MongoDB Atlas Administration API — Service Accounts

naftiko: 1.0.0-alpha2
info:
  label: MongoDB Atlas Administration API — Service Accounts
  description: 'MongoDB Atlas Administration API — Service Accounts. 22 operations. Lead operation: Return All Project Service
    Accounts. Self-contained Naftiko capability covering one Mongodb business surface.'
  tags:
  - Mongodb
  - Service Accounts
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    MONGODB_API_KEY: MONGODB_API_KEY
capability:
  consumes:
  - type: http
    namespace: atlas-service-accounts
    baseUri: https://cloud.mongodb.com
    description: MongoDB Atlas Administration API — Service Accounts business capability. Self-contained, no shared references.
    resources:
    - name: api-atlas-v2-groups-groupId-serviceAccounts
      path: /api/atlas/v2/groups/{groupId}/serviceAccounts
      operations:
      - name: listgroupserviceaccounts
        method: GET
        description: Return All Project Service Accounts
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: creategroupserviceaccount
        method: POST
        description: Create One Project Service Account
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-atlas-v2-groups-groupId-serviceAccounts-clientId
      path: /api/atlas/v2/groups/{groupId}/serviceAccounts/{clientId}
      operations:
      - name: deletegroupserviceaccount
        method: DELETE
        description: Remove One Project Service Account
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The Client ID of the Service Account.
          required: true
      - name: getgroupserviceaccount
        method: GET
        description: Return One Project Service Account
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The Client ID of the Service Account.
          required: true
      - name: updategroupserviceaccount
        method: PATCH
        description: Update One Project Service Account
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The Client ID of the Service Account.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-atlas-v2-groups-groupId-serviceAccounts-clientId-accessList
      path: /api/atlas/v2/groups/{groupId}/serviceAccounts/{clientId}/accessList
      operations:
      - name: listgroupserviceaccountaccesslist
        method: GET
        description: Return All Access List Entries for One Project Service Account
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The Client ID of the Service Account.
          required: true
      - name: creategroupserviceaccountaccesslist
        method: POST
        description: Add Access List Entries for One Project Service Account
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The Client ID of the Service Account.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-atlas-v2-groups-groupId-serviceAccounts-clientId-accessList-ipAddress
      path: /api/atlas/v2/groups/{groupId}/serviceAccounts/{clientId}/accessList/{ipAddress}
      operations:
      - name: deletegroupserviceaccountaccesslistentry
        method: DELETE
        description: Remove One Access List Entry from One Project Service Account
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The Client ID of the Service Account.
          required: true
        - name: ipAddress
          in: path
          type: string
          description: One IP address or multiple IP addresses represented as one CIDR block. When specifying a CIDR block
            with a subnet mask, such as 192.0.2.0/24, use the URL-encode
          required: true
    - name: api-atlas-v2-groups-groupId-serviceAccounts-clientId-secrets
      path: /api/atlas/v2/groups/{groupId}/serviceAccounts/{clientId}/secrets
      operations:
      - name: creategroupserviceaccountsecret
        method: POST
        description: Create One Project Service Account Secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The Client ID of the Service Account.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-atlas-v2-groups-groupId-serviceAccounts-clientId-secrets-secretId
      path: /api/atlas/v2/groups/{groupId}/serviceAccounts/{clientId}/secrets/{secretId}
      operations:
      - name: deletegroupserviceaccountsecret
        method: DELETE
        description: Delete One Project Service Account Secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The Client ID of the Service Account.
          required: true
        - name: secretId
          in: path
          type: string
          description: Unique 24-hexadecimal digit string that identifies the secret.
          required: true
    - name: api-atlas-v2-groups-groupId-serviceAccounts-clientId}:invite
      path: /api/atlas/v2/groups/{groupId}/serviceAccounts/{clientId}:invite
      operations:
      - name: invitegroupserviceaccount
        method: POST
        description: Assign One Service Account to One Project
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The Client ID of the Service Account.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-atlas-v2-orgs-orgId-serviceAccounts
      path: /api/atlas/v2/orgs/{orgId}/serviceAccounts
      operations:
      - name: listorgserviceaccounts
        method: GET
        description: Return All Organization Service Accounts
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createorgserviceaccount
        method: POST
        description: Create One Organization Service Account
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-atlas-v2-orgs-orgId-serviceAccounts-clientId
      path: /api/atlas/v2/orgs/{orgId}/serviceAccounts/{clientId}
      operations:
      - name: deleteorgserviceaccount
        method: DELETE
        description: Delete One Organization Service Account
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The Client ID of the Service Account.
          required: true
      - name: getorgserviceaccount
        method: GET
        description: Return One Organization Service Account
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The Client ID of the Service Account.
          required: true
      - name: updateorgserviceaccount
        method: PATCH
        description: Update One Organization Service Account
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The Client ID of the Service Account.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-atlas-v2-orgs-orgId-serviceAccounts-clientId-accessList
      path: /api/atlas/v2/orgs/{orgId}/serviceAccounts/{clientId}/accessList
      operations:
      - name: listorgserviceaccountaccesslist
        method: GET
        description: Return All Access List Entries for One Organization Service Account
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The Client ID of the Service Account.
          required: true
      - name: createorgserviceaccountaccesslist
        method: POST
        description: Add Access List Entries for One Organization Service Account
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The Client ID of the Service Account.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-atlas-v2-orgs-orgId-serviceAccounts-clientId-accessList-ipAddress
      path: /api/atlas/v2/orgs/{orgId}/serviceAccounts/{clientId}/accessList/{ipAddress}
      operations:
      - name: deleteorgserviceaccountaccesslistentry
        method: DELETE
        description: Remove One Access List Entry from One Organization Service Account
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The Client ID of the Service Account.
          required: true
        - name: ipAddress
          in: path
          type: string
          description: One IP address or multiple IP addresses represented as one CIDR block. When specifying a CIDR block
            with a subnet mask, such as 192.0.2.0/24, use the URL-encode
          required: true
    - name: api-atlas-v2-orgs-orgId-serviceAccounts-clientId-groups
      path: /api/atlas/v2/orgs/{orgId}/serviceAccounts/{clientId}/groups
      operations:
      - name: getorgserviceaccountgroups
        method: GET
        description: Return All Service Account Project Assignments
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The Client ID of the Service Account.
          required: true
    - name: api-atlas-v2-orgs-orgId-serviceAccounts-clientId-secrets
      path: /api/atlas/v2/orgs/{orgId}/serviceAccounts/{clientId}/secrets
      operations:
      - name: createorgserviceaccountsecret
        method: POST
        description: Create One Organization Service Account Secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The Client ID of the Service Account.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-atlas-v2-orgs-orgId-serviceAccounts-clientId-secrets-secretId
      path: /api/atlas/v2/orgs/{orgId}/serviceAccounts/{clientId}/secrets/{secretId}
      operations:
      - name: deleteorgserviceaccountsecret
        method: DELETE
        description: Delete One Organization Service Account Secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The Client ID of the Service Account.
          required: true
        - name: secretId
          in: path
          type: string
          description: Unique 24-hexadecimal digit string that identifies the secret.
          required: true
    authentication:
      type: bearer
      token: '{{env.MONGODB_API_KEY}}'
  exposes:
  - type: rest
    namespace: atlas-service-accounts-rest
    port: 8080
    description: REST adapter for MongoDB Atlas Administration API — Service Accounts. One Spectral-compliant resource per
      consumed operation, prefixed with /v1.
    resources:
    - path: /v1/api/atlas/v2/groups/{groupid}/serviceaccounts
      name: api-atlas-v2-groups-groupid-serviceaccounts
      description: REST surface for api-atlas-v2-groups-groupId-serviceAccounts.
      operations:
      - method: GET
        name: listgroupserviceaccounts
        description: Return All Project Service Accounts
        call: atlas-service-accounts.listgroupserviceaccounts
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: creategroupserviceaccount
        description: Create One Project Service Account
        call: atlas-service-accounts.creategroupserviceaccount
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/groups/{groupid}/serviceaccounts/{clientid}
      name: api-atlas-v2-groups-groupid-serviceaccounts-clientid
      description: REST surface for api-atlas-v2-groups-groupId-serviceAccounts-clientId.
      operations:
      - method: DELETE
        name: deletegroupserviceaccount
        description: Remove One Project Service Account
        call: atlas-service-accounts.deletegroupserviceaccount
        with:
          clientId: rest.clientId
        outputParameters:
        - type: object
          mapping: $.
      - method: GET
        name: getgroupserviceaccount
        description: Return One Project Service Account
        call: atlas-service-accounts.getgroupserviceaccount
        with:
          clientId: rest.clientId
        outputParameters:
        - type: object
          mapping: $.
      - method: PATCH
        name: updategroupserviceaccount
        description: Update One Project Service Account
        call: atlas-service-accounts.updategroupserviceaccount
        with:
          clientId: rest.clientId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/groups/{groupid}/serviceaccounts/{clientid}/accesslist
      name: api-atlas-v2-groups-groupid-serviceaccounts-clientid-accesslist
      description: REST surface for api-atlas-v2-groups-groupId-serviceAccounts-clientId-accessList.
      operations:
      - method: GET
        name: listgroupserviceaccountaccesslist
        description: Return All Access List Entries for One Project Service Account
        call: atlas-service-accounts.listgroupserviceaccountaccesslist
        with:
          clientId: rest.clientId
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: creategroupserviceaccountaccesslist
        description: Add Access List Entries for One Project Service Account
        call: atlas-service-accounts.creategroupserviceaccountaccesslist
        with:
          clientId: rest.clientId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/groups/{groupid}/serviceaccounts/{clientid}/accesslist/{ipaddress}
      name: api-atlas-v2-groups-groupid-serviceaccounts-clientid-accesslist-ipaddress
      description: REST surface for api-atlas-v2-groups-groupId-serviceAccounts-clientId-accessList-ipAddress.
      operations:
      - method: DELETE
        name: deletegroupserviceaccountaccesslistentry
        description: Remove One Access List Entry from One Project Service Account
        call: atlas-service-accounts.deletegroupserviceaccountaccesslistentry
        with:
          clientId: rest.clientId
          ipAddress: rest.ipAddress
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/groups/{groupid}/serviceaccounts/{clientid}/secrets
      name: api-atlas-v2-groups-groupid-serviceaccounts-clientid-secrets
      description: REST surface for api-atlas-v2-groups-groupId-serviceAccounts-clientId-secrets.
      operations:
      - method: POST
        name: creategroupserviceaccountsecret
        description: Create One Project Service Account Secret
        call: atlas-service-accounts.creategroupserviceaccountsecret
        with:
          clientId: rest.clientId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/groups/{groupid}/serviceaccounts/{clientid}/secrets/{secretid}
      name: api-atlas-v2-groups-groupid-serviceaccounts-clientid-secrets-secretid
      description: REST surface for api-atlas-v2-groups-groupId-serviceAccounts-clientId-secrets-secretId.
      operations:
      - method: DELETE
        name: deletegroupserviceaccountsecret
        description: Delete One Project Service Account Secret
        call: atlas-service-accounts.deletegroupserviceaccountsecret
        with:
          clientId: rest.clientId
          secretId: rest.secretId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/groups/{groupid}/serviceaccounts/clientid-invite
      name: api-atlas-v2-groups-groupid-serviceaccounts-clientid-invite
      description: REST surface for api-atlas-v2-groups-groupId-serviceAccounts-clientId}:invite.
      operations:
      - method: POST
        name: invitegroupserviceaccount
        description: Assign One Service Account to One Project
        call: atlas-service-accounts.invitegroupserviceaccount
        with:
          clientId: rest.clientId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/orgs/{orgid}/serviceaccounts
      name: api-atlas-v2-orgs-orgid-serviceaccounts
      description: REST surface for api-atlas-v2-orgs-orgId-serviceAccounts.
      operations:
      - method: GET
        name: listorgserviceaccounts
        description: Return All Organization Service Accounts
        call: atlas-service-accounts.listorgserviceaccounts
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createorgserviceaccount
        description: Create One Organization Service Account
        call: atlas-service-accounts.createorgserviceaccount
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/orgs/{orgid}/serviceaccounts/{clientid}
      name: api-atlas-v2-orgs-orgid-serviceaccounts-clientid
      description: REST surface for api-atlas-v2-orgs-orgId-serviceAccounts-clientId.
      operations:
      - method: DELETE
        name: deleteorgserviceaccount
        description: Delete One Organization Service Account
        call: atlas-service-accounts.deleteorgserviceaccount
        with:
          clientId: rest.clientId
        outputParameters:
        - type: object
          mapping: $.
      - method: GET
        name: getorgserviceaccount
        description: Return One Organization Service Account
        call: atlas-service-accounts.getorgserviceaccount
        with:
          clientId: rest.clientId
        outputParameters:
        - type: object
          mapping: $.
      - method: PATCH
        name: updateorgserviceaccount
        description: Update One Organization Service Account
        call: atlas-service-accounts.updateorgserviceaccount
        with:
          clientId: rest.clientId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/orgs/{orgid}/serviceaccounts/{clientid}/accesslist
      name: api-atlas-v2-orgs-orgid-serviceaccounts-clientid-accesslist
      description: REST surface for api-atlas-v2-orgs-orgId-serviceAccounts-clientId-accessList.
      operations:
      - method: GET
        name: listorgserviceaccountaccesslist
        description: Return All Access List Entries for One Organization Service Account
        call: atlas-service-accounts.listorgserviceaccountaccesslist
        with:
          clientId: rest.clientId
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createorgserviceaccountaccesslist
        description: Add Access List Entries for One Organization Service Account
        call: atlas-service-accounts.createorgserviceaccountaccesslist
        with:
          clientId: rest.clientId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/orgs/{orgid}/serviceaccounts/{clientid}/accesslist/{ipaddress}
      name: api-atlas-v2-orgs-orgid-serviceaccounts-clientid-accesslist-ipaddress
      description: REST surface for api-atlas-v2-orgs-orgId-serviceAccounts-clientId-accessList-ipAddress.
      operations:
      - method: DELETE
        name: deleteorgserviceaccountaccesslistentry
        description: Remove One Access List Entry from One Organization Service Account
        call: atlas-service-accounts.deleteorgserviceaccountaccesslistentry
        with:
          clientId: rest.clientId
          ipAddress: rest.ipAddress
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/orgs/{orgid}/serviceaccounts/{clientid}/groups
      name: api-atlas-v2-orgs-orgid-serviceaccounts-clientid-groups
      description: REST surface for api-atlas-v2-orgs-orgId-serviceAccounts-clientId-groups.
      operations:
      - method: GET
        name: getorgserviceaccountgroups
        description: Return All Service Account Project Assignments
        call: atlas-service-accounts.getorgserviceaccountgroups
        with:
          clientId: rest.clientId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/orgs/{orgid}/serviceaccounts/{clientid}/secrets
      name: api-atlas-v2-orgs-orgid-serviceaccounts-clientid-secrets
      description: REST surface for api-atlas-v2-orgs-orgId-serviceAccounts-clientId-secrets.
      operations:
      - method: POST
        name: createorgserviceaccountsecret
        description: Create One Organization Service Account Secret
        call: atlas-service-accounts.createorgserviceaccountsecret
        with:
          clientId: rest.clientId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/orgs/{orgid}/serviceaccounts/{clientid}/secrets/{secretid}
      name: api-atlas-v2-orgs-orgid-serviceaccounts-clientid-secrets-secretid
      description: REST surface for api-atlas-v2-orgs-orgId-serviceAccounts-clientId-secrets-secretId.
      operations:
      - method: DELETE
        name: deleteorgserviceaccountsecret
        description: Delete One Organization Service Account Secret
        call: atlas-service-accounts.deleteorgserviceaccountsecret
        with:
          clientId: rest.clientId
          secretId: rest.secretId
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: atlas-service-accounts-mcp
    port: 9090
    transport: http
    description: MCP adapter for MongoDB Atlas Administration API — Service Accounts. One tool per consumed operation, routed
      inline through this capability's consumes block.
    tools:
    - name: return-all-project-service-accounts
      description: Return All Project Service Accounts
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: atlas-service-accounts.listgroupserviceaccounts
      outputParameters:
      - type: object
        mapping: $.
    - name: create-one-project-service-account
      description: Create One Project Service Account
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: atlas-service-accounts.creategroupserviceaccount
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: remove-one-project-service-account
      description: Remove One Project Service Account
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: atlas-service-accounts.deletegroupserviceaccount
      with:
        clientId: tools.clientId
      outputParameters:
      - type: object
        mapping: $.
    - name: return-one-project-service-account
      description: Return One Project Service Account
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: atlas-service-accounts.getgroupserviceaccount
      with:
        clientId: tools.clientId
      outputParameters:
      - type: object
        mapping: $.
    - name: update-one-project-service-account
      description: Update One Project Service Account
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: atlas-service-accounts.updategroupserviceaccount
      with:
        clientId: tools.clientId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: return-all-access-list-entries
      description: Return All Access List Entries for One Project Service Account
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: atlas-service-accounts.listgroupserviceaccountaccesslist
      with:
        clientId: tools.clientId
      outputParameters:
      - type: object
        mapping: $.
    - name: add-access-list-entries-one
      description: Add Access List Entries for One Project Service Account
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: atlas-service-accounts.creategroupserviceaccountaccesslist
      with:
        clientId: tools.clientId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: remove-one-access-list-entry
      description: Remove One Access List Entry from One Project Service Account
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: atlas-service-accounts.deletegroupserviceaccountaccesslistentry
      with:
        clientId: tools.clientId
        ipAddress: tools.ipAddress
      outputParameters:
      - type: object
        mapping: $.
    - name: create-one-project-service-account-2
      description: Create One Project Service Account Secret
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: atlas-service-accounts.creategroupserviceaccountsecret
      with:
        clientId: tools.clientId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: delete-one-project-service-account
      description: Delete One Project Service Account Secret
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: atlas-service-accounts.deletegroupserviceaccountsecret
      with:
        clientId: tools.clientId
        secretId: tools.secretId
      outputParameters:
      - type: object
        mapping: $.
    - name: assign-one-service-account-one
      description: Assign One Service Account to One Project
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: atlas-service-accounts.invitegroupserviceaccount
      with:
        clientId: tools.clientId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: return-all-organization-service-accounts
      description: Return All Organization Service Accounts
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: atlas-service-accounts.listorgserviceaccounts
      outputParameters:
      - type: object
        mapping: $.
    - name: create-one-organization-service-account
      description: Create One Organization Service Account
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: atlas-service-accounts.createorgserviceaccount
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: delete-one-organization-service-account
      description: Delete One Organization Service Account
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: atlas-service-accounts.deleteorgserviceaccount
      with:
        clientId: tools.clientId
      outputParameters:
      - type: object
        mapping: $.
    - name: return-one-organization-service-account
      description: Return One Organization Service Account
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: atlas-service-accounts.getorgserviceaccount
      with:
        clientId: tools.clientId
      outputParameters:
      - type: object
        mapping: $.
    - name: update-one-organization-service-account
      description: Update One Organization Service Account
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: atlas-service-accounts.updateorgserviceaccount
      with:
        clientId: tools.clientId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: return-all-access-list-entries-2
      description: Return All Access List Entries for One Organization Service Account
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: atlas-service-accounts.listorgserviceaccountaccesslist
      with:
        clientId: tools.clientId
      outputParameters:
      - type: object
        mapping: $.
    - name: add-access-list-entries-one-2
      description: Add Access List Entries for One Organization Service Account
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: atlas-service-accounts.createorgserviceaccountaccesslist
      with:
        clientId: tools.clientId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: remove-one-access-list-entry-2
      description: Remove One Access List Entry from One Organization Service Account
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: atlas-service-accounts.deleteorgserviceaccountaccesslistentry
      with:
        clientId: tools.clientId
        ipAddress: tools.ipAddress
      outputParameters:
      - type: object
        mapping: $.
    - name: 

# --- truncated at 32 KB (33 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/mongodb/refs/heads/main/capabilities/atlas-service-accounts.yaml