This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.
This version of the manual is no longer supported.

Create the First User

Create the first Ops Manager user. This endpoint is the only API call you can make without first having an API key.


The user created through this endpoint is automatically granted the GLOBAL_OWNER role. The returned document includes the new user’s Public API key and and other details, which you can use to make further API calls.

The endpoint does not create a project, but you can use the new user and API key to create a project through the Projects resource in the API. You cannot login to Ops Manager until after you have created a project.

You can use this endpoint to create additional users. Users created after the first are not granted the GLOBAL_OWNER role automatically.

Base URL: https://{OPSMANAGER-HOST}:{PORT}/api/public/v1.0


POST /unauth/users

Request Path Parameters

This endpoint does not use HTTP request path parameters.

Request Query Parameters

Name Type Description
whitelist string

The IP address that you want to add to the new user’s whitelist.


You can add more than one whitelist parameter and value.

Request Body Parameters

Name Type Description
username string

Username of the Ops Manager user. Validated depending on the value of the property:

Value Description
false (Default) Username is not required to be an email address.
loose Username must contain an @ symbol followed by a period.
strict Username must adhere to a strict email address validation regular expression.

See for details.


The username is usually an email address. If you set this value to an email address, you do not need to set the emailAddress value explicitly.

password string Password of the new Ops Manager user. This field is not included in the HTTP response body. It can only be sent in the HTTP request when creating a new user.
emailAddress string (Optional.) Email address of the new Ops Manager user.
firstName string First name of the new Ops Manager user.
lastName string Last name of the new Ops Manager user.


Name Type Description
user object Details of the Ops Manager user.
user.emailAddress string Email address of the Ops Manager user.
user.firstName string First name of the Ops Manager user. string Unique identifier of the Ops Manager user.
user.lastName string Last name of the Ops Manager user.
user.links object array Links to related sub-resources. All links arrays in responses include at least one link called self. The relationships between URLs are explained in the Web Linking Specification.
user.mobileNumber string Mobile number of the Ops Manager user.
user.roles object array Role assignments.
user.roles.groupId string

Unique identifier for the project in which the user has the specified role.

For the “global” roles (those whose name starts with GLOBAL_) there is no groupId since these roles are not tied to a project.

user.roles.orgId string Unique identifier for the organization in which the user has the specified role.
user.roles.roleName string

Name of the role. Values are:

Value Description
ORG_MEMBER Organization Member
ORG_READ_ONLY Organization Read Only
ORG_GROUP_CREATOR Organization Project Creator
ORG_OWNER Organization Owner
GROUP_AUTOMATION_ADMIN Project Automation Admin
GROUP_BACKUP_ADMIN Project Backup Admin
GROUP_MONITORING_ADMIN Project Monitoring Admin
GROUP_OWNER Project Owner
GROUP_READ_ONLY Project Read Only
GROUP_USER_ADMIN Project User Admin
GROUP_DATA_ACCESS_ADMIN Project Data Access Admin
GROUP_DATA_ACCESS_READ_ONLY Project Data Access Read Only
GROUP_DATA_ACCESS_READ_WRITE Project Data Access Read/Write
user.username string Username of the Ops Manager user.

Example Request

curl --digest \
  --header "Accept: application/json" \
  --header "Content-Type: application/json" \
  --include \
  --request POST "https://{OPSMANAGER-HOST}:{PORT}/api/public/v1.0/unauth/users?pretty=true&whitelist=" \
  --data '
      "username": "",
      "password": "Passw0rd.",
      "firstName": "Jane",
      "lastName": "Doe"

Example Response

Response Header

HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=ISO-8859-1
Date: {dateInUnixFormat}
WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false
Content-Length: {requestLengthInBytes}
Connection: keep-alive
HTTP/1.1 201 Created
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}

Response Body

  "apiKey": "1234abcd-ab12-cd34-ef56-1234abcd1234",
  "user": {
    "emailAddress": "",
    "firstName": "Jane",
    "id": "{USER-ID}",
    "lastName": "Doe",
    "links": [
       "href" : "{USER-ID}",
       "rel" : "self"
    "roles": [
        "roleName": "GLOBAL_OWNER"
    "username": ""