Andrea Test

Create Access List Entries for One Organization API Key

POST /api/atlas/v2/orgs/{orgId}/apiKeys/{apiUserId}/accessList
Digest auth

Creates the access list entries for the specified organization API key. Resources require all API requests originate from IP addresses on the API access list. To use this resource, the requesting API Key must have the Read Write role.

Path parameters

  • orgId string Required

    Unique 24-hexadecimal digit string that identifies the organization that contains your projects. Use the /orgs endpoint to retrieve all organizations to which the authenticated user has access.

    Minimum length is 24, maximum length is 24. Format should match the following pattern: ^([a-f0-9]{24})$.

  • apiUserId string Required

    Unique 24-hexadecimal digit string that identifies this organization API key for which you want to create a new access list entry.

    Minimum length is 24, maximum length is 24. Format should match the following pattern: ^([a-f0-9]{24})$.

Query parameters

  • envelope boolean

    Flag that indicates whether Application wraps the response in an envelope JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.

    Default value is false.

  • includeCount boolean

    Flag that indicates whether the response returns the total number of items (totalCount) in the response.

    Default value is true.

  • itemsPerPage integer

    Number of items that the response returns per page.

    Minimum value is 1, maximum value is 500. Default value is 100.

  • pageNum integer

    Number of the page that displays the current set of the total objects that the response returns.

    Minimum value is 1. Default value is 1.

  • pretty boolean

    Flag that indicates whether the response body should be in the prettyprint format.

    Default value is false.

application/vnd.atlas.2023-01-01+json

Body Required

Access list entries to be created for the specified organization API key.

  • cidrBlock string

    Range of network addresses that you want to add to the access list for the API key. This parameter requires the range to be expressed in classless inter-domain routing (CIDR) notation of Internet Protocol version 4 or version 6 addresses. You can set a value for this parameter or ipAddress but not both in the same request.

    Format should match the following pattern: ^((([0-9]{1,3}\.){3}[0-9]{1,3})|(:{0,2}([0-9a-f]{1,4}:){0,7}[0-9a-f]{1,4}[:]{0,2}))((%2[fF]|/)[0-9]{1,3})+$.

  • ipAddress string

    Network address that you want to add to the access list for the API key. This parameter requires the address to be expressed as one Internet Protocol version 4 or version 6 address. You can set a value for this parameter or cidrBlock but not both in the same request.

    Format should match the following pattern: ^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)(\.(?!$)|$)){4}|([0-9a-f]{1,4}:){7}[0-9a-f]{1,4}$.

Responses

  • 200 application/vnd.atlas.2023-01-01+json

    OK

    Hide response attributes Show response attributes object
    • links array[object]

      List of one or more Uniform Resource Locators (URLs) that point to API sub-resources, related API resources, or both. RFC 5988 outlines these relationships.

      Web Linking Specification (RFC 5988)
      Hide links attributes Show links attributes object
      • href string

        Uniform Resource Locator (URL) that points another API resource to which this response has some relationship. This URL often begins with https://cloud.mongodb.com/api/atlas.

      • rel string

        Uniform Resource Locator (URL) that defines the semantic relationship between this resource and another API resource. This URL often begins with https://cloud.mongodb.com/api/atlas.

    • results array[object]

      List of returned documents that MongoDB Cloud providers when completing this request.

      Hide results attributes Show results attributes object
      • cidrBlock string

        Range of IP addresses in Classless Inter-Domain Routing (CIDR) notation in the access list for the API key.

        Format should match the following pattern: ^((([0-9]{1,3}\.){3}[0-9]{1,3})|([\:]{0,2}([0-9a-f]{1,4}\:){0,7}[0-9a-f]{1,4}[\:]{0,2}))((%2[fF]|\/)[0-9]{1,3})+$.

      • count integer(int32)

        Total number of requests that have originated from the Internet Protocol (IP) address given as the value of the lastUsedAddress parameter.

        Minimum value is 1.

      • created string(date-time)

        Date and time when someone added the network addresses to the specified API access list. This parameter expresses its value in the ISO 8601 timestamp format in UTC.

      • ipAddress string

        Network address in the access list for the API key.

        Format should match the following pattern: ^((([0-9]{1,3}\.){3}[0-9]{1,3})|([\:]{0,2}([0-9a-f]{1,4}\:){0,7}[0-9a-f]{1,4}[\:]{0,2}))$.

      • lastUsed string(date-time)

        Date and time when MongoDB Cloud received the most recent request that originated from this Internet Protocol version 4 or version 6 address. The resource returns this parameter when at least one request has originated from this IP address. MongoDB Cloud updates this parameter each time a client accesses the permitted resource. This parameter expresses its value in the ISO 8601 timestamp format in UTC.

      • lastUsedAddress string

        Network address that issued the most recent request to the API. This parameter requires the address to be expressed as one Internet Protocol version 4 or version 6 address. The resource returns this parameter after this IP address made at least one request.

        Format should match the following pattern: ^((([0-9]{1,3}\.){3}[0-9]{1,3})|([\:]{0,2}([0-9a-f]{1,4}\:){0,7}[0-9a-f]{1,4}[\:]{0,2}))$.

      • links array[object]

        List of one or more Uniform Resource Locators (URLs) that point to API sub-resources, related API resources, or both. RFC 5988 outlines these relationships.

        Web Linking Specification (RFC 5988)
        Hide links attributes Show links attributes object
        • href string

          Uniform Resource Locator (URL) that points another API resource to which this response has some relationship. This URL often begins with https://cloud.mongodb.com/api/atlas.

        • rel string

          Uniform Resource Locator (URL) that defines the semantic relationship between this resource and another API resource. This URL often begins with https://cloud.mongodb.com/api/atlas.

    • totalCount integer(int32)

      Total number of documents available. MongoDB Cloud omits this value if includeCount is set to false.

      Minimum value is 0.
  • 400 application/json

    Bad Request.

    Hide response attributes Show response attributes object
    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32)

      HTTP status code returned with this error.

      External documentation
    • errorCode string

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.
  • 401 application/json

    Unauthorized.

    Hide response attributes Show response attributes object
    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32)

      HTTP status code returned with this error.

      External documentation
    • errorCode string

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.
  • 409 application/json

    Conflict.

    Hide response attributes Show response attributes object
    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32)

      HTTP status code returned with this error.

      External documentation
    • errorCode string

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.
  • 500 application/json

    Internal Server Error.

    Hide response attributes Show response attributes object
    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32)

      HTTP status code returned with this error.

      External documentation
    • errorCode string

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.
POST /api/atlas/v2/orgs/{orgId}/apiKeys/{apiUserId}/accessList 
atlas api programmaticApiKeys createApiKeyAccessList --help
import (
	"os"
	"context"
	"log"
	sdk "go.mongodb.org/atlas-sdk/v20230101001/admin"
)

func main() {
	ctx := context.Background()
	clientID := os.Getenv("MONGODB_ATLAS_CLIENT_ID")
	clientSecret := os.Getenv("MONGODB_ATLAS_CLIENT_SECRET")

	// See https://dochub.mongodb.org/core/atlas-go-sdk-oauth
	client, err := sdk.NewClient(sdk.UseOAuthAuth(clientID, clientSecret))

	if err != nil {
		log.Fatalf("Error: %v", err)
	}

	params = &sdk.CreateApiKeyAccessListApiParams{}
	sdkResp, httpResp, err := client.ProgrammaticAPIKeysApi.
		CreateApiKeyAccessListWithParams(ctx, params).
		Execute()
}

curl --include --header "Authorization: Bearer ${ACCESS_TOKEN}" \
  --header "Accept: application/vnd.atlas.2023-01-01+json" \
  --header "Content-Type: application/json" \
  -X POST "https://cloud.mongodb.com/api/atlas/v2/orgs/{orgId}/apiKeys/{apiUserId}/accessList" \
  -d '{ <Payload> }'
curl --user "${PUBLIC_KEY}:${PRIVATE_KEY}" \
  --digest --include \
  --header "Accept: application/vnd.atlas.2023-01-01+json" \
  --header "Content-Type: application/json" \
  -X POST "https://cloud.mongodb.com/api/atlas/v2/orgs/{orgId}/apiKeys/{apiUserId}/accessList" \
  -d '{ <Payload> }'
Request examples 
[
  {
    "cidrBlock": "203.0.113.0/24",
    "ipAddress": "203.0.113.10"
  }
]
Response examples (200) 
{
  "links": [
    {
      "href": "https://cloud.mongodb.com/api/atlas",
      "rel": "self"
    }
  ],
  "results": [
    {
      "cidrBlock": "203.0.113.0/24",
      "count": 42,
      "created": "2025-05-04T09:42:00Z",
      "ipAddress": "203.0.113.10",
      "lastUsed": "2025-05-04T09:42:00Z",
      "lastUsedAddress": "203.0.113.10",
      "links": [
        {
          "href": "https://cloud.mongodb.com/api/atlas",
          "rel": "self"
        }
      ]
    }
  ],
  "totalCount": 42
}
Response examples (400) 
{
  "error": 400,
  "detail": "(This is just an example, the exception may not be related to this endpoint) No provider AWS exists.",
  "reason": "Bad Request",
  "errorCode": "VALIDATION_ERROR"
}
Response examples (401) 
{
  "error": 401,
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "reason": "Unauthorized",
  "errorCode": "NOT_ORG_GROUP_CREATOR"
}
Response examples (409) 
{
  "error": 409,
  "detail": "(This is just an example, the exception may not be related to this endpoint) Cannot delete organization link while there is active migration in following project ids: 60c4fd418ebe251047c50554",
  "reason": "Conflict",
  "errorCode": "CANNOT_DELETE_ORG_ACTIVE_LIVE_MIGRATION_ATLAS_ORG_LINK"
}
Response examples (500) 
{
  "error": 500,
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "reason": "Internal Server Error",
  "errorCode": "UNEXPECTED_ERROR"
}