Docs Menu
Docs Home
/
MongoDB Atlas
/ /

Atlas Administration API Authentication

On this page

  • Considerations

The Atlas Administration API uses HTTP Digest Authentication to authenticate requests. Digest authentication requires a username and a password, where the API public key serves as the username and its corresponding API private key serves as the password. Atlas hashes these values by using a unique value called a nonce. The details of digest authentication are beyond the scope of this document. For more information, see HTTP Digest Authentication.

Configuring digest authentication for the Atlas Administration API differs depending on the method you use to make API requests. If you use cURL, include the --digest flag in the request body. For usage details, see Make an API Request.

Tip

See also:

Review the following:

  • The Atlas-generated nonce is used by the client to hash the username and password before sending them back to the Atlas to authenticate a request. The nonce is only valid for a short amount of time as per the digest authentication specification. This is to prevent replay attacks, so you can't cache a nonce and use it forever.

  • Using digest authentication with HTTPS adds an extra layer of security. The API request never sends the password to the Atlas.

  • Atlas roles limit which operations an API key can perform. The API resources enforce the same privileges. The resources and methods that an API key use the same roles as an Atlas user.

  • Atlas binds many resources to a project. Many API resource URLs follow the format of /api/atlas/<version>/groups/<GROUP-ID>/. For these resources, the API key must be a member of the organization that hosts the project. Otherwise, the Atlas responds with a 401 error.

← Admin API Overview

On this page