrBlock
string
Whitelist entry in Classless Inter-Domain Routing (CIDR) notation. Mutually exclusive with awsSecurityGroup and ipAddress.
ipAddress
string
Whitelisted IP address. Mutually exclusive with awsSecurityGroup and cidrBlock.
groupId
string
ID of the project containing the whitelist entry.
comment
string
Comment associated with the whitelist entry.
deleteAfterDate
date
ISO-8601- formatted date after which Atlas deletes the temporary whitelist entry. This field is only present if an expiration date was specified when creating the entry.
links
object array
Includes a link to the whitelist entry, including the HTML-escaped IP or CIDR address.
curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest --include \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--request POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/5aec7afbf7d068e35a39809b/whitelist?pretty=true" \
--data '
[
{
"ipAddress" : "192.0.2.15",
"comment" : "IP address for Application Server A"
},
{
"cidrBlock" : "203.0.113.0/24",
"comment" : "CIDR block for Application Server B - D"
},
{
"awsSecurityGroup" : "sg-0026348ec11780bd1",
"comment" : "Whitelisted AWS Security Group"
}
]'
{
"links": [
{
"href": "https://cloud.mongodb.com/api/atlas/v1.0/groups/5aec7afbf7d068e35a39809b/whitelist?pageNum=1&itemsPerPage=100?pretty=true",
"rel": "self"
}
],
"results": [
{
"cidrBlock": "192.0.2.0/24",
"comment": "IP address for Application Server A",
"groupId": "5aec7afbf7d068e35a39809b",
"ipAddress": "192.0.2.15",
"links": [
{
"href": "https://cloud.mongodb.com/api/atlas/v1.0/groups/5aec7afbf7d068e35a39809b/whitelist/192.0.2.15%2F24",
"rel": "self"
}
]
},
{
"cidrBlock": "203.0.113.0/24",
"comment": "CIDR block for Application Server B - D",
"groupId": "5aec7afbf7d068e35a39809b",
"links": [
{
"href": "https://cloud.mongodb.com/api/atlas/v1.0/groups/5aec7afbf7d068e35a39809b/whitelist/203.0.113.0%2F24",
"rel": "self"
}
]
},
{
"awsSecurityGroup": "sg-0026348ec11780bd1",
"comment": "Whitelisted AWS Security Group",
"groupId": "5bbfb39280eef5488e6020c6",
"links": [
{
"href" : "https://cloud.mongodb.com/api/atlas/v1.0/groups/5aec7afbf7d068e35a39809b/whitelist/sg-0026348ec11780bd1",
"rel": "self"
}
]
],
"totalCount": 3
}
Give Feedback