Join us at MongoDB.local London on 7 May to unlock new possibilities for your data. Use WEB50 to save 50%.
Register now >
Docs Menu
Docs Home
/ /
Style Guidelines
Docs Home
/
MongoDB Meta Documentation
/
MongoDB Documentation Style Guide
/
Style Guidelines
Docs Home
/
MongoDB Meta Documentation
/
MongoDB Documentation Style Guide
/
Style Guidelines

API Placeholders

When users learn how to use our API, they might copy the code and try to use it as given.

  • In the API examples you provide, use variables for usernames, passwords, email addresses, API keys, and so on.

  • Format the placeholder variables as camelCase and enclose them in curly braces ({ }).

  • API requests: Enclose in a language-appropriate code-block directive. Use .. code-block:: console directive for curl examples.

  • API responses: Enclose in a .. code-block:: json directive.

  • Add the :linenos: option to the .. code-block:: directive if the example is longer than 10 lines.

  • Add the :copyable: false option the .. code-block:: json directive in the response. The user shouldn't try to copy the response.

Best Practices for Placeholders

Information
Use
Don't use

Username

yourUserName

robb4554

Password

yourPassword

J$12345*

Public API Key

{publicApiKey}

gzungyzc

Private API key

{privateApiKey}

ac930128-c6dd-ae41-fe44-d985d008e703

Project

{projectId}

0e18fec1d223b72f626d23f1

Organization

{orgId}

6c2c15110ceb948cf4b8f38c

Client ID

{clientId}

mdb_sa_id_6721e35b3456a47291f8e305

Client Secret

{clientSecret}

mdb_sa_sk_bef04cc04bc44fbcb2dbafa7

Base64-Encoded Auth

{base64Auth}

bWRiX3NhX2lkXzY3MjFlMzViMzQ1Nm...

Access Token

{accessToken}

eyJhbGciOiJSUzI1NiIsInR5cCI6Ik...

Best Practices for Simulated Placeholder Values

In example API operation requests and responses, in which we want users to see actual values from the system, use "real-looking" but imaginary values, use the following formats:

Parameter
Value Format
Value Template
Example

Public API Key

8 lowercase ASCII-alphabetic characters

XXXXXXXX

gzungyzc

Private API key

16 lowercase hexadecimal digits formatted as 4-2-2-6 (32 characters)

a1a1a1a1-a1a1-a1a1-a1a1-a1a1a1a1a1a1

ac930128-c6dd-ae41-fe44-d985d008e703

Project

12 lowercase hexadecimal digits (24 characters)

a1a1a1a1a1a1a1a1a1a1a1a1

0e18fec1d223b72f626d23f1

Organization

12 lowercase hexadecimal digits (24 characters)

a1a1a1a1a1a1a1a1a1a1a1a1

6c2c15110ceb948cf4b8f38c

Client ID

mdb_sa_id_ prefix followed by 12 lowercase hexadecimal digits (24 characters)

mdb_sa_id_a1a1a1a1a1a1a1a1a1a1a1a1

mdb_sa_id_6721e35b3456a47291f8e305

Client Secret

mdb_sa_sk_ prefix. API responses mask the full value.

mdb_sa_sk...XXXX

mdb_sa_sk...hcOL

Base64-Encoded Auth

Base64 encoding of clientId:clientSecret. Use a random base64 string.

XXXXXXXXXXXXXXXXXXXXXXXX

bWRiX3NhX2lkXzY3MjFlMzViMzQ1Nm

Access Token

Always use the {accessToken} placeholder. Never use a real or simulated JWT string.

{accessToken}

{accessToken}

Tip

Use a random number generator to create the placeholders. One example would be the Generate Random Hex tool.

Warning

Never include or show actual writer or user account credentials in code examples or screenshots. Access tokens must never appear as real JWT strings in code examples. Real JWT strings trigger GitHub secret scanning alerts. Always use the {accessToken} placeholder.

Back

Parameters

Next

Placeholder or Variable Text

On this page