Trying To Get Project Access Manager Users Programmatically via Atlas Administration API, Getting 401 Response

Gabriel_Torion · July 27, 2023, 4:56pm

I’m trying to get all the Project Access Manager Users (the users in the screen-shot) of the project I’m working on for a client. I’m doing it programmatically by making a get request with the generated public key and private key as the username and password for the auth header of the request.

Here’s my code:

const getDbProjectManagerUsers = async () => {
    try {
        const { MONGODB_PROJECT_PUBLIC_KEY, MONGODB_PROJECT_PRIVATE_KEY, MONGODB_PROJECT_ID } = process.env;
        const url = `https://cloud.mongodb.com/api/atlas/v2/groups/${MONGODB_PROJECT_ID}/databaseUsers`;
        const url2 = `https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/databaseUsers`
        const auth = {
            username: MONGODB_PROJECT_PUBLIC_KEY,
            password: MONGODB_PROJECT_PRIVATE_KEY,
        };
        console.log("auth: ", auth)
        console.log('url: ', url)
        const response = await axios.get(url, {
            auth,
            headers: {
                Accept: 'application/vnd.atlas.2023-02-01+json'
            }
        })

        if (response.status !== 200) {
            throw new Error('Error getting project manager users from the db')
        }

        console.log('response.data: ', response.data)
    } catch (error) {
        console.error('An error has occurred getting the project managers users from the db: ', error);
    }
}

The response that I’m getting is a 401 with the following error message: ‘You are not authorized for this resource.’

I’ve checked the logs; I’m not getting undefined for any of my environment variables.

This doesn’t make sense to me because the public-private key pair that was generated has a ‘Project Read Only’ role, which is necessary to send the request to the API, as mentioned in the docs linked here: MongoDB Atlas Administration API.

What am I missing? Thanks for any responses.

chris · July 27, 2023, 10:43pm

Hi @Gabriel_Torion

All api requests require digest authentication.

The endpoint that matches your screenshot is https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/users

Hope this helps!

Gabriel_Torion · July 27, 2023, 11:15pm

Hi Chris.

Thanks for the reply.

Still getting an error. I’m getting a 406: “Not acceptable.”

Here’s my refactored code:

const getDbProjectManagerUsers = async () => {
    try {
        const { GABES_DB_PROJECT_ID, GABES_DB_PASSWORD, GABES_DB_USERNAME } = process.env;
        const url = `https://cloud.mongodb.com/api/atlas/v2/groups/${GABES_DB_PROJECT_ID}/users`
        const options = {
            method: "GET",
            rejectUnauthorized: false,
            digestAuth: `${GABES_DB_USERNAME}:${GABES_DB_PASSWORD}`,
        };
        const response = await urllib.request(url, options)

        console.log('response ', response)
        console.log('response statusText: ', response.status)
    } catch (error) {
        console.error('An error has occurred getting the project managers users from the db: ', error);
    }
}

chris · July 27, 2023, 11:17pm

Looks like you threw away your Accept header:

                Accept: 'application/vnd.atlas.2023-02-01+json'

You’ll want to keep that!

Gabriel_Torion · July 28, 2023, 1:09am

Yea, sorry, I forgot about that. I added that in, and now I’m getting a 403 “Forbidden response” error.

To provide some context, I am the project owner for the example, and I’ve also added my IP address to the “Edit Access List” for the API key.

chris · July 28, 2023, 11:42am

Check the response body for the full reason for the 403.