MongoDB Atlas App Services Admin API
3.0

Base URL 
https://services.cloud.mongodb.com/api/admin/v3.0

End-of-Life (EOL) Notice

APP SERVICES HAVE REACHED END-OF-LIFE (EOL) Atlas Device Sync, SDKs, Data API, GraphQL, Static Hosting, and HTTPS Endpoints have reached EOL on September 30, 2025. Database triggers remain available.

This impacts additional App Service capabilities, including authentication and user management, functions, Wire Protocol, and data access permissions. API endpoints related to these features are deprecated.

For more information, refer to the Deprecation page: https://www.mongodb.com/docs/atlas/app-services/deprecation/.

API Overview

The App Services Admin API lets you programmatically perform administrative tasks over HTTPS. This includes defining & configuring things like:

  • App Deployment & Security
  • APIs & Endpoints
  • Authentication & User Management
  • Data Sources
  • Device Sync
  • Environments
  • Functions
  • Logs
  • Rules
  • Schemas
  • Static Hosting
  • Triggers
  • Usage & Billing Metrics
  • Values & Secrets

The Admin API is for application development, configuration, and deployment. To use the features you configure with the Admin API, client applications connect with an HTTPS API specific to your App.

Project & Application IDs

Note: The terms Project ID and Group ID are interchangeable.

Atlas App Services Admin API endpoints frequently require you to include two parameters in the URL:

  • Your Atlas Project ID (also sometimes called a Group ID)
  • Your App Services Application ID

Project ID

You can find your Project ID from the MongoDB Atlas dashboard or with the MongoDB Atlas CLI.

Application ID

To find an Application ID, make a request to the List Apps endpoint for your project. You'll need an access_token to make this request. To learn how to get one, see Get an Admin API Session Access Token.

curl --request GET \
  --header 'Authorization: Bearer <access_token>' \
  https://services.cloud.mongodb.com/api/admin/v3.0/groups/{groupId}/apps

This will return a list of objects describing each App Services App in the provided project/group. For Admin API requests, your Application ID is the ObjectId value in the _id field, not the client_app_id.

[
  {
    "_id": "5997529e46224c6e42gb6dd9",
    "group_id": "57879f6cc4b32dbe440bb8c5",
    "domain_id": "5886619e46124e4c42fb5dd8",
    "client_app_id": "myapp-abcde",
    "name": "myapp",
    "location": "US-VA",
    "deployment_model": "GLOBAL",
    "last_used": 1615153544,
    "last_modified": 0,
    "product": "standard",
    "environment": ""
  }
]

Get an Admin API Session Access Token

Every request to the App Services Admin API must include a valid, unexpired access token issued by the MongoDB Cloud API. You include this token in the Authorization header of each request using the bearer auth scheme.

You need a valid MongoDB Atlas programmatic API key for MongoDB Atlas to get a token.

Once you have an API key pair, call the authentication endpoint:

curl --request POST \
  --header 'Content-Type: application/json' \
  --header 'Accept: application/json' \
  --data '{"username": "<Public API Key>", "apiKey": "<Private API Key>"}' \
  https://services.cloud.mongodb.com/api/admin/v3.0/auth/providers/mongodb-cloud/login

If authentication succeeds, App Services returns an access token as part of the JSON response document:

{
  "access_token": "<access_token>",
  "refresh_token": "<refresh_token>",
  "user_id": "<user_id>",
  "device_id": "<device_id>"
}

The access_token represents a limited-time authorization to interact with the Admin API. To authenticate a request, include the token in a Bearer token Authorization header.

Authorization: Bearer <access_token>

Refresh an Admin API Session Access Token

Session access tokens expire 30 minutes after they are issued. When you login, the response also includes a refresh_token that you can use to get a new access token. This is useful because you only need to log in with credentials one time. After that you can use the refresh token to re-authenticate for as long as its valid.

By default, refresh tokens expire 60 days after being issued. You can customize refresh token expiration for a minimum of 30 minutes or a maximum of 5 years.

To refresh your authentication and get a new access_token, call the auth session endpoint with your refresh_token in the Authorization header:

curl --request POST \
  --header 'Authorization: Bearer <refresh_token>' \
  https://services.cloud.mongodb.com/api/admin/v3.0/auth/session

If the refresh token is valid, the response body includes a new access_token that's valid for the next 30 minutes:

{
  "access_token": "<access_token>"
}

This is version 3.0 of this API documentation. Last update on Sep 23, 2025.