Update Delegation Settings for One Organization

PATCH /api/atlas/v2/orgs/{orgId}/delegationSettings

Updates the delegation settings for the specified organization. Only fields present in the request body are updated; omitted fields retain their current values.

Role requirements
  • Organization Owner

Path parameters

  • orgId string Required

    Unique 24-hexadecimal digit string that identifies the organization that contains your projects. Use the /orgs endpoint to retrieve all organizations to which the authenticated user has access.

    Format should match the following pattern: ^([a-f0-9]{24})$.

Query parameters

  • envelope boolean

    Flag that indicates whether Application wraps the response in an envelope JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.

    Default value is false.

  • pretty boolean

    Flag that indicates whether the response body should be in the prettyprint format.

    Default value is false.

    Prettyprint
application/vnd.atlas.2025-03-12+json

Body Required

Delegation settings to update.

  • delegatedMcpAccess string | null

    Policy that controls how MCP (Model Context Protocol) delegated access is permitted within this organization. Possible values are DISALLOWED, READ_ONLY, and READ_WRITE. Defaults to DISALLOWED.

    Values are DISALLOWED, READ_ONLY, or READ_WRITE.

  • delegatedPartnerAccess string | null

    Policy that controls whether partner delegated access is permitted within this organization. Possible values are DISALLOWED and READ_WRITE. Defaults to DISALLOWED.

    Values are DISALLOWED or READ_WRITE.

  • idleRefreshTokenLifetime integer(int64) | null

    Maximum number of seconds a refresh token may be idle before it expires. Omit to leave unchanged; set to null to reset to the system default. Must be between 1 and 31536000 (1 year) when provided.

    Minimum value is 1, maximum value is 31536000.

  • maximumRefreshTokenLifetime integer(int64) | null

    Maximum lifetime of a refresh token in seconds, regardless of activity. Omit to leave unchanged; set to null to reset to the system default. Must be between 1 and 31536000 (1 year) when provided.

    Minimum value is 1, maximum value is 31536000.

Responses

  • 200 application/vnd.atlas.2025-03-12+json

    OK

    Hide headers attributes Show headers attributes
    • RateLimit-Limit

      The maximum number of requests that a user can make within a specific time window.

    • RateLimit-Remaining

      The number of requests remaining in the current rate limit window before the limit is reached.

    Hide response attributes Show response attributes object
    • delegatedMcpAccess string | null

      Policy that controls how MCP (Model Context Protocol) delegated access is permitted within this organization. Possible values are DISALLOWED, READ_ONLY, and READ_WRITE. Defaults to DISALLOWED.

      Values are DISALLOWED, READ_ONLY, or READ_WRITE.

    • delegatedPartnerAccess string | null

      Policy that controls whether partner delegated access is permitted within this organization. Possible values are DISALLOWED and READ_WRITE. Defaults to DISALLOWED.

      Values are DISALLOWED or READ_WRITE.

    • idleRefreshTokenLifetime integer(int64) | null

      Maximum number of seconds a refresh token may be idle before it expires. When not set, the system default applies.

      Minimum value is 1, maximum value is 31536000.

    • maximumRefreshTokenLifetime integer(int64) | null

      Maximum lifetime of a refresh token in seconds, regardless of activity. When not set, the system default applies.

      Minimum value is 1, maximum value is 31536000.

  • 400 application/json

    Bad Request.

    Hide response attributes Show response attributes object
    • badRequestDetail object | null

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object | null
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string | null

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string | null

      Application error message returned with this error.

  • 401 application/json

    Unauthorized.

    Hide response attributes Show response attributes object
    • badRequestDetail object | null

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object | null
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string | null

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string | null

      Application error message returned with this error.

  • 403 application/json

    Forbidden.

    Hide response attributes Show response attributes object
    • badRequestDetail object | null

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object | null
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string | null

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string | null

      Application error message returned with this error.

  • 404 application/json

    Not Found.

    Hide response attributes Show response attributes object
    • badRequestDetail object | null

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object | null
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string | null

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string | null

      Application error message returned with this error.

  • 429 application/json

    Too Many Requests.

    Hide headers attributes Show headers attributes
    • RateLimit-Limit

      The maximum number of requests that a user can make within a specific time window.

    • RateLimit-Remaining

      The number of requests remaining in the current rate limit window before the limit is reached.

    • Retry-After

      The minimum time you should wait, in seconds, before retrying the API request. This header might be returned for 429 or 503 error responses.

    Hide response attributes Show response attributes object
    • badRequestDetail object | null

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object | null
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string | null

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string | null

      Application error message returned with this error.

  • 500 application/json

    Internal Server Error.

    Hide response attributes Show response attributes object
    • badRequestDetail object | null

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object | null
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string | null

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string | null

      Application error message returned with this error.

PATCH /api/atlas/v2/orgs/{orgId}/delegationSettings
atlas api organizations updateOrgDelegationSettings --help
import (
	"os"
	"context"
	"log"
	sdk "go.mongodb.org/atlas-sdk/v20250312001/admin"
)

func main() {
	ctx := context.Background()
	clientID := os.Getenv("MONGODB_ATLAS_CLIENT_ID")
	clientSecret := os.Getenv("MONGODB_ATLAS_CLIENT_SECRET")

	// See https://dochub.mongodb.org/core/atlas-go-sdk-oauth
	client, err := sdk.NewClient(sdk.UseOAuthAuth(clientID, clientSecret))

	if err != nil {
		log.Fatalf("Error: %v", err)
	}

	params = &sdk.UpdateOrgDelegationSettingsApiParams{}
	sdkResp, httpResp, err := client.OrganizationsApi.
		UpdateOrgDelegationSettingsWithParams(ctx, params).
		Execute()
}
curl --include --header "Authorization: Bearer ${ACCESS_TOKEN}" \
  --header "Accept: application/vnd.atlas.2025-03-12+json" \
  --header "Content-Type: application/json" \
  -X PATCH "https://cloud.mongodb.com/api/atlas/v2/orgs/{orgId}/delegationSettings" \
  -d '{ <Payload> }'
curl --user "${PUBLIC_KEY}:${PRIVATE_KEY}" \
  --digest --include \
  --header "Accept: application/vnd.atlas.2025-03-12+json" \
  --header "Content-Type: application/json" \
  -X PATCH "https://cloud.mongodb.com/api/atlas/v2/orgs/{orgId}/delegationSettings" \
  -d '{ <Payload> }'
Request examples
{
  "delegatedMcpAccess": "DISALLOWED",
  "delegatedPartnerAccess": "DISALLOWED",
  "idleRefreshTokenLifetime": 42,
  "maximumRefreshTokenLifetime": 42
}
Response examples (200)
# Headers

# Payload
{
  "delegatedMcpAccess": "DISALLOWED",
  "delegatedPartnerAccess": "DISALLOWED",
  "idleRefreshTokenLifetime": 42,
  "maximumRefreshTokenLifetime": 42
}
Response examples (400)
{
  "detail": "(This is just an example, the exception may not be related to this endpoint) No provider AWS exists.",
  "error": 400,
  "errorCode": "VALIDATION_ERROR",
  "reason": "Bad Request"
}
Response examples (401)
{
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "error": 401,
  "errorCode": "NOT_ORG_GROUP_CREATOR",
  "reason": "Unauthorized"
}
Response examples (403)
{
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "error": 403,
  "errorCode": "CANNOT_CHANGE_GROUP_NAME",
  "reason": "Forbidden"
}
Response examples (404)
{
  "detail": "(This is just an example, the exception may not be related to this endpoint) Cannot find resource AWS",
  "error": 404,
  "errorCode": "RESOURCE_NOT_FOUND",
  "reason": "Not Found"
}
Response examples (429)
{
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "error": 429,
  "errorCode": "RATE_LIMITED",
  "reason": "Too Many Requests"
}
Response examples (500)
{
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "error": 500,
  "errorCode": "UNEXPECTED_ERROR",
  "reason": "Internal Server Error"
}