API Key For User Delete

I may this this question tagged incorrectly.

The goal is to delete a user; but another user, not the logged in user.

The use case is a manager with employees and as the employees come and go the manager needs to be able to add them, and then when they leave delete them. Ignoring for the moment the employees data, the goal is to call an Atlas function from the Swift SDK to delete another user.

I have referenced this Delete User Using a Custom Function and have been working with the Values and Secrets but one issue I am running into is understanding what an ‘Admin User’ is because apparently that’s need to run the function in the above link.

I have modified the code (Value) in the async function adminLogIn use my authentication but it throws this error

response: {"error":"failed to authenticate with MongoDB Cloud API: You are not authorized for this resource.","error_code":"InvalidSession","error_details":{"error":401,"reason":"Unauthorized"}}

How does one become an admin user? And where do I get the two Values for adminApiPublicKey and adminApiPrivateKey

Code below is a copy/paste from the link.

Is the question too vague?


const projectId = "9ff9fkdfkj98sdjf90jklkls0ap";
const appId = "myApp-xxyyz";
const apiUrl = "https://realm.mongodb.com/api/admin/v3.0/groups/" + projectId + "/apps/" + appId;

exports = async function(uid) {
  async function adminLogIn() {
    console.log("async attempting to login as admoi")
    // const username = context.values.get("adminApiPublicKey");
    // const apiKey = context.values.get("adminApiPrivateKey");
    // let email = username.email
    // console.log(email, apiKey)
    const adminKey = context.values.get("adminApiPublicKey");
    let username = adminKey.email
    let apiKey = context.values.get("adminApiPrivateKey");
    try {
      const response = await context.http.post({
          url: "https://realm.mongodb.com/api/admin/v3.0/auth/providers/mongodb-cloud/login",
          body: {username, apiKey},
          encodeBodyAsJSON: true,
      console.log("response: " + response.body.text())
      const body = EJSON.parse(response.body.text());
      console.log("got token: " + body.access_token)
      return body.access_token;
    } catch (err) {
      console.error("caught err " + err.message)

  const token = await adminLogIn();

  async function deleteUser(uid) {
    console.log("async attempting to delete uid: " + uid)
    try {
      await context.http.delete({
        url: `${apiUrl}/users/${uid}`,
        headers: {"Authorization": [`Bearer ${token}`]}
      console.error("got an error: " + uid)
      return uid;
    } catch (err) {
      console.error("ERROR! " + err.message)

  return deleteUser(uid);

After a LOT of trial and error, got the info needed.

First the Admin User (options) can be found in the console; upper right corner where you can select the organization. Then in the organization list, in the project name row, click users, then you can select which ever use you want to Admin and change their privileges.

Then I discovered this

For Admin API requests, your Application ID is the ObjectId value in the _id field, not the client_app_id

This refers to a list retrieved from doing a function call to get all of the apps in the project. e.g. to run admin tasks the app id you would normally use your-app-xxxxxx is not the right one. You will need to discover the application id, not app ID. It’s probably somewhere obvious but I did a little function to list all of the apps within the project and got it from there.