The MongoDB Atlas for Government API functions in the same way as the Atlas API, except that it uses the following base URL:
https://cloud.mongodbgov.com/api/atlas/v2
To use the MongoDB Atlas for Government API to manage your clusters, you must authenticate your API requests. The MongoDB Atlas for Government API accepts the following authentication methods:
Service account access tokens (OAuth 2.0)
API keys (HTTP Digest Authentication)
Example Usage
This curl example retrieves database users for a project. Select the appropriate
tab for your preferred method of authentication:
To make an API request using a service account, use the service account to generate an access token, then use the access token in your request:
Retrieve the client secret for your service account.
Locate the client secret beginning with mdb_sa_sk_ that you saved
immediately after creating the service account.
If you didn't save the client secret, you must generate a new client secret.
Request an access token.
Important
The access token is valid for 1 hour (3600 seconds). You can't refresh an access token. When this access token expires, repeat this step to generate a new one.
Replace {BASE64-AUTH} in the following example with the output from the
preceding step, then run:
1 curl --request POST \ 2 --url https://cloud.mongodbgov.com/api/oauth/token \ 3 --header 'accept: application/json' \ 4 --header 'cache-control: no-cache' \ 5 --header 'authorization: Basic {BASE64-AUTH}' \ 6 --header 'content-type: application/x-www-form-urlencoded' \ 7 --data 'grant_type=client_credentials'
{"access_token":"eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImYyZjE2YmE4LTkwYjUtNDRlZS1iMWYwLTRkNWE2OTllYzVhNyJ9.eyJpc3MiOiJodHRwczovL2Nsb3VkLWRldi5tb25nb2RiLmNvbSIsImF1ZCI6ImFwaTovL2FkbWluIiwic3ViIjoibWRiX3NhX2lkXzY2MjgxYmM2MDNhNzFhNDMwYjkwNmVmNyIsImNpZCI6Im1kYl9zYV9pZF82NjI4MWJjNjAzYTcxYTQzMGI5MDZlZjciLCJhY3RvcklkIjoibWRiX3NhX2lkXzY2MjgxYmM2MDNhNzFhNDMwYjkwNmVmNyIsImlhdCI6MTcxMzkwNTM1OSwiZXhwIjoxNzEzOTA4OTU5LCJqdGkiOiI4ZTg1MTM3YS0wZGU1LTQ0N2YtYTA0OS1hMmVmNTIwZGJhNTIifQ.AZSFvhcjwVcJYmvW6E_K5UnDmeiX2sJgL27vo5ElzeBuPawRciKkn6ervZ6IpUTx2HHllGgAAMmhaP9B66NywhfjAXC697X9KcOzm81DTtvDjLrFeRSc_3vFmeGvfUKKXljEdWBnbmwCwtBlO5SJuBxb1V5swAl-Sbq9Ymo4NbyepSnF","expires_in":3600,"token_type":"Bearer"}%
Make an API call.
Replace {ACCESS-TOKEN} in the following example with the output from the
preceding step.
The following sample GET request returns all projects
in your organization:
curl --request GET \ --url https://cloudgov.mongodb.com/api/atlas/v2/groups \ --header 'Authorization: Bearer {ACCESS-TOKEN}' \ --header 'Accept: application/vnd.atlas.2023-02-01+json' \ --header 'Content-Type: application/json'
The following sample POST request takes a request body and
creates a project named
MyProject in your organization:
curl --header 'Authorization: Bearer {ACCESS-TOKEN}' \ --header "Content-Type: application/json" \ --header "Accept: application/vnd.atlas.2023-02-01+json" \ --include \ --request POST "https://cloudgov.mongodb.com/api/atlas/v2/groups" \ --data ' { "name": "MyProject", "orgId": "5a0a1e7e0f2912c554080adc" }'
To make an API request using API keys, replace {PUBLIC-KEY}:{PRIVATE-KEY}
with your API keys and run:
curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \ --header "Accept: application/json" \ --header "Content-Type: application/json" \ --header "Accept: application/vnd.atlas.2025-03-12+json" \ # update date to desired API version --include \ --request GET "https://cloud.mongodbgov.com/api/atlas/v2/groups/{PROJECT-ID}/databaseUsers?pretty=true"
You can find your
PROJECT-IDin your Project Settings.You can generate an API key pair in your organization's Access Manager, under the API Keys tab.
See the Atlas Documentation
To learn more about using the API, see the Atlas API.
To learn more about authenticating to the API with service accounts or API keys, see Atlas Administration API Authentication Methods.
To configure the API, see Configure Atlas API Access.
For a list of possible errors, see Atlas API Error Codes.
Creating a Project
You must designate projects for either standard or government
(gov) region usage upon creation. You cannot deploy clusters
across government and standard regions in the same project.
By default, the AtlasGov API designates new projects for standard region usage.
To use the API to create a project for government regions, include
the following in your POST request data:
"regionUsageRestrictions" : "GOV_REGIONS_ONLY"
Tip
Atlas documentation
For detailed information on creating a project with the API, including an example request, see Create One Project.
Atlas for Government Considerations
The following cloud providers, MongoDB products, and features are unavailable for all API resources:
Azure
Atlas Online Archives
Atlas Triggers
MongoDB Charts
Atlas Device SDKs
Free, Flex, and
M10clusters
Many of the commercial Atlas API resources are limited or unavailable:
Database Users
Database users who authenticate with
SCRAM must use SCRAM-SHA-256.
Clusters
AtlasGov clusters must be tier M20 or higher.
Atlas doesn't support Free and Flex clusters.
Alerts
Alerts related to payment methods are unavailable.
Alerts can come from several different email addresses. For more information, see Alerts and Communications.
Third-Party Integration Settings
You must have the Project Owner role to
configure a third-party monitoring integration.
Datadog
When integrated with Datadog, AtlasGov uses the Datadog for Government site (US1-FED).
To learn more about US1-FED, see the Datadog documentation.
Cloud Backups
Restores between standard projects and Gov region-only projects are not allowed. If a backup is created from a cluster in a Gov region-only (AWS GovCloud or GCP Assured Workloads) project, the data can only be restored to a cluster in a Gov region-only project. The same restriction applies to standard projects, where backups in standard regions can only be restored to clusters in standard projects.
Cross-cloud restore is supported between AWS GovCloud and GCP Assured Workloads regions.
Flex Cluster Snapshots and Restore Jobs
Flex clusters are unavailable in AtlasGov.
Online Archive
Online Archives are unavailable in AtlasGov.
Network Peering
You can only peer AWS GovCloud regions with MongoDB clusters in AWS GovCloud regions. You can only peer AWS Commercial regions with MongoDB clusters in AWS Commercial regions.
You can only peer GCP Assured Workloads regions with MongoDB clusters in GCP Assured Workloads regions.
Private Endpoints
You can only link AWS GovCloud regions with MongoDB clusters in AWS GovCloud regions. You can only link AWS Commercial regions with MongoDB clusters in AWS Commercial regions.
You can only link GCP Assured Workloads regions with MongoDB clusters in GCP Assured Workloads regions.
Monitoring and Logs
In addition to the standard Atlas logging, AtlasGov logs the username and IP address associated with all failed login attempts, temporary lockouts and failed API digest authentications.
Encryption at Rest using Customer Key Management
You must use KMS keys in AWS GovCloud and GCP Assured Workloads regions to encrypt data in AWS GovCloud and GCP Assured Workloads region-only projects. You must use KMS keys in AWS Commercial regions to encrypt data in AWS Commercial region-only projects.
Atlas Users
You cannot create MongoDB Atlas for Government users. MongoDB Atlas for Government is available by invitation only.
Atlas Stream Processing
Atlas Stream Processing is unavailable in AtlasGov.
Triggers
Triggers are unavailable in AtlasGov.