Navigation

Add Entries to Project IP Whitelist

Important With Circle IconCreated with Sketch.Important
Access List Replaces Whitelist

Atlas now refers to its cluster firewall management as IP Access Lists. Atlas has deprecated the whitelist resource and will disable it in June 2021. Revise your whitelist endpoints to use the IP Access List resource.

Info With Circle IconCreated with Sketch.Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.

Important With Circle IconCreated with Sketch.Important

The /groups/{PROJECT-ID}/whitelist endpoint manages the Project IP Whitelist. This endpoint is distinct from the /users/{USER-ID}/whitelist endpoint, which manages an Atlas user's API whitelist.

This endpoint does not support concurrent POST requests. Multiple POST requests must be submitted synchronously.

The Atlas API authenticates using HTTP Digest Authentication. Provide a programmatic API public key and corresponding private key as the username and password when constructing the HTTP request.

To learn how to configure API access for an Atlas project, see Configure Atlas API Access.

https://cloud.mongodb.com/api/atlas/v1.0

POST /groups/{GROUP-ID}/whitelist
Path ElementTypeNecessityDescription
GROUP-IDstringRequiredUnique identifier for the project to which you want to add one or more whitelist entries.

The following query parameters are optional:

NameTypeNecessityDescriptionDefault
pageNumintegerOptionalPage number, starting with one, that Atlas returns of the total number of objects.1
itemsPerPageintegerOptionalNumber of items that Atlas returns per page, up to a maximum of 500.100
includeCountbooleanOptionalFlag that indicates whether Atlas returns the totalCount parameter in the response body.true
prettybooleanOptionalFlag that indicates whether Atlas returns the JSON response in the prettyprint format.false
envelopebooleanOptional

Flag that indicates whether Atlas wraps the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

Endpoints that return a list of results use the results object as an envelope. Atlas adds the status parameter to the response body.

false

Specify an array of documents, where each document represents one whitelist entry you want to add to the project. You must specify an array even if you add a single whitelist entry to the project.

Important With Circle IconCreated with Sketch.Important
How Whitelist Updates Work

The whitelist might change depending upon what you submit in the POST request. This request attempts to find an existing whitelist entry that has the same awsSecurityGroup, ipAddress, or cidrBlock value. If the whitelist entry:

Whitelist Entry Matchcomment ValueWhitelist Update
YesUnchangedMakes no change.
NoAddedAppends request as new whitelist entry.
YesChangedUpdates comment value in whitelist entry with matching awsSecurityGroup, ipAddress, or cidrBlock value.
NameTypeDescription
awsSecurityGroupstring

ID of the AWS security group to whitelist. Mutually exclusive with cidrBlock and ipAddress.

Info With Circle IconCreated with Sketch.Note

You must configure VPC peering for your project before you can whitelist an AWS security group.

cidrBlockstringWhitelist entry in Classless Inter-Domain Routing (CIDR) notation. Mutually exclusive with awsSecurityGroup and ipAddress.
ipAddressstringWhitelisted IP address. Mutually exclusive with awsSecurityGroup and cidrBlock.
commentstringOptional Comment associated with the whitelist entry.
deleteAfterDatedate

Optional ISO-8601-formatted UTC date after which Atlas removes the entry from the whitelist. The specified date must be in the future and within one week of the time you make the API request.

Important With Circle IconCreated with Sketch.Important

You cannot set AWS security groups as temporary whitelist entries.

Info With Circle IconCreated with Sketch.Note

You may include an ISO-8601 time zone designator to ensure that the expiration date occurs with respect to the local time in the specified time zone.

The response JSON document includes an array of result objects, an array of link objects, and a count of the total number of result objects retrieved.

NameTypeDescription
resultsobject arrayIncludes one object for each item detailed in the results array section.
linksobject arrayIncludes one or more links to sub-resources and/or related resources. The relations between URLs are explained in the Web Linking Specification.
totalCountnumberCount of the total number of items in the result set. It may be greater than the number of objects in the results array if the entire result set is paginated.

Each element in the result array is one whitelist entry associated to the project IP whitelist.

NameTypeDescription
awsSecurityGroupstringID of the whitelisted AWS security group. Mutually exclusive with cidrBlock and ipAddress.
cidrBlockstringWhitelist entry in Classless Inter-Domain Routing (CIDR) notation. Mutually exclusive with awsSecurityGroup and ipAddress.
ipAddressstringWhitelisted IP address. Mutually exclusive with awsSecurityGroup and cidrBlock.
groupIdstringID of the project containing the whitelist entry.
commentstringComment associated with the whitelist entry.
deleteAfterDatedateISO-8601- formatted date after which Atlas deletes the temporary whitelist entry. This field is only present if an expiration date was specified when creating the entry.
linksobject arrayIncludes a link to the whitelist entry, including the HTML-escaped IP or CIDR address.
curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest --include \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--request POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/5aec7afbf7d068e35a39809b/whitelist?pretty=true" \
--data '
[
{
"ipAddress" : "192.0.2.15",
"comment" : "IP address for Application Server A"
},
{
"cidrBlock" : "203.0.113.0/24",
"comment" : "CIDR block for Application Server B - D"
},
{
"awsSecurityGroup" : "sg-0026348ec11780bd1",
"comment" : "Whitelisted AWS Security Group"
}
]'
{
"links": [
{
"href": "https://cloud.mongodb.com/api/atlas/v1.0/groups/5aec7afbf7d068e35a39809b/whitelist?pageNum=1&itemsPerPage=100?pretty=true",
"rel": "self"
}
],
"results": [
{
"cidrBlock": "192.0.2.0/24",
"comment": "IP address for Application Server A",
"groupId": "5aec7afbf7d068e35a39809b",
"ipAddress": "192.0.2.15",
"links": [
{
"href": "https://cloud.mongodb.com/api/atlas/v1.0/groups/5aec7afbf7d068e35a39809b/whitelist/192.0.2.15%2F24",
"rel": "self"
}
]
},
{
"cidrBlock": "203.0.113.0/24",
"comment": "CIDR block for Application Server B - D",
"groupId": "5aec7afbf7d068e35a39809b",
"links": [
{
"href": "https://cloud.mongodb.com/api/atlas/v1.0/groups/5aec7afbf7d068e35a39809b/whitelist/203.0.113.0%2F24",
"rel": "self"
}
]
},
{
"awsSecurityGroup": "sg-0026348ec11780bd1",
"comment": "Whitelisted AWS Security Group",
"groupId": "5bbfb39280eef5488e6020c6",
"links": [
{
"href" : "https://cloud.mongodb.com/api/atlas/v1.0/groups/5aec7afbf7d068e35a39809b/whitelist/sg-0026348ec11780bd1",
"rel": "self"
}
]
],
"totalCount": 3
}
Give Feedback