This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.

Manage Personal API Keys (Deprecated)


Personal API keys are deprecated, use Programmatic API Keys instead.

Each user can have up to 10 API keys associated with their account. Each key can be either enabled or disabled but all count toward the 10 key limit.

An API key is like a password. Keep it secret.

Access Control

Your Ops Manager roles determine which API resources you can use. Your Ops Manager roles apply to both the interface and the API.

Limit API Operations to Whitelisted IPv4 Addresses

To access whitelisted API operations, you must configure your API whitelist with the IPv4 addresses from which you will issue the whitelisted commands. You also must have the Organization Owner role to issue whitelisted commands.

Address-based whitelists protect API operations. Only client requests that originate from a whitelisted IPv4 address are permitted to perform the operations.

Users have their own whitelists and own API keys. When you issue an API call, you must use an API key from your user account and must issue the command from an address on your user account’s whitelist. You cannot use your key to issue a whitelisted API request from an address on another user’s whitelist, unless, of course, you’ve added that address to your own whitelist.

Add an IPv4 Address to the API Whitelist


Click on your user name in the upper-right hand corner and select Account. Click Public API Access.


In the Whitelist, click Add and enter an address.

Enter an IP address or CIDR range. To add multiple entries in the whitelist, repeat this step.

You can enter any of the following:

Entry Grants
An IP address Access to whitelisted operations from that address.
A CIDR-notated range of IP addresses Access to whitelisted operations from those addresses.

If you leave the whitelist empty, you have no access to whitelisted operations.

Delete an IPv4 Address from the API Whitelist


Go to your Public API Access view.

Click on your user name in the upper-right hand corner and select Account. Then click Public API Access.


In the Whitelist, select the gear icon for the address and select Delete.