Create One Organization Service Account Secret

POST /api/atlas/v2/orgs/{orgId}/serviceAccounts/{clientId}/secrets

Service accounts Digest auth

Create a secret for the specified Service Account.

Path parameters

orgId string Required

Unique 24-hexadecimal digit string that identifies the organization that contains your projects. Use the /orgs endpoint to retrieve all organizations to which the authenticated user has access.

Format should match the following pattern: ^([a-f0-9]{24})$.
clientId string Required

The Client ID of the Service Account.

Format should match the following pattern: ^mdb_sa_id_[a-fA-F\d]{24}$.

Query parameters

envelope boolean

Flag that indicates whether Application wraps the response in an envelope JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.

Default value is false.
pretty boolean

Flag that indicates whether the response body should be in the prettyprint format.

Default value is false.

Prettyprint

application/vnd.atlas.2024-08-05+json

Body Required

Details for the new secret.

secretExpiresAfterHours integer(int32) Required

The expiration time of the new Service Account secret, provided in hours. The minimum and maximum allowed expiration times are subject to change and are controlled by the organization's settings.

Responses

201 application/vnd.atlas.2024-08-05+json

Created
Hide response attributes Show response attributes object
- createdAt string(date-time) Required
  
  The date that the secret was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- expiresAt string(date-time) Required
  
  The date for the expiration of the secret. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- id string Required
  
  Unique 24-hexadecimal digit string that identifies the secret.
  
  Format should match the following pattern: ^([a-f0-9]{24})$.
- lastUsedAt string(date-time)
  
  The last time the secret was used. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
- maskedSecretValue string
  
  The masked Service Account secret.
- secret string
  
  The secret for the Service Account. It will be returned only the first time after creation.
400 application/json

Bad Request.
Hide response attributes Show response attributes object
- badRequestDetail object
  
  Bad request detail.
  
  Hide badRequestDetail attribute Show badRequestDetail attribute object
  
  fields array[object]
  
  Describes all violations in a client request.
  
  Hide fields attributes Show fields attributes object
  
  description string Required
  
  A description of why the request element is bad.
  
  field string Required
  
  A path that leads to a field in the request body.
- detail string
  
  Describes the specific conditions or reasons that cause each type of error.
- error integer(int32) Required
  
  HTTP status code returned with this error.
  
  External documentation
- errorCode string Required
  
  Application error code returned with this error.
- parameters array[object]
  
  Parameters used to give more information about the error.
- reason string
  
  Application error message returned with this error.
401 application/json

Unauthorized.
Hide response attributes Show response attributes object
- badRequestDetail object
  
  Bad request detail.
  
  Hide badRequestDetail attribute Show badRequestDetail attribute object
  
  fields array[object]
  
  Describes all violations in a client request.
  
  Hide fields attributes Show fields attributes object
  
  description string Required
  
  A description of why the request element is bad.
  
  field string Required
  
  A path that leads to a field in the request body.
- detail string
  
  Describes the specific conditions or reasons that cause each type of error.
- error integer(int32) Required
  
  HTTP status code returned with this error.
  
  External documentation
- errorCode string Required
  
  Application error code returned with this error.
- parameters array[object]
  
  Parameters used to give more information about the error.
- reason string
  
  Application error message returned with this error.
403 application/json

Forbidden.
Hide response attributes Show response attributes object
- badRequestDetail object
  
  Bad request detail.
  
  Hide badRequestDetail attribute Show badRequestDetail attribute object
  
  fields array[object]
  
  Describes all violations in a client request.
  
  Hide fields attributes Show fields attributes object
  
  description string Required
  
  A description of why the request element is bad.
  
  field string Required
  
  A path that leads to a field in the request body.
- detail string
  
  Describes the specific conditions or reasons that cause each type of error.
- error integer(int32) Required
  
  HTTP status code returned with this error.
  
  External documentation
- errorCode string Required
  
  Application error code returned with this error.
- parameters array[object]
  
  Parameters used to give more information about the error.
- reason string
  
  Application error message returned with this error.
404 application/json

Not Found.
Hide response attributes Show response attributes object
- badRequestDetail object
  
  Bad request detail.
  
  Hide badRequestDetail attribute Show badRequestDetail attribute object
  
  fields array[object]
  
  Describes all violations in a client request.
  
  Hide fields attributes Show fields attributes object
  
  description string Required
  
  A description of why the request element is bad.
  
  field string Required
  
  A path that leads to a field in the request body.
- detail string
  
  Describes the specific conditions or reasons that cause each type of error.
- error integer(int32) Required
  
  HTTP status code returned with this error.
  
  External documentation
- errorCode string Required
  
  Application error code returned with this error.
- parameters array[object]
  
  Parameters used to give more information about the error.
- reason string
  
  Application error message returned with this error.
500 application/json

Internal Server Error.
Hide response attributes Show response attributes object
- badRequestDetail object
  
  Bad request detail.
  
  Hide badRequestDetail attribute Show badRequestDetail attribute object
  
  fields array[object]
  
  Describes all violations in a client request.
  
  Hide fields attributes Show fields attributes object
  
  description string Required
  
  A description of why the request element is bad.
  
  field string Required
  
  A path that leads to a field in the request body.
- detail string
  
  Describes the specific conditions or reasons that cause each type of error.
- error integer(int32) Required
  
  HTTP status code returned with this error.
  
  External documentation
- errorCode string Required
  
  Application error code returned with this error.
- parameters array[object]
  
  Parameters used to give more information about the error.
- reason string
  
  Application error message returned with this error.

POST /api/atlas/v2/orgs/{orgId}/serviceAccounts/{clientId}/secrets

atlas api serviceAccounts createOrgSecret --help

import (	"os"	"context"	"log"	sdk "go.mongodb.org/atlas-sdk/v20250312001/admin" ) func main() {	ctx := context.Background()	clientID := os.Getenv("MONGODB_ATLAS_CLIENT_ID")	clientSecret := os.Getenv("MONGODB_ATLAS_CLIENT_SECRET")	// See https://dochub.mongodb.org/core/atlas-go-sdk-oauth	client, err := sdk.NewClient(sdk.UseOAuthAuth(clientID, clientSecret))	if err != nil {	log.Fatalf("Error: %v", err)	}	params = &sdk.CreateOrgServiceAccountSecretApiParams{}	sdkResp, httpResp, err := client.ServiceAccountsApi.	CreateOrgServiceAccountSecretWithParams(ctx, params).	Execute() }

curl --include --header "Authorization: Bearer ${ACCESS_TOKEN}" \ --header "Accept: application/vnd.atlas.2025-03-12+json" \ --header "Content-Type: application/json" \ -X POST "https://cloud.mongodb.com/api/atlas/v2/orgs/{orgId}/serviceAccounts/{clientId}/secrets" \ -d '{ <Payload> }'

curl --user "${PUBLIC_KEY}:${PRIVATE_KEY}" \ --digest --include \ --header "Accept: application/vnd.atlas.2025-03-12+json" \ --header "Content-Type: application/json" \ -X POST "https://cloud.mongodb.com/api/atlas/v2/orgs/{orgId}/serviceAccounts/{clientId}/secrets" \ -d '{ <Payload> }'

Request examples

{ "secretExpiresAfterHours": 8 }

Response examples (201)

{ "createdAt": "2025-05-04T09:42:00Z", "expiresAt": "2025-05-04T09:42:00Z", "id": "32b6e34b3d91647abb20e7b8", "lastUsedAt": "2025-05-04T09:42:00Z", "maskedSecretValue": "mdb_sa_sk_...", "secret": "mdb_sa_sk_..." }

Response examples (400)

{ "error": 400, "detail": "(This is just an example, the exception may not be related to this endpoint) No provider AWS exists.", "reason": "Bad Request", "errorCode": "VALIDATION_ERROR" }

Response examples (401)

{ "error": 401, "detail": "(This is just an example, the exception may not be related to this endpoint)", "reason": "Unauthorized", "errorCode": "NOT_ORG_GROUP_CREATOR" }

Response examples (403)

{ "error": 403, "detail": "(This is just an example, the exception may not be related to this endpoint)", "reason": "Forbidden", "errorCode": "CANNOT_CHANGE_GROUP_NAME" }

Response examples (404)

{ "error": 404, "detail": "(This is just an example, the exception may not be related to this endpoint) Cannot find resource AWS", "reason": "Not Found", "errorCode": "RESOURCE_NOT_FOUND" }

Response examples (500)

{ "error": 500, "detail": "(This is just an example, the exception may not be related to this endpoint)", "reason": "Internal Server Error", "errorCode": "UNEXPECTED_ERROR" }