Create One Project Service Account
Creates one Service Account for the specified Project. The Service Account will automatically be added as an Organization Member to the Organization that the specified Project is a part of.
Path parameters
-
Unique 24-hexadecimal digit string that identifies your project. Use the /groups endpoint to retrieve all projects to which the authenticated user has access.
NOTE: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.
Format should match the following pattern:
^([a-f0-9]{24})$
.
Query parameters
-
Flag that indicates whether Application wraps the response in an
envelope
JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.Default value is
false
. -
Flag that indicates whether the response body should be in the prettyprint format.
Default value is
false
.Prettyprint
Body
Required
Details of the new Service Account.
-
Human readable description for the Service Account.
Minimum length is
1
, maximum length is250
. Format should match the following pattern:^[\p{L}\p{N}\-_.,' ]*$
. -
Human-readable name for the Service Account. The name is modifiable and does not have to be unique.
Minimum length is
1
, maximum length is64
. Format should match the following pattern:^[\p{L}\p{N}\-_.,' ]*$
. -
A list of project-level roles for the Service Account.
At least
1
element. Values areGROUP_OWNER
,GROUP_READ_ONLY
,GROUP_DATA_ACCESS_ADMIN
,GROUP_DATA_ACCESS_READ_ONLY
,GROUP_DATA_ACCESS_READ_WRITE
,GROUP_CLUSTER_MANAGER
,GROUP_SEARCH_INDEX_EDITOR
,GROUP_STREAM_PROCESSING_OWNER
,GROUP_BACKUP_MANAGER
,GROUP_OBSERVABILITY_VIEWER
, orGROUP_DATABASE_ACCESS_ADMIN
. -
The expiration time of the new Service Account secret, provided in hours. The minimum and maximum allowed expiration times are subject to change and are controlled by the organization's settings.
curl \
--request POST 'https://cloud.mongodb.com/api/atlas/v2/groups/32b6e34b3d91647abb20e7b8/serviceAccounts' \
--header "Authorization: Bearer $ACCESS_TOKEN" \
--header "Content-Type: application/vnd.atlas.2024-08-05+json"
{
"description": "string",
"name": "string",
"roles": [
"GROUP_OWNER"
],
"secretExpiresAfterHours": 8
}
{
"clientId": "mdb_sa_id_1234567890abcdef12345678",
"createdAt": "2025-05-04T09:42:00Z",
"description": "string",
"name": "string",
"roles": [
"GROUP_OWNER"
],
"secrets": [
{
"createdAt": "2025-05-04T09:42:00Z",
"expiresAt": "2025-05-04T09:42:00Z",
"id": "32b6e34b3d91647abb20e7b8",
"lastUsedAt": "2025-05-04T09:42:00Z",
"maskedSecretValue": "mdb_sa_sk_...",
"secret": "mdb_sa_sk_..."
}
]
}
{
"error": 400,
"detail": "(This is just an example, the exception may not be related to this endpoint) No provider AWS exists.",
"reason": "Bad Request",
"errorCode": "VALIDATION_ERROR"
}
{
"error": 401,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Unauthorized",
"errorCode": "NOT_ORG_GROUP_CREATOR"
}
{
"error": 403,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Forbidden",
"errorCode": "CANNOT_CHANGE_GROUP_NAME"
}
{
"error": 404,
"detail": "(This is just an example, the exception may not be related to this endpoint) Cannot find resource AWS",
"reason": "Not Found",
"errorCode": "RESOURCE_NOT_FOUND"
}
{
"error": 500,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Internal Server Error",
"errorCode": "UNEXPECTED_ERROR"
}