Service Accounts Overview

On this page

Next Steps

Service Accounts (currently available as a Preview feature) introduce a new way to authenticate to Atlas by using the industry standard OAuth 2.0 protocol with the Client Credentials flow.

A service account comes with a client ID and secret, comparable to a username and password, that you use to generate access tokens for API requests. These tokens are valid for one hour to prevent replay attacks, where a leaked access token could be used without a time restriction. To learn how to construct an API request using an access token, see Make an API Request.

Atlas roles determine what operations a service account can perform. Assign roles to service accounts as you would for users to ensure the access token has the necessary permissions for the desired API calls.

A service account is scoped to one organization and can access multiple projects within that organization. To give an organization-level service account access to a project, see Assign Existing Organization Access to a Project.

You can't use a service account or its access token to log into Atlas through the Atlas UI. To learn more about the limitations of service accounts, see server-atlas-service-accounts-limitations.

Next Steps

To use and manage service accounts, see any of the following procedures:

Back

API Authentication

Versioning Overview

Service Accounts Overview.leafygreen-ui-m0pgrr{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;padding:0 10px;visibility:hidden;}.leafygreen-ui-a30zj9{color:#889397;vertical-align:middle;margin-top:-2px;}.css-fmznk8{margin-top:-85px;position:absolute;padding-bottom:2px;}

Next Steps

Service Accounts Overview