Docs Menu

Get Started with the Atlas Administration API

On this page

Important

Each Atlas Administration API has its own resources and requires initial setup. The Atlas Administration API and the App Services Admin API also use different access keys from the Data API.

You can access the Atlas Administration API servers through the public internet only. The Atlas Administration API is not available over connections that use network peering or private endpoints.

To learn more, see APIs.

To access the Atlas Administration API, Create an API Key in an Organization.

All API keys belong to the organization. You can give an API key access to a project. To add the new API key to a project, Invite an Organization API Key to a Project.

To learn more about managing API keys for your organization or project, see Grant Programmatic Access to Atlas.

Atlas allows your API key to make requests from any address on the internet. Atlas has some exceptions to this rule. These exceptions limit which resources an API key can use without location-based limits defined in an API access list.

To add these location-based limits to your API key, create an API access list. This list limits the internet addresses from which a specific API key can make API requests.

Any API keys with an API access list require all API requests to come from an IP address on that list. Your API access list must include entries for all clients that use the API.

The following API resources require an API access list:

Create or remove access list entries for an organization API key.

Take or remove one cloud backup snapshot.

You can require all API requests from an API key to come from an entry on its API access list. If you require API access lists, API keys can't make any API requests until you define at least one API access list entry.

To set your organization to require API access lists for every API key:

1
2
  1. If it is not already displayed, select your desired organization from the Organizations menu in the navigation bar.
  2. Click the Organization Settings icon next to the Organizations menu.
3

To grant programmatic access to an organization or project using only the API, create an API key.

  • API keys have two parts: a Public Key and a Private Key. These two parts serve the same function as a username and a personal API key when you make API requests to Atlas.
  • You can't use an API key to log into Atlas through the user interface.
  • You must grant roles to API keys as you would for users to ensure the API keys can call API endpoints without errors.
  • Each API key belongs to only one organization, but you can grant an API key access to any number of projects in that organization.
Note
Required Permissions

To perform any of the following actions, you must have the Organization Owner role.

1
  1. If it is not already displayed, select your desired organization from the Organizations menu in the navigation bar.
  2. Click Access Manager in the sidebar, or click Access Manager in the navigation bar, then click your organization.
2
3
  1. Enter a Description.
  2. In the Organization Permissions menu, select the new role or roles for the API key.
4
5

The public key acts as the username when making API requests.

6

The private key acts as the password when making API requests.

Warning
Copy and save Public and Private Keys

The Private Key is only shown once: on this page. Click the Copy button to add the Private Key to the clipboard. Save and secure both the Public and Private Keys.

7
  1. Click Add Access list Entry.
  2. Enter an IP address from which you want Atlas to accept API requests for this API Key.

    You can also click Use Current IP Address if the host you are using to access Atlas also will make API requests using this API Key.

  3. Click Save.
8
1
  1. If it is not already displayed, select your desired organization from the Organizations menu in the navigation bar.
  2. Click Access Manager in the sidebar, or click Access Manager in the navigation bar, then click your organization.
2
3
  1. Click to the right of the API Key.
  2. Click View Details.

The <Public Key> API Key Details modal displays:

  • The obfuscated Private Key
  • The date the Key was last used
  • The date the Key was created
  • The IP addresses from which the Key can access the API
  • The projects to which the Key has been granted access

You can change the roles, description, or access list of an API Key in an Organization.

1
  1. If it is not already displayed, select your desired organization from the Organizations menu in the navigation bar.
  2. Click Access Manager in the sidebar, or click Access Manager in the navigation bar, then click your organization.
2
3
4

On the Add API Key page:

  1. Modify the Description.
  2. In the Organization Permissions menu, select the new role or roles for the API key.
5
6
  1. To add an IP address or CIDR block from which you want Atlas to accept API requests for this API Key, click Add Access list Entry and type an IP address.

    You can also click Use Current IP Address if the host you are using to access Atlas also will make API requests using this API Key.

  2. To remove an IP address from the access list, click to the right of the IP address.
  3. Click Save.
7
1
  1. If it is not already displayed, select your desired organization from the Organizations menu in the navigation bar.
  2. Click Access Manager in the sidebar, or click Access Manager in the navigation bar, then click your organization.
2
3
4

Removing an API Key from an Organization also removes that key from any projects to which the key was granted access.

Note
Required Permissions

To perform any of the following actions, you must have the Project Owner role.

Note
Requires Access List

To make this API request:

  1. Configure an IP access list.
  2. Add the IP addresses or CIDR blocks of your client applications to the access list using the console or API. If you host your application on AWS, you can use an AWS security group ID as well.

Changing an API key's access list might impact multiple organizations, projects, or both.

1
  1. If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.
  2. Select your desired project from the list of projects in the Projects page.
  3. Click the vertical ellipsis () next to your project name in the upper left corner and select Project Settings.
  4. Click Access Manager in the navigation bar, then click your project.
2
3
  1. Click Invite to Project.
  2. Type the public key into the field.
  3. In the Project Permissions menu, select the new role or roles for the API key.
4
1
  1. If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.
  2. Select your desired project from the list of projects in the Projects page.
  3. Click the vertical ellipsis () next to your project name in the upper left corner and select Project Settings.
  4. Click Access Manager in the navigation bar, then click your project.
2
3

On the Create API Key page:

  1. Enter a Description.
  2. In the Project Permissions menu, select the new role or roles for the API key.
4
5

The public key acts as the username when making API requests.

6

The private key acts as the password when making API requests.

Warning
Save Private Key

The Private Key is only shown once: on this page. Click the Copy button to add the Private Key to the clipboard. Save and secure both the Public and Private Keys.

7
  1. Click Add Access List Entry.
  2. Enter an IP address from which you want Atlas to accept API requests for this API Key.

    You can also click Use Current IP Address if the host you are using to access Atlas will also make API requests using this API Key.

  3. Click Save.
8
1
  1. If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.
  2. Select your desired project from the list of projects in the Projects page.
  3. Click the vertical ellipsis () next to your project name in the upper left corner and select Project Settings.
  4. Click Access Manager in the navigation bar, then click your project.
2
3
  1. Click to the right of the API Key.
  2. Click View Details.

The <Public Key> API Key Details modal displays the following information:

  • The obfuscated Private Key
  • The date the key was last used
  • The date the key was created
  • The IP address or addresses from which the API key can access the API
1
  1. If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.
  2. Select your desired project from the list of projects in the Projects page.
  3. Click the vertical ellipsis () next to your project name in the upper left corner and select Project Settings.
  4. Click Access Manager in the navigation bar, then click your project.
2
3
  1. Click to the right of the API Key.
  2. Click Edit Permissions.
4
5
1
  1. If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.
  2. Select your desired project from the list of projects in the Projects page.
  3. Click the vertical ellipsis () next to your project name in the upper left corner and select Project Settings.
  4. Click Access Manager in the navigation bar, then click your project.
2
3
  1. Click to the right of the API Key.
  2. Click Edit Permissions.
Note

Selecting Edit Permissions takes you to the organization level of the Atlas console.

4

You cannot modify an existing API Key access list entry. You must delete and re-create it.

  1. Click to the right of the IP address to remove it.
  2. Add the new IP address from which you want Atlas to accept API requests for this API Key. Use one of the two options:

    • Click Add access list Entry and type an IP address, or
    • Click Use Current IP Address if the host you are using to access Atlas will also make API requests using this API Key.
  3. Click Save.
5
1
  1. If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.
  2. Select your desired project from the list of projects in the Projects page.
  3. Click the vertical ellipsis () next to your project name in the upper left corner and select Project Settings.
  4. Click Access Manager in the navigation bar, then click your project.
2
3
4
←  Invitations to Organizations and ProjectsView Activity Feed →
Give Feedback
© 2022 MongoDB, Inc.

About

  • Careers
  • Investor Relations
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2022 MongoDB, Inc.