Assign One Service Account to One Project
Assigns the specified Service Account to the specified Project.
Path parameters
-
The Client ID of the Service Account.
Format should match the following pattern:
^mdb_sa_id_[a-fA-F\d]{24}$. -
Unique 24-hexadecimal digit string that identifies your project. Use the /groups endpoint to retrieve all projects to which the authenticated user has access.
NOTE: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.
Format should match the following pattern:
^([a-f0-9]{24})$.
Query parameters
-
Flag that indicates whether Application wraps the response in an
envelopeJSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.Default value is
false. -
Flag that indicates whether the response body should be in the prettyprint format.
Default value is
false.Prettyprint
Body
Required
The Project permissions for the Service Account in the specified Project.
-
The Project permissions for the Service Account in the specified Project.
Values are
GROUP_OWNER,GROUP_READ_ONLY,GROUP_DATA_ACCESS_ADMIN,GROUP_DATA_ACCESS_READ_ONLY,GROUP_DATA_ACCESS_READ_WRITE,GROUP_CLUSTER_MANAGER,GROUP_SEARCH_INDEX_EDITOR,GROUP_STREAM_PROCESSING_OWNER,GROUP_BACKUP_MANAGER,GROUP_OBSERVABILITY_VIEWER, orGROUP_DATABASE_ACCESS_ADMIN.
atlas api addProjectServiceAccount --helpimport (
"os"
"context"
"log"
sdk "go.mongodb.org/atlas-sdk/v20250312001/admin"
)
func main() {
ctx := context.Background()
clientID := os.Getenv("MONGODB_ATLAS_CLIENT_ID")
clientSecret := os.Getenv("MONGODB_ATLAS_CLIENT_SECRET")
client, err := sdk.NewClient(
sdk.UseOAuthAuth(clientID, clientSecret),
sdk.UseBaseURL(url))
if err != nil {
log.Fatalf("Error: %v", err)
}
params = &sdk.AddProjectServiceAccountApiParams{}
sdkResp, httpResp, err := client.ServiceAccountsApi.
AddProjectServiceAccountWithParams(ctx, params).
Execute()
}curl --header "Authorization: Bearer ${ACCESS_TOKEN}" \
--header "Accept: application/vnd.atlas.2025-03-12+json" \
--header "Content-Type: application/json" \
-X POST "https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/serviceAccounts/{clientId}:invite" \
-d '{ <Payload> }'curl --user "${PUBLIC_KEY}:${PRIVATE_KEY}" \
--digest \
--header "Accept: application/vnd.atlas.2025-03-12+json" \
--header "Content-Type: application/json" \
-X POST "https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/serviceAccounts/{clientId}:invite" \
-d '{ <Payload> }'{
"roles": [
"GROUP_OWNER"
]
}{
"clientId": "mdb_sa_id_1234567890abcdef12345678",
"createdAt": "2025-05-04T09:42:00Z",
"description": "string",
"name": "string",
"roles": [
"GROUP_OWNER"
],
"secrets": [
{
"createdAt": "2025-05-04T09:42:00Z",
"expiresAt": "2025-05-04T09:42:00Z",
"id": "32b6e34b3d91647abb20e7b8",
"lastUsedAt": "2025-05-04T09:42:00Z",
"maskedSecretValue": "mdb_sa_sk_...",
"secret": "mdb_sa_sk_..."
}
]
}{
"error": 401,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Unauthorized",
"errorCode": "NOT_ORG_GROUP_CREATOR"
}{
"error": 403,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Forbidden",
"errorCode": "CANNOT_CHANGE_GROUP_NAME"
}{
"error": 404,
"detail": "(This is just an example, the exception may not be related to this endpoint) Cannot find resource AWS",
"reason": "Not Found",
"errorCode": "RESOURCE_NOT_FOUND"
}{
"error": 500,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Internal Server Error",
"errorCode": "UNEXPECTED_ERROR"
}