Assign One Organization API Key to One Project
Assigns the specified organization API key to the specified project. Users with the Project Owner role in the project associated with the API key can then use the organization API key to access the resources. To use this resource, the requesting Service Account or API Key must have the Project Owner role.
Path parameters
-
Unique 24-hexadecimal digit string that identifies your project. Use the /groups endpoint to retrieve all projects to which the authenticated user has access.
NOTE: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.
Format should match the following pattern:
^([a-f0-9]{24})$. -
Unique 24-hexadecimal digit string that identifies this organization API key that you want to assign to one project.
Format should match the following pattern:
^([a-f0-9]{24})$.
Query parameters
-
Flag that indicates whether Application wraps the response in an
envelopeJSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.Default value is
false. -
Flag that indicates whether the response body should be in the prettyprint format.
Default value is
false.Prettyprint
Body
Required
Organization API key to be assigned to the specified project.
-
List of roles to grant this API key. If you provide this list, provide a minimum of one role and ensure each role applies to this project.
Values are
GROUP_BACKUP_MANAGER,GROUP_CLUSTER_MANAGER,GROUP_DATA_ACCESS_ADMIN,GROUP_DATA_ACCESS_READ_ONLY,GROUP_DATA_ACCESS_READ_WRITE,GROUP_DATABASE_ACCESS_ADMIN,GROUP_OBSERVABILITY_VIEWER,GROUP_OWNER,GROUP_READ_ONLY,GROUP_SEARCH_INDEX_EDITOR, orGROUP_STREAM_PROCESSING_OWNER.
atlas api addProjectApiKey --helpimport (
"os"
"context"
"log"
sdk "go.mongodb.org/atlas-sdk/v20250312001/admin"
)
func main() {
ctx := context.Background()
clientID := os.Getenv("MONGODB_ATLAS_CLIENT_ID")
clientSecret := os.Getenv("MONGODB_ATLAS_CLIENT_SECRET")
client, err := sdk.NewClient(
sdk.UseOAuthAuth(clientID, clientSecret),
sdk.UseBaseURL(url))
if err != nil {
log.Fatalf("Error: %v", err)
}
params = &sdk.AddProjectApiKeyApiParams{}
sdkResp, httpResp, err := client.ProgrammaticAPIKeysApi.
AddProjectApiKeyWithParams(ctx, params).
Execute()
}curl --header "Authorization: Bearer ${ACCESS_TOKEN}" \
--header "Accept: application/vnd.atlas.2025-03-12+json" \
--header "Content-Type: application/json" \
-X POST "https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/apiKeys/{apiUserId}" \
-d '{ <Payload> }'curl --user "${PUBLIC_KEY}:${PRIVATE_KEY}" \
--digest \
--header "Accept: application/vnd.atlas.2025-03-12+json" \
--header "Content-Type: application/json" \
-X POST "https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/apiKeys/{apiUserId}" \
-d '{ <Payload> }'[
{
"roles": [
"GROUP_BACKUP_MANAGER"
]
}
]{
"error": 401,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Unauthorized",
"errorCode": "NOT_ORG_GROUP_CREATOR"
}{
"error": 403,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Forbidden",
"errorCode": "CANNOT_CHANGE_GROUP_NAME"
}{
"error": 404,
"detail": "(This is just an example, the exception may not be related to this endpoint) Cannot find resource AWS",
"reason": "Not Found",
"errorCode": "RESOURCE_NOT_FOUND"
}{
"error": 500,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Internal Server Error",
"errorCode": "UNEXPECTED_ERROR"
}