Andrea Test

Return All Database Users in One Project

GET /api/atlas/v2/groups/{groupId}/databaseUsers
Service accounts Digest auth

Returns all database users that belong to the specified project. To use this resource, the requesting Service Account or API Key must have the Project Read Only role.

Path parameters

  • groupId string Required

    Unique 24-hexadecimal digit string that identifies your project. Use the /groups endpoint to retrieve all projects to which the authenticated user has access.

    NOTE: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.

    Format should match the following pattern: ^([a-f0-9]{24})$.

Query parameters

  • envelope boolean

    Flag that indicates whether Application wraps the response in an envelope JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.

    Default value is false.

  • includeCount boolean

    Flag that indicates whether the response returns the total number of items (totalCount) in the response.

    Default value is true.

  • itemsPerPage integer

    Number of items that the response returns per page.

    Minimum value is 1, maximum value is 500. Default value is 100.

  • pageNum integer

    Number of the page that displays the current set of the total objects that the response returns.

    Minimum value is 1. Default value is 1.

  • pretty boolean

    Flag that indicates whether the response body should be in the prettyprint format.

    Default value is false.

    Prettyprint

Responses

  • 200 application/vnd.atlas.2023-01-01+json

    OK

    Hide response attributes Show response attributes object
    • links array[object]

      List of one or more Uniform Resource Locators (URLs) that point to API sub-resources, related API resources, or both. RFC 5988 outlines these relationships.

      Web Linking Specification (RFC 5988)
      Hide links attributes Show links attributes object
      • href string

        Uniform Resource Locator (URL) that points another API resource to which this response has some relationship. This URL often begins with https://cloud.mongodb.com/api/atlas.

      • rel string

        Uniform Resource Locator (URL) that defines the semantic relationship between this resource and another API resource. This URL often begins with https://cloud.mongodb.com/api/atlas.

    • results array[object]

      List of returned documents that MongoDB Cloud provides when completing this request.

      Hide results attributes Show results attributes object
      • awsIAMType string

        Human-readable label that indicates whether the new database user authenticates with the Amazon Web Services (AWS) Identity and Access Management (IAM) credentials associated with the user or the user's role.

        Values are NONE, USER, or ROLE. Default value is NONE.

      • databaseName string Required

        The database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, LDAP, or OIDC Workload this value should be $external. If the user authenticates with SCRAM-SHA or OIDC Workforce, this value should be admin.

        Values are admin or $external. Default value is admin.

      • deleteAfterDate string(date-time)

        Date and time when MongoDB Cloud deletes the user. This parameter expresses its value in the ISO 8601 timestamp format in UTC and can include the time zone designation. You must specify a future date that falls within one week of making the Application Programming Interface (API) request.

      • description string

        Description of this database user.

        Maximum length is 100.

      • labels array[object]

        List that contains the key-value pairs for tagging and categorizing the MongoDB database user. The labels that you define do not appear in the console.

        Human-readable labels applied to this MongoDB Cloud component.

        Hide labels attributes Show labels attributes object
        • key string

          Key applied to tag and categorize this component.

          Minimum length is 1, maximum length is 255.

        • value string

          Value set to the Key applied to tag and categorize this component.

          Minimum length is 1, maximum length is 255.

      • ldapAuthType string

        Part of the Lightweight Directory Access Protocol (LDAP) record that the database uses to authenticate this database user on the LDAP host.

        Values are NONE, GROUP, or USER. Default value is NONE.

      • links array[object]

        List of one or more Uniform Resource Locators (URLs) that point to API sub-resources, related API resources, or both. RFC 5988 outlines these relationships.

        Web Linking Specification (RFC 5988)
        Hide links attributes Show links attributes object
        • href string

          Uniform Resource Locator (URL) that points another API resource to which this response has some relationship. This URL often begins with https://cloud.mongodb.com/api/atlas.

        • rel string

          Uniform Resource Locator (URL) that defines the semantic relationship between this resource and another API resource. This URL often begins with https://cloud.mongodb.com/api/atlas.

      • oidcAuthType string

        Human-readable label that indicates whether the new database user or group authenticates with OIDC federated authentication. To create a federated authentication user, specify the value of USER in this field. To create a federated authentication group, specify the value of IDP_GROUP in this field.

        Values are NONE, IDP_GROUP, or USER. Default value is NONE.

      • roles array[object]

        List that provides the pairings of one role with one applicable database.

        Range of resources available to this database user.

        Hide roles attributes Show roles attributes object
        • collectionName string

          Collection on which this role applies.

        • databaseName string Required

          Database to which the user is granted access privileges.

        • roleName string Required

          Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.

          Values are atlasAdmin, backup, clusterMonitor, dbAdmin, dbAdminAnyDatabase, enableSharding, read, readAnyDatabase, readWrite, readWriteAnyDatabase, or <a custom role name>.

      • scopes array[object]

        List that contains clusters, MongoDB Atlas Data Lakes, and MongoDB Atlas Streams Instances that this database user can access. If omitted, MongoDB Cloud grants the database user access to all the clusters, MongoDB Atlas Data Lakes, and MongoDB Atlas Streams Instances in the project.

        Range of resources available to this database user.

        Hide scopes attributes Show scopes attributes object
        • name string Required

          Human-readable label that identifies the cluster or MongoDB Atlas Data Lake that this database user can access.

          Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9-]*$.

        • type string Required

          Category of resource that this database user can access.

          Values are CLUSTER, DATA_LAKE, or STREAM.

      • username string Required

        Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication:

        Authentication Method Parameter Needed Parameter Value username Format
        AWS IAM awsIAMType ROLE ARN
        AWS IAM awsIAMType USER ARN
        x.509 x509Type CUSTOMER RFC 2253 Distinguished Name
        x.509 x509Type MANAGED RFC 2253 Distinguished Name
        LDAP ldapAuthType USER RFC 2253 Distinguished Name
        LDAP ldapAuthType GROUP RFC 2253 Distinguished Name
        OIDC Workforce oidcAuthType IDP_GROUP Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name
        OIDC Workload oidcAuthType USER Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name
        SCRAM-SHA awsIAMType, x509Type, ldapAuthType, oidcAuthType NONE Alphanumeric string

        Maximum length is 1024.

      • x509Type string

        X.509 method that MongoDB Cloud uses to authenticate the database user.

        • For application-managed X.509, specify MANAGED.
        • For self-managed X.509, specify CUSTOMER.

        Users created with the CUSTOMER method require a Common Name (CN) in the username parameter. You must create externally authenticated users on the $external database.

        Values are NONE, CUSTOMER, or MANAGED. Default value is NONE.

    • totalCount integer(int32)

      Total number of documents available. MongoDB Cloud omits this value if includeCount is set to false. The total number is an estimate and may not be exact.

      Minimum value is 0.
  • 401 application/json

    Unauthorized.

    Hide response attributes Show response attributes object
    • badRequestDetail object

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.
  • 403 application/json

    Forbidden.

    Hide response attributes Show response attributes object
    • badRequestDetail object

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.
  • 404 application/json

    Not Found.

    Hide response attributes Show response attributes object
    • badRequestDetail object

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.
  • 500 application/json

    Internal Server Error.

    Hide response attributes Show response attributes object
    • badRequestDetail object

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.
GET /api/atlas/v2/groups/{groupId}/databaseUsers 
atlas api listDatabaseUsers --help
import (
	"os"
	"context"
	"log"
	sdk "go.mongodb.org/atlas-sdk/v20250312001/admin"
)

func main() {
	ctx := context.Background()
	clientID := os.Getenv("MONGODB_ATLAS_CLIENT_ID")
	clientSecret := os.Getenv("MONGODB_ATLAS_CLIENT_SECRET")

	client, err := sdk.NewClient(
		sdk.UseOAuthAuth(clientID, clientSecret),
		sdk.UseBaseURL(url))

	if err != nil {
		log.Fatalf("Error: %v", err)
	}

	params = &sdk.ListDatabaseUsersApiParams{}
	sdkResp, httpResp, err := client.DatabaseUsersApi.
		ListDatabaseUsersWithParams(ctx, params).
		Execute()
}
curl --header "Authorization: Bearer ${ACCESS_TOKEN}" \
  --header "Accept: application/vnd.atlas.2025-03-12+json" \
  -X GET "https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/databaseUsers?pretty=true"
curl --user "${PUBLIC_KEY}:${PRIVATE_KEY}" \
  --digest \
  --header "Accept: application/vnd.atlas.2025-03-12+json" \
  -X GET "https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/databaseUsers?pretty=true"
Response examples (200) 
{
  "links": [
    {
      "href": "https://cloud.mongodb.com/api/atlas",
      "rel": "self"
    }
  ],
  "results": [
    {
      "awsIAMType": "NONE",
      "databaseName": "admin",
      "deleteAfterDate": "2025-05-04T09:42:00Z",
      "description": "string",
      "labels": [
        {
          "key": "string",
          "value": "string"
        }
      ],
      "ldapAuthType": "NONE",
      "links": [
        {
          "href": "https://cloud.mongodb.com/api/atlas",
          "rel": "self"
        }
      ],
      "oidcAuthType": "NONE",
      "roles": [
        {
          "collectionName": "string",
          "databaseName": "string",
          "roleName": "atlasAdmin"
        }
      ],
      "scopes": [
        {
          "name": "string",
          "type": "CLUSTER"
        }
      ],
      "username": "string",
      "x509Type": "NONE"
    }
  ],
  "totalCount": 42
}
Response examples (401) 
{
  "error": 401,
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "reason": "Unauthorized",
  "errorCode": "NOT_ORG_GROUP_CREATOR"
}
Response examples (403) 
{
  "error": 403,
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "reason": "Forbidden",
  "errorCode": "CANNOT_CHANGE_GROUP_NAME"
}
Response examples (404) 
{
  "error": 404,
  "detail": "(This is just an example, the exception may not be related to this endpoint) Cannot find resource AWS",
  "reason": "Not Found",
  "errorCode": "RESOURCE_NOT_FOUND"
}
Response examples (500) 
{
  "error": 500,
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "reason": "Internal Server Error",
  "errorCode": "UNEXPECTED_ERROR"
}