Create Database access user using atlas administrative API

Hey, I’m trying to create atlas users using AWS IAM Authentication using administrative API and I’m currently facing issues with the format of the JSON payloads and the structure of the curl command.

currently, I’m using the below command, which gives an authorization error.

curl --user “:<PRIVATE-KEY” --digest
–header ‘Content-Type: application/json’
–request PATCH
–data ’
“awsIAMType”: “USER”,
“databaseName”: “$external”,
“groupId”: “”,
“roles”: [
“databaseName”: “sales”,
“CollectionName”: “test”,
“roleName”: “readWrite”
“username”: “< USER ARN>”

And the payload would throw the below error.

HTTP/2 401
date: Thu, 25 Apr 2024 10:26:21 GMT
www-authenticate: Digest realm="MMS Public API", domain="", nonce="sYAWln1laokBvhRXV5DWacdUEtQt+prX", algorithm=MD5, qop="auth", stale=false
content-length: 0
x-envoy-upstream-service-time: 3
server: mdbws

HTTP/2 406
date: Thu, 25 Apr 2024 10:26:22 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
referrer-policy: strict-origin-when-cross-origin
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
content-type: application/json
content-length: 140
x-envoy-upstream-service-time: 9
server: mdbws

{"detail":"Invalid accept header or version date.","error":406,"errorCode":"INVALID_VERSION_DATE","parameters":[],"reason":"Not Acceptable"}zsh: command not found: --data

Any idea on what would be missing here.

Hi @Kanaka_Raju

For the v2 api the header Accept: application/vnd.atlas.2023-11-15+json needs to be set, this is the cause oft the error.

Also based on the zsh error line continuation character is missing the ‘space backslash newline’

see the example for correct invocation:

So, I’m using API-V2 to update user permission and roles, and get the below error:

curl --user "<keys>" \
  --digest \
  --header "Accept: application/vnd.atlas.2023-11-15+json" \
  --request POST "$external/<AWS-ARN>"
  --data '

    "awsIAMType": "USER",
    "databaseName": "$external",
    "groupId": "id",

  "roles": [
  "collectionName": "test",
  "databaseName": "test2",
  "roleName": "read"

"username": "ARN",

And get the below error`:

<h1>Bad Message 400</h1><pre>reason: Ambiguous URI empty segment</pre>zsh: command not found: --data```

@chris , Thanks for writing back, I’m currently using API V1 for my use case, Also, would you help in what’s the major difference between these ??

using V1.

curl --user “:” --digest --include
–header “Content-Type: application/json”
–request POST “
–data ’
“awsIAMType”: “USER”,
“databaseName”: “$external”,
“groupId”: “id”,
“roles”: [
“databaseName”: “sale1”,
“roleName”: “readWrite”,
“collectionName”: “sale2,sale1,sale3”
“username”: “ARN”

Would you also mind guiding with the API to update the existing users permission, I'm currently having a pretty hard time to figure this part.

This one is missing the line continuation after the --request line and the --data line