Return One MongoDB Cloud User in One Organization

GET /api/atlas/v2/orgs/{orgId}/users/{userId}

Returns information about the specified MongoDB Cloud user within the context of the specified organization.

Note: This resource can only be used to fetch information about MongoDB Cloud human users. To return information about an API Key, use the Return One Organization API Key endpoint.

Note: This resource does not return information about pending users invited via the deprecated Invite One MongoDB Cloud User to Join One Project endpoint.

Role requirements

Organization Member

Path parameters

orgId string Required

Unique 24-hexadecimal digit string that identifies the organization that contains your projects. Use the /orgs endpoint to retrieve all organizations to which the authenticated user has access.

Format should match the following pattern: ^([a-f0-9]{24})$.
userId string Required

Unique 24-hexadecimal digit string that identifies the pending or active user in the organization. If you need to lookup a user's userId or verify a user's status in the organization, use the Return All MongoDB Cloud Users in One Organization resource and filter by username.

Format should match the following pattern: ^([a-f0-9]{24})$.

Query parameters

envelope boolean

Flag that indicates whether Application wraps the response in an envelope JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.

Default value is false.
pretty boolean

Flag that indicates whether the response body should be in the prettyprint format.

Default value is false.

Prettyprint
orgMembershipStatuses array[string]

Organization membership status to filter users by. You can supply this parameter multiple times. Allowed values: ACTIVE, PENDING, INVITATION_EXPIRED, INVITATION_REJECTED. If you exclude this parameter, this resource returns ACTIVE and PENDING users. Not supported in deprecated versions.

Not more than 4 elements. Values are PENDING, ACTIVE, INVITATION_EXPIRED, or INVITATION_REJECTED.

Responses

200 application/vnd.atlas.2025-02-19+json

OK
Hide headers attributes Show headers attributes
- RateLimit-Limit
  
  The maximum number of requests that a user can make within a specific time window.
- RateLimit-Remaining
  
  The number of requests remaining in the current rate limit window before the limit is reached.
One of:
PENDING object ACTIVE object
Hide attributes Show attributes

id string Required

Unique 24-hexadecimal digit string that identifies the MongoDB Cloud user.

Format should match the following pattern: ^([a-f0-9]{24})$.

orgMembershipStatus string Required Discriminator

String enum that indicates the user's organization membership status: ACTIVE (member), PENDING (invited), INVITATION_EXPIRED (invitation expired), or INVITATION_REJECTED (invitation declined).

Value is PENDING.

roles object Required

Organization- and project-level roles assigned to one MongoDB Cloud user within one organization.

Hide roles attributes Show roles attributes object

groupRoleAssignments array[object]

List of project-level role assignments assigned to the MongoDB Cloud user.

Hide groupRoleAssignments attributes Show groupRoleAssignments attributes object

groupId string

Unique 24-hexadecimal digit string that identifies the project to which these roles belong.

Format should match the following pattern: ^([a-f0-9]{24})$.

groupRoles array[string]

One or more project-level roles assigned to the MongoDB Cloud user.

orgRoles array[string]

One or more organization-level roles assigned to the MongoDB Cloud user.

Values are ORG_OWNER, ORG_GROUP_CREATOR, ORG_BILLING_ADMIN, ORG_BILLING_READ_ONLY, ORG_STREAM_PROCESSING_ADMIN, ORG_READ_ONLY, or ORG_MEMBER.

teamIds array[string]

List of unique 24-hexadecimal digit strings that identifies the teams to which this MongoDB Cloud user belongs.

Format of each should match the following pattern: ^([a-f0-9]{24})$.

username string(email) Required

Email address that represents the username of the MongoDB Cloud user.

invitationCreatedAt string(date-time) Required

Date and time when MongoDB Cloud sent the invitation. MongoDB Cloud represents this timestamp in ISO 8601 format in UTC. This field is absent for active users.

invitationExpiresAt string(date-time) | null

Date and time when the invitation from MongoDB Cloud expires. MongoDB Cloud represents this timestamp in ISO 8601 format in UTC. This field is absent for active users and null for rejected invitations.

inviterUsername string(email) Required

Username of the MongoDB Cloud user who sent the invitation to join the organization.
Hide attributes Show attributes

id string Required

Unique 24-hexadecimal digit string that identifies the MongoDB Cloud user.

Format should match the following pattern: ^([a-f0-9]{24})$.

orgMembershipStatus string Required Discriminator

String enum that indicates the user's organization membership status: ACTIVE (member), PENDING (invited), INVITATION_EXPIRED (invitation expired), or INVITATION_REJECTED (invitation declined).

Value is ACTIVE.

roles object Required

Organization- and project-level roles assigned to one MongoDB Cloud user within one organization.

Hide roles attributes Show roles attributes object

groupRoleAssignments array[object]

List of project-level role assignments assigned to the MongoDB Cloud user.

Hide groupRoleAssignments attributes Show groupRoleAssignments attributes object

groupId string

Unique 24-hexadecimal digit string that identifies the project to which these roles belong.

Format should match the following pattern: ^([a-f0-9]{24})$.

groupRoles array[string]

One or more project-level roles assigned to the MongoDB Cloud user.

orgRoles array[string]

One or more organization-level roles assigned to the MongoDB Cloud user.

Values are ORG_OWNER, ORG_GROUP_CREATOR, ORG_BILLING_ADMIN, ORG_BILLING_READ_ONLY, ORG_STREAM_PROCESSING_ADMIN, ORG_READ_ONLY, or ORG_MEMBER.

teamIds array[string]

List of unique 24-hexadecimal digit strings that identifies the teams to which this MongoDB Cloud user belongs.

Format of each should match the following pattern: ^([a-f0-9]{24})$.

username string(email) Required

Email address that represents the username of the MongoDB Cloud user.

country string

Two-character alphabetical string that identifies the MongoDB Cloud user's geographic location. This parameter uses the ISO 3166-1a2 code format.

Format should match the following pattern: ^([A-Z]{2})$.

createdAt string(date-time) Required

Date and time when MongoDB Cloud created the current account. This value is in the ISO 8601 timestamp format in UTC.

firstName string Required

First or given name that belongs to the MongoDB Cloud user.

lastAuth string(date-time)

Date and time when the current account last authenticated. This value is in the ISO 8601 timestamp format in UTC.

lastName string Required

Last name, family name, or surname that belongs to the MongoDB Cloud user.

mobileNumber string

Mobile phone number that belongs to the MongoDB Cloud user.

Format should match the following pattern: (?:(?:\\+?1\\s*(?:[.-]\\s*)?)?(?:(\\s*([2-9]1[02-9]|[2-9][02-8]1|[2-9][02-8][02-9])\\s*)|([2-9]1[02-9]|[2-9][02-8]1|[2-9][02-8][02-9]))\\s*(?:[.-]\\s*)?)([2-9]1[02-9]|[2-9][02-9]1|[2-9][02-9]{2})\\s*(?:[.-]\\s*)?([0-9]{4})$.
400 application/json

Bad Request.
Hide response attributes Show response attributes object
- badRequestDetail object
  
  Bad request detail.
  
  Hide badRequestDetail attribute Show badRequestDetail attribute object
  
  fields array[object]
  
  Describes all violations in a client request.
  
  Hide fields attributes Show fields attributes object
  
  description string Required
  
  A description of why the request element is bad.
  
  field string Required
  
  A path that leads to a field in the request body.
- detail string
  
  Describes the specific conditions or reasons that cause each type of error.
- error integer(int32) Required
  
  HTTP status code returned with this error.
  
  External documentation
- errorCode string Required
  
  Application error code returned with this error.
- parameters array[object]
  
  Parameters used to give more information about the error.
- reason string
  
  Application error message returned with this error.
401 application/json

Unauthorized.
Hide response attributes Show response attributes object
- badRequestDetail object
  
  Bad request detail.
  
  Hide badRequestDetail attribute Show badRequestDetail attribute object
  
  fields array[object]
  
  Describes all violations in a client request.
  
  Hide fields attributes Show fields attributes object
  
  description string Required
  
  A description of why the request element is bad.
  
  field string Required
  
  A path that leads to a field in the request body.
- detail string
  
  Describes the specific conditions or reasons that cause each type of error.
- error integer(int32) Required
  
  HTTP status code returned with this error.
  
  External documentation
- errorCode string Required
  
  Application error code returned with this error.
- parameters array[object]
  
  Parameters used to give more information about the error.
- reason string
  
  Application error message returned with this error.
403 application/json

Forbidden.
Hide response attributes Show response attributes object
- badRequestDetail object
  
  Bad request detail.
  
  Hide badRequestDetail attribute Show badRequestDetail attribute object
  
  fields array[object]
  
  Describes all violations in a client request.
  
  Hide fields attributes Show fields attributes object
  
  description string Required
  
  A description of why the request element is bad.
  
  field string Required
  
  A path that leads to a field in the request body.
- detail string
  
  Describes the specific conditions or reasons that cause each type of error.
- error integer(int32) Required
  
  HTTP status code returned with this error.
  
  External documentation
- errorCode string Required
  
  Application error code returned with this error.
- parameters array[object]
  
  Parameters used to give more information about the error.
- reason string
  
  Application error message returned with this error.
404 application/json

Not Found.
Hide response attributes Show response attributes object
- badRequestDetail object
  
  Bad request detail.
  
  Hide badRequestDetail attribute Show badRequestDetail attribute object
  
  fields array[object]
  
  Describes all violations in a client request.
  
  Hide fields attributes Show fields attributes object
  
  description string Required
  
  A description of why the request element is bad.
  
  field string Required
  
  A path that leads to a field in the request body.
- detail string
  
  Describes the specific conditions or reasons that cause each type of error.
- error integer(int32) Required
  
  HTTP status code returned with this error.
  
  External documentation
- errorCode string Required
  
  Application error code returned with this error.
- parameters array[object]
  
  Parameters used to give more information about the error.
- reason string
  
  Application error message returned with this error.
429 application/json

Too Many Requests.
Hide headers attributes Show headers attributes
- RateLimit-Limit
  
  The maximum number of requests that a user can make within a specific time window.
- RateLimit-Remaining
  
  The number of requests remaining in the current rate limit window before the limit is reached.
- Retry-After
  
  The minimum time you should wait, in seconds, before retrying the API request. This header might be returned for 429 or 503 error responses.
Hide response attributes Show response attributes object
- badRequestDetail object
  
  Bad request detail.
  
  Hide badRequestDetail attribute Show badRequestDetail attribute object
  
  fields array[object]
  
  Describes all violations in a client request.
  
  Hide fields attributes Show fields attributes object
  
  description string Required
  
  A description of why the request element is bad.
  
  field string Required
  
  A path that leads to a field in the request body.
- detail string
  
  Describes the specific conditions or reasons that cause each type of error.
- error integer(int32) Required
  
  HTTP status code returned with this error.
  
  External documentation
- errorCode string Required
  
  Application error code returned with this error.
- parameters array[object]
  
  Parameters used to give more information about the error.
- reason string
  
  Application error message returned with this error.
500 application/json

Internal Server Error.
Hide response attributes Show response attributes object
- badRequestDetail object
  
  Bad request detail.
  
  Hide badRequestDetail attribute Show badRequestDetail attribute object
  
  fields array[object]
  
  Describes all violations in a client request.
  
  Hide fields attributes Show fields attributes object
  
  description string Required
  
  A description of why the request element is bad.
  
  field string Required
  
  A path that leads to a field in the request body.
- detail string
  
  Describes the specific conditions or reasons that cause each type of error.
- error integer(int32) Required
  
  HTTP status code returned with this error.
  
  External documentation
- errorCode string Required
  
  Application error code returned with this error.
- parameters array[object]
  
  Parameters used to give more information about the error.
- reason string
  
  Application error message returned with this error.

GET /api/atlas/v2/orgs/{orgId}/users/{userId}

atlas api mongoDbCloudUsers getOrgUser --help

import (
	"os"
	"context"
	"log"
	sdk "go.mongodb.org/atlas-sdk/v20250312001/admin"
)

func main() {
	ctx := context.Background()
	clientID := os.Getenv("MONGODB_ATLAS_CLIENT_ID")
	clientSecret := os.Getenv("MONGODB_ATLAS_CLIENT_SECRET")

	// See https://dochub.mongodb.org/core/atlas-go-sdk-oauth
	client, err := sdk.NewClient(sdk.UseOAuthAuth(clientID, clientSecret))

	if err != nil {
		log.Fatalf("Error: %v", err)
	}

	params = &sdk.GetOrgUserApiParams{}
	sdkResp, httpResp, err := client.MongoDBCloudUsersApi.
		GetOrgUserWithParams(ctx, params).
		Execute()
}

curl --include --header "Authorization: Bearer ${ACCESS_TOKEN}" \
  --header "Accept: application/vnd.atlas.2025-03-12+json" \
  -X GET "https://cloud.mongodb.com/api/atlas/v2/orgs/{orgId}/users/{userId}?pretty=true"

curl --user "${PUBLIC_KEY}:${PRIVATE_KEY}" \
  --digest --include \
  --header "Accept: application/vnd.atlas.2025-03-12+json" \
  -X GET "https://cloud.mongodb.com/api/atlas/v2/orgs/{orgId}/users/{userId}?pretty=true"

Response examples (200)

# Headers

# Payload
{
  "id": "32b6e34b3d91647abb20e7b8",
  "orgMembershipStatus": "PENDING",
  "roles": {
    "groupRoleAssignments": [
      {
        "groupId": "32b6e34b3d91647abb20e7b8",
        "groupRoles": [
          "string"
        ]
      }
    ],
    "orgRoles": [
      "ORG_OWNER"
    ]
  },
  "teamIds": [
    "32b6e34b3d91647abb20e7b8"
  ],
  "username": "hello@example.com",
  "invitationCreatedAt": "2026-05-04T09:42:00Z",
  "invitationExpiresAt": "2026-05-04T09:42:00Z",
  "inviterUsername": "hello@example.com"
}

# Headers

# Payload
{
  "id": "32b6e34b3d91647abb20e7b8",
  "orgMembershipStatus": "ACTIVE",
  "roles": {
    "groupRoleAssignments": [
      {
        "groupId": "32b6e34b3d91647abb20e7b8",
        "groupRoles": [
          "string"
        ]
      }
    ],
    "orgRoles": [
      "ORG_OWNER"
    ]
  },
  "teamIds": [
    "32b6e34b3d91647abb20e7b8"
  ],
  "username": "hello@example.com",
  "country": "US",
  "createdAt": "2026-05-04T09:42:00Z",
  "firstName": "John",
  "lastAuth": "2026-05-04T09:42:00Z",
  "lastName": "Doe",
  "mobileNumber": "string"
}

Response examples (400)

{
  "detail": "(This is just an example, the exception may not be related to this endpoint) No provider AWS exists.",
  "error": 400,
  "errorCode": "VALIDATION_ERROR",
  "reason": "Bad Request"
}

Response examples (401)

{
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "error": 401,
  "errorCode": "NOT_ORG_GROUP_CREATOR",
  "reason": "Unauthorized"
}

Response examples (403)

{
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "error": 403,
  "errorCode": "CANNOT_CHANGE_GROUP_NAME",
  "reason": "Forbidden"
}

Response examples (404)

{
  "detail": "(This is just an example, the exception may not be related to this endpoint) Cannot find resource AWS",
  "error": 404,
  "errorCode": "RESOURCE_NOT_FOUND",
  "reason": "Not Found"
}

Response examples (429)

{
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "error": 429,
  "errorCode": "RATE_LIMITED",
  "reason": "Too Many Requests"
}

Response examples (500)

{
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "error": 500,
  "errorCode": "UNEXPECTED_ERROR",
  "reason": "Internal Server Error"
}