MongoDB · Capability

MongoDB Atlas Administration API — Programmatic API Keys

MongoDB Atlas Administration API — Programmatic API Keys. 14 operations. Lead operation: Return All Organization API Keys Assigned to One Project. Self-contained Naftiko capability covering one Mongodb business surface.

Run with Naftiko MongodbProgrammatic API Keys

What You Can Do

GET
Listgroupapikeys — Return All Organization API Keys Assigned to One Project
/v1/api/atlas/v2/groups/{groupid}/apikeys
POST
Creategroupapikey — Create and Assign One Organization API Key to One Project
/v1/api/atlas/v2/groups/{groupid}/apikeys
DELETE
Removegroupapikey — Unassign One Organization API Key from One Project
/v1/api/atlas/v2/groups/{groupid}/apikeys/{apiuserid}
PATCH
Updategroupapikeyroles — Update Organization API Key Roles for One Project
/v1/api/atlas/v2/groups/{groupid}/apikeys/{apiuserid}
POST
Addgroupapikey — Assign One Organization API Key to One Project
/v1/api/atlas/v2/groups/{groupid}/apikeys/{apiuserid}
GET
Listorgapikeys — Return All Organization API Keys
/v1/api/atlas/v2/orgs/{orgid}/apikeys
POST
Createorgapikey — Create One Organization API Key
/v1/api/atlas/v2/orgs/{orgid}/apikeys
DELETE
Deleteorgapikey — Remove One Organization API Key
/v1/api/atlas/v2/orgs/{orgid}/apikeys/{apiuserid}
GET
Getorgapikey — Return One Organization API Key
/v1/api/atlas/v2/orgs/{orgid}/apikeys/{apiuserid}
PATCH
Updateorgapikey — Update One Organization API Key
/v1/api/atlas/v2/orgs/{orgid}/apikeys/{apiuserid}
GET
Listorgapikeyaccesslistentries — Return All Access List Entries for One Organization API Key
/v1/api/atlas/v2/orgs/{orgid}/apikeys/{apiuserid}/accesslist
POST
Createorgapikeyaccesslistentry — Create One Access List Entry for One Organization API Key
/v1/api/atlas/v2/orgs/{orgid}/apikeys/{apiuserid}/accesslist
DELETE
Deleteorgapikeyaccesslistentry — Remove One Access List Entry for One Organization API Key
/v1/api/atlas/v2/orgs/{orgid}/apikeys/{apiuserid}/accesslist/{ipaddress}
GET
Getorgapikeyaccesslistentry — Return One Access List Entry for One Organization API Key
/v1/api/atlas/v2/orgs/{orgid}/apikeys/{apiuserid}/accesslist/{ipaddress}

MCP Tools

return-all-organization-api-keys

Return All Organization API Keys Assigned to One Project

read-only idempotent
create-and-assign-one-organization

Create and Assign One Organization API Key to One Project

unassign-one-organization-api-key

Unassign One Organization API Key from One Project

idempotent
update-organization-api-key-roles

Update Organization API Key Roles for One Project

idempotent
assign-one-organization-api-key

Assign One Organization API Key to One Project

return-all-organization-api-keys-2

Return All Organization API Keys

read-only idempotent
create-one-organization-api-key

Create One Organization API Key

remove-one-organization-api-key

Remove One Organization API Key

idempotent
return-one-organization-api-key

Return One Organization API Key

read-only idempotent
update-one-organization-api-key

Update One Organization API Key

idempotent
return-all-access-list-entries

Return All Access List Entries for One Organization API Key

read-only idempotent
create-one-access-list-entry

Create One Access List Entry for One Organization API Key

read-only
remove-one-access-list-entry

Remove One Access List Entry for One Organization API Key

idempotent
return-one-access-list-entry

Return One Access List Entry for One Organization API Key

read-only idempotent

Capability Spec

atlas-programmatic-api-keys.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: MongoDB Atlas Administration API — Programmatic API Keys
  description: 'MongoDB Atlas Administration API — Programmatic API Keys. 14 operations. Lead operation: Return All Organization
    API Keys Assigned to One Project. Self-contained Naftiko capability covering one Mongodb business surface.'
  tags:
  - Mongodb
  - Programmatic API Keys
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    MONGODB_API_KEY: MONGODB_API_KEY
capability:
  consumes:
  - type: http
    namespace: atlas-programmatic-api-keys
    baseUri: https://cloud.mongodb.com
    description: MongoDB Atlas Administration API — Programmatic API Keys business capability. Self-contained, no shared references.
    resources:
    - name: api-atlas-v2-groups-groupId-apiKeys
      path: /api/atlas/v2/groups/{groupId}/apiKeys
      operations:
      - name: listgroupapikeys
        method: GET
        description: Return All Organization API Keys Assigned to One Project
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: creategroupapikey
        method: POST
        description: Create and Assign One Organization API Key to One Project
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-atlas-v2-groups-groupId-apiKeys-apiUserId
      path: /api/atlas/v2/groups/{groupId}/apiKeys/{apiUserId}
      operations:
      - name: removegroupapikey
        method: DELETE
        description: Unassign One Organization API Key from One Project
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: apiUserId
          in: path
          type: string
          description: Unique 24-hexadecimal digit string that identifies this organization API key that you want to unassign
            from one project.
          required: true
      - name: updategroupapikeyroles
        method: PATCH
        description: Update Organization API Key Roles for One Project
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: apiUserId
          in: path
          type: string
          description: Unique 24-hexadecimal digit string that identifies this organization API key that you want to unassign
            from one project.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: addgroupapikey
        method: POST
        description: Assign One Organization API Key to One Project
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: apiUserId
          in: path
          type: string
          description: Unique 24-hexadecimal digit string that identifies this organization API key that you want to assign
            to one project.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-atlas-v2-orgs-orgId-apiKeys
      path: /api/atlas/v2/orgs/{orgId}/apiKeys
      operations:
      - name: listorgapikeys
        method: GET
        description: Return All Organization API Keys
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createorgapikey
        method: POST
        description: Create One Organization API Key
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-atlas-v2-orgs-orgId-apiKeys-apiUserId
      path: /api/atlas/v2/orgs/{orgId}/apiKeys/{apiUserId}
      operations:
      - name: deleteorgapikey
        method: DELETE
        description: Remove One Organization API Key
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: apiUserId
          in: path
          type: string
          description: Unique 24-hexadecimal digit string that identifies this organization API key.
          required: true
      - name: getorgapikey
        method: GET
        description: Return One Organization API Key
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: apiUserId
          in: path
          type: string
          description: Unique 24-hexadecimal digit string that identifies this organization API key that  you want to update.
          required: true
      - name: updateorgapikey
        method: PATCH
        description: Update One Organization API Key
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: apiUserId
          in: path
          type: string
          description: Unique 24-hexadecimal digit string that identifies this organization API key you  want to update.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-atlas-v2-orgs-orgId-apiKeys-apiUserId-accessList
      path: /api/atlas/v2/orgs/{orgId}/apiKeys/{apiUserId}/accessList
      operations:
      - name: listorgapikeyaccesslistentries
        method: GET
        description: Return All Access List Entries for One Organization API Key
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: apiUserId
          in: path
          type: string
          description: Unique 24-hexadecimal digit string that identifies this organization API key for which you want to
            return access list entries.
          required: true
      - name: createorgapikeyaccesslistentry
        method: POST
        description: Create One Access List Entry for One Organization API Key
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: apiUserId
          in: path
          type: string
          description: Unique 24-hexadecimal digit string that identifies this organization API key for which you want to
            create a new access list entry.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-atlas-v2-orgs-orgId-apiKeys-apiUserId-accessList-ipAddress
      path: /api/atlas/v2/orgs/{orgId}/apiKeys/{apiUserId}/accessList/{ipAddress}
      operations:
      - name: deleteorgapikeyaccesslistentry
        method: DELETE
        description: Remove One Access List Entry for One Organization API Key
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: apiUserId
          in: path
          type: string
          description: Unique 24-hexadecimal digit string that identifies this organization API key for which you want to
            remove access list entries.
          required: true
        - name: ipAddress
          in: path
          type: string
          description: One IP address or multiple IP addresses represented as one CIDR block to limit requests to API resources
            in the specified organization. When adding a CIDR block
          required: true
      - name: getorgapikeyaccesslistentry
        method: GET
        description: Return One Access List Entry for One Organization API Key
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: ipAddress
          in: path
          type: string
          description: One IP address or multiple IP addresses represented as one CIDR block to limit  requests to API resources
            in the specified organization. When adding a CIDR bloc
          required: true
        - name: apiUserId
          in: path
          type: string
          description: Unique 24-hexadecimal digit string that identifies this organization API key for  which you want to
            return access list entries.
          required: true
    authentication:
      type: bearer
      token: '{{env.MONGODB_API_KEY}}'
  exposes:
  - type: rest
    namespace: atlas-programmatic-api-keys-rest
    port: 8080
    description: REST adapter for MongoDB Atlas Administration API — Programmatic API Keys. One Spectral-compliant resource
      per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/api/atlas/v2/groups/{groupid}/apikeys
      name: api-atlas-v2-groups-groupid-apikeys
      description: REST surface for api-atlas-v2-groups-groupId-apiKeys.
      operations:
      - method: GET
        name: listgroupapikeys
        description: Return All Organization API Keys Assigned to One Project
        call: atlas-programmatic-api-keys.listgroupapikeys
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: creategroupapikey
        description: Create and Assign One Organization API Key to One Project
        call: atlas-programmatic-api-keys.creategroupapikey
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/groups/{groupid}/apikeys/{apiuserid}
      name: api-atlas-v2-groups-groupid-apikeys-apiuserid
      description: REST surface for api-atlas-v2-groups-groupId-apiKeys-apiUserId.
      operations:
      - method: DELETE
        name: removegroupapikey
        description: Unassign One Organization API Key from One Project
        call: atlas-programmatic-api-keys.removegroupapikey
        with:
          apiUserId: rest.apiUserId
        outputParameters:
        - type: object
          mapping: $.
      - method: PATCH
        name: updategroupapikeyroles
        description: Update Organization API Key Roles for One Project
        call: atlas-programmatic-api-keys.updategroupapikeyroles
        with:
          apiUserId: rest.apiUserId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: addgroupapikey
        description: Assign One Organization API Key to One Project
        call: atlas-programmatic-api-keys.addgroupapikey
        with:
          apiUserId: rest.apiUserId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/orgs/{orgid}/apikeys
      name: api-atlas-v2-orgs-orgid-apikeys
      description: REST surface for api-atlas-v2-orgs-orgId-apiKeys.
      operations:
      - method: GET
        name: listorgapikeys
        description: Return All Organization API Keys
        call: atlas-programmatic-api-keys.listorgapikeys
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createorgapikey
        description: Create One Organization API Key
        call: atlas-programmatic-api-keys.createorgapikey
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/orgs/{orgid}/apikeys/{apiuserid}
      name: api-atlas-v2-orgs-orgid-apikeys-apiuserid
      description: REST surface for api-atlas-v2-orgs-orgId-apiKeys-apiUserId.
      operations:
      - method: DELETE
        name: deleteorgapikey
        description: Remove One Organization API Key
        call: atlas-programmatic-api-keys.deleteorgapikey
        with:
          apiUserId: rest.apiUserId
        outputParameters:
        - type: object
          mapping: $.
      - method: GET
        name: getorgapikey
        description: Return One Organization API Key
        call: atlas-programmatic-api-keys.getorgapikey
        with:
          apiUserId: rest.apiUserId
        outputParameters:
        - type: object
          mapping: $.
      - method: PATCH
        name: updateorgapikey
        description: Update One Organization API Key
        call: atlas-programmatic-api-keys.updateorgapikey
        with:
          apiUserId: rest.apiUserId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/orgs/{orgid}/apikeys/{apiuserid}/accesslist
      name: api-atlas-v2-orgs-orgid-apikeys-apiuserid-accesslist
      description: REST surface for api-atlas-v2-orgs-orgId-apiKeys-apiUserId-accessList.
      operations:
      - method: GET
        name: listorgapikeyaccesslistentries
        description: Return All Access List Entries for One Organization API Key
        call: atlas-programmatic-api-keys.listorgapikeyaccesslistentries
        with:
          apiUserId: rest.apiUserId
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createorgapikeyaccesslistentry
        description: Create One Access List Entry for One Organization API Key
        call: atlas-programmatic-api-keys.createorgapikeyaccesslistentry
        with:
          apiUserId: rest.apiUserId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/orgs/{orgid}/apikeys/{apiuserid}/accesslist/{ipaddress}
      name: api-atlas-v2-orgs-orgid-apikeys-apiuserid-accesslist-ipaddress
      description: REST surface for api-atlas-v2-orgs-orgId-apiKeys-apiUserId-accessList-ipAddress.
      operations:
      - method: DELETE
        name: deleteorgapikeyaccesslistentry
        description: Remove One Access List Entry for One Organization API Key
        call: atlas-programmatic-api-keys.deleteorgapikeyaccesslistentry
        with:
          apiUserId: rest.apiUserId
          ipAddress: rest.ipAddress
        outputParameters:
        - type: object
          mapping: $.
      - method: GET
        name: getorgapikeyaccesslistentry
        description: Return One Access List Entry for One Organization API Key
        call: atlas-programmatic-api-keys.getorgapikeyaccesslistentry
        with:
          ipAddress: rest.ipAddress
          apiUserId: rest.apiUserId
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: atlas-programmatic-api-keys-mcp
    port: 9090
    transport: http
    description: MCP adapter for MongoDB Atlas Administration API — Programmatic API Keys. One tool per consumed operation,
      routed inline through this capability's consumes block.
    tools:
    - name: return-all-organization-api-keys
      description: Return All Organization API Keys Assigned to One Project
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: atlas-programmatic-api-keys.listgroupapikeys
      outputParameters:
      - type: object
        mapping: $.
    - name: create-and-assign-one-organization
      description: Create and Assign One Organization API Key to One Project
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: atlas-programmatic-api-keys.creategroupapikey
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: unassign-one-organization-api-key
      description: Unassign One Organization API Key from One Project
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: atlas-programmatic-api-keys.removegroupapikey
      with:
        apiUserId: tools.apiUserId
      outputParameters:
      - type: object
        mapping: $.
    - name: update-organization-api-key-roles
      description: Update Organization API Key Roles for One Project
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: atlas-programmatic-api-keys.updategroupapikeyroles
      with:
        apiUserId: tools.apiUserId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: assign-one-organization-api-key
      description: Assign One Organization API Key to One Project
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: atlas-programmatic-api-keys.addgroupapikey
      with:
        apiUserId: tools.apiUserId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: return-all-organization-api-keys-2
      description: Return All Organization API Keys
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: atlas-programmatic-api-keys.listorgapikeys
      outputParameters:
      - type: object
        mapping: $.
    - name: create-one-organization-api-key
      description: Create One Organization API Key
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: atlas-programmatic-api-keys.createorgapikey
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: remove-one-organization-api-key
      description: Remove One Organization API Key
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: atlas-programmatic-api-keys.deleteorgapikey
      with:
        apiUserId: tools.apiUserId
      outputParameters:
      - type: object
        mapping: $.
    - name: return-one-organization-api-key
      description: Return One Organization API Key
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: atlas-programmatic-api-keys.getorgapikey
      with:
        apiUserId: tools.apiUserId
      outputParameters:
      - type: object
        mapping: $.
    - name: update-one-organization-api-key
      description: Update One Organization API Key
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: atlas-programmatic-api-keys.updateorgapikey
      with:
        apiUserId: tools.apiUserId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: return-all-access-list-entries
      description: Return All Access List Entries for One Organization API Key
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: atlas-programmatic-api-keys.listorgapikeyaccesslistentries
      with:
        apiUserId: tools.apiUserId
      outputParameters:
      - type: object
        mapping: $.
    - name: create-one-access-list-entry
      description: Create One Access List Entry for One Organization API Key
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: atlas-programmatic-api-keys.createorgapikeyaccesslistentry
      with:
        apiUserId: tools.apiUserId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: remove-one-access-list-entry
      description: Remove One Access List Entry for One Organization API Key
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: atlas-programmatic-api-keys.deleteorgapikeyaccesslistentry
      with:
        apiUserId: tools.apiUserId
        ipAddress: tools.ipAddress
      outputParameters:
      - type: object
        mapping: $.
    - name: return-one-access-list-entry
      description: Return One Access List Entry for One Organization API Key
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: atlas-programmatic-api-keys.getorgapikeyaccesslistentry
      with:
        ipAddress: tools.ipAddress
        apiUserId: tools.apiUserId
      outputParameters:
      - type: object
        mapping: $.