naftiko: 1.0.0-alpha2 info: label: MongoDB Atlas Administration API — Service Accounts description: 'MongoDB Atlas Administration API — Service Accounts. 22 operations. Lead operation: Return All Project Service Accounts. Self-contained Naftiko capability covering one Mongodb business surface.' tags: - Mongodb - Service Accounts created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: MONGODB_API_KEY: MONGODB_API_KEY capability: consumes: - type: http namespace: atlas-service-accounts baseUri: https://cloud.mongodb.com description: MongoDB Atlas Administration API — Service Accounts business capability. Self-contained, no shared references. resources: - name: api-atlas-v2-groups-groupId-serviceAccounts path: /api/atlas/v2/groups/{groupId}/serviceAccounts operations: - name: listgroupserviceaccounts method: GET description: Return All Project Service Accounts outputRawFormat: json outputParameters: - name: result type: object value: $. - name: creategroupserviceaccount method: POST description: Create One Project Service Account outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-atlas-v2-groups-groupId-serviceAccounts-clientId path: /api/atlas/v2/groups/{groupId}/serviceAccounts/{clientId} operations: - name: deletegroupserviceaccount method: DELETE description: Remove One Project Service Account outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clientId in: path type: string description: The Client ID of the Service Account. required: true - name: getgroupserviceaccount method: GET description: Return One Project Service Account outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clientId in: path type: string description: The Client ID of the Service Account. required: true - name: updategroupserviceaccount method: PATCH description: Update One Project Service Account outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clientId in: path type: string description: The Client ID of the Service Account. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: api-atlas-v2-groups-groupId-serviceAccounts-clientId-accessList path: /api/atlas/v2/groups/{groupId}/serviceAccounts/{clientId}/accessList operations: - name: listgroupserviceaccountaccesslist method: GET description: Return All Access List Entries for One Project Service Account outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clientId in: path type: string description: The Client ID of the Service Account. required: true - name: creategroupserviceaccountaccesslist method: POST description: Add Access List Entries for One Project Service Account outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clientId in: path type: string description: The Client ID of the Service Account. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: api-atlas-v2-groups-groupId-serviceAccounts-clientId-accessList-ipAddress path: /api/atlas/v2/groups/{groupId}/serviceAccounts/{clientId}/accessList/{ipAddress} operations: - name: deletegroupserviceaccountaccesslistentry method: DELETE description: Remove One Access List Entry from One Project Service Account outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clientId in: path type: string description: The Client ID of the Service Account. required: true - name: ipAddress in: path type: string description: One IP address or multiple IP addresses represented as one CIDR block. When specifying a CIDR block with a subnet mask, such as 192.0.2.0/24, use the URL-encode required: true - name: api-atlas-v2-groups-groupId-serviceAccounts-clientId-secrets path: /api/atlas/v2/groups/{groupId}/serviceAccounts/{clientId}/secrets operations: - name: creategroupserviceaccountsecret method: POST description: Create One Project Service Account Secret outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clientId in: path type: string description: The Client ID of the Service Account. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: api-atlas-v2-groups-groupId-serviceAccounts-clientId-secrets-secretId path: /api/atlas/v2/groups/{groupId}/serviceAccounts/{clientId}/secrets/{secretId} operations: - name: deletegroupserviceaccountsecret method: DELETE description: Delete One Project Service Account Secret outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clientId in: path type: string description: The Client ID of the Service Account. required: true - name: secretId in: path type: string description: Unique 24-hexadecimal digit string that identifies the secret. required: true - name: api-atlas-v2-groups-groupId-serviceAccounts-clientId}:invite path: /api/atlas/v2/groups/{groupId}/serviceAccounts/{clientId}:invite operations: - name: invitegroupserviceaccount method: POST description: Assign One Service Account to One Project outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clientId in: path type: string description: The Client ID of the Service Account. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: api-atlas-v2-orgs-orgId-serviceAccounts path: /api/atlas/v2/orgs/{orgId}/serviceAccounts operations: - name: listorgserviceaccounts method: GET description: Return All Organization Service Accounts outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createorgserviceaccount method: POST description: Create One Organization Service Account outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-atlas-v2-orgs-orgId-serviceAccounts-clientId path: /api/atlas/v2/orgs/{orgId}/serviceAccounts/{clientId} operations: - name: deleteorgserviceaccount method: DELETE description: Delete One Organization Service Account outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clientId in: path type: string description: The Client ID of the Service Account. required: true - name: getorgserviceaccount method: GET description: Return One Organization Service Account outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clientId in: path type: string description: The Client ID of the Service Account. required: true - name: updateorgserviceaccount method: PATCH description: Update One Organization Service Account outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clientId in: path type: string description: The Client ID of the Service Account. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: api-atlas-v2-orgs-orgId-serviceAccounts-clientId-accessList path: /api/atlas/v2/orgs/{orgId}/serviceAccounts/{clientId}/accessList operations: - name: listorgserviceaccountaccesslist method: GET description: Return All Access List Entries for One Organization Service Account outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clientId in: path type: string description: The Client ID of the Service Account. required: true - name: createorgserviceaccountaccesslist method: POST description: Add Access List Entries for One Organization Service Account outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clientId in: path type: string description: The Client ID of the Service Account. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: api-atlas-v2-orgs-orgId-serviceAccounts-clientId-accessList-ipAddress path: /api/atlas/v2/orgs/{orgId}/serviceAccounts/{clientId}/accessList/{ipAddress} operations: - name: deleteorgserviceaccountaccesslistentry method: DELETE description: Remove One Access List Entry from One Organization Service Account outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clientId in: path type: string description: The Client ID of the Service Account. required: true - name: ipAddress in: path type: string description: One IP address or multiple IP addresses represented as one CIDR block. When specifying a CIDR block with a subnet mask, such as 192.0.2.0/24, use the URL-encode required: true - name: api-atlas-v2-orgs-orgId-serviceAccounts-clientId-groups path: /api/atlas/v2/orgs/{orgId}/serviceAccounts/{clientId}/groups operations: - name: getorgserviceaccountgroups method: GET description: Return All Service Account Project Assignments outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clientId in: path type: string description: The Client ID of the Service Account. required: true - name: api-atlas-v2-orgs-orgId-serviceAccounts-clientId-secrets path: /api/atlas/v2/orgs/{orgId}/serviceAccounts/{clientId}/secrets operations: - name: createorgserviceaccountsecret method: POST description: Create One Organization Service Account Secret outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clientId in: path type: string description: The Client ID of the Service Account. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: api-atlas-v2-orgs-orgId-serviceAccounts-clientId-secrets-secretId path: /api/atlas/v2/orgs/{orgId}/serviceAccounts/{clientId}/secrets/{secretId} operations: - name: deleteorgserviceaccountsecret method: DELETE description: Delete One Organization Service Account Secret outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clientId in: path type: string description: The Client ID of the Service Account. required: true - name: secretId in: path type: string description: Unique 24-hexadecimal digit string that identifies the secret. required: true authentication: type: bearer token: '{{env.MONGODB_API_KEY}}' exposes: - type: rest namespace: atlas-service-accounts-rest port: 8080 description: REST adapter for MongoDB Atlas Administration API — Service Accounts. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/atlas/v2/groups/{groupid}/serviceaccounts name: api-atlas-v2-groups-groupid-serviceaccounts description: REST surface for api-atlas-v2-groups-groupId-serviceAccounts. operations: - method: GET name: listgroupserviceaccounts description: Return All Project Service Accounts call: atlas-service-accounts.listgroupserviceaccounts outputParameters: - type: object mapping: $. - method: POST name: creategroupserviceaccount description: Create One Project Service Account call: atlas-service-accounts.creategroupserviceaccount with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/atlas/v2/groups/{groupid}/serviceaccounts/{clientid} name: api-atlas-v2-groups-groupid-serviceaccounts-clientid description: REST surface for api-atlas-v2-groups-groupId-serviceAccounts-clientId. operations: - method: DELETE name: deletegroupserviceaccount description: Remove One Project Service Account call: atlas-service-accounts.deletegroupserviceaccount with: clientId: rest.clientId outputParameters: - type: object mapping: $. - method: GET name: getgroupserviceaccount description: Return One Project Service Account call: atlas-service-accounts.getgroupserviceaccount with: clientId: rest.clientId outputParameters: - type: object mapping: $. - method: PATCH name: updategroupserviceaccount description: Update One Project Service Account call: atlas-service-accounts.updategroupserviceaccount with: clientId: rest.clientId body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/atlas/v2/groups/{groupid}/serviceaccounts/{clientid}/accesslist name: api-atlas-v2-groups-groupid-serviceaccounts-clientid-accesslist description: REST surface for api-atlas-v2-groups-groupId-serviceAccounts-clientId-accessList. operations: - method: GET name: listgroupserviceaccountaccesslist description: Return All Access List Entries for One Project Service Account call: atlas-service-accounts.listgroupserviceaccountaccesslist with: clientId: rest.clientId outputParameters: - type: object mapping: $. - method: POST name: creategroupserviceaccountaccesslist description: Add Access List Entries for One Project Service Account call: atlas-service-accounts.creategroupserviceaccountaccesslist with: clientId: rest.clientId body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/atlas/v2/groups/{groupid}/serviceaccounts/{clientid}/accesslist/{ipaddress} name: api-atlas-v2-groups-groupid-serviceaccounts-clientid-accesslist-ipaddress description: REST surface for api-atlas-v2-groups-groupId-serviceAccounts-clientId-accessList-ipAddress. operations: - method: DELETE name: deletegroupserviceaccountaccesslistentry description: Remove One Access List Entry from One Project Service Account call: atlas-service-accounts.deletegroupserviceaccountaccesslistentry with: clientId: rest.clientId ipAddress: rest.ipAddress outputParameters: - type: object mapping: $. - path: /v1/api/atlas/v2/groups/{groupid}/serviceaccounts/{clientid}/secrets name: api-atlas-v2-groups-groupid-serviceaccounts-clientid-secrets description: REST surface for api-atlas-v2-groups-groupId-serviceAccounts-clientId-secrets. operations: - method: POST name: creategroupserviceaccountsecret description: Create One Project Service Account Secret call: atlas-service-accounts.creategroupserviceaccountsecret with: clientId: rest.clientId body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/atlas/v2/groups/{groupid}/serviceaccounts/{clientid}/secrets/{secretid} name: api-atlas-v2-groups-groupid-serviceaccounts-clientid-secrets-secretid description: REST surface for api-atlas-v2-groups-groupId-serviceAccounts-clientId-secrets-secretId. operations: - method: DELETE name: deletegroupserviceaccountsecret description: Delete One Project Service Account Secret call: atlas-service-accounts.deletegroupserviceaccountsecret with: clientId: rest.clientId secretId: rest.secretId outputParameters: - type: object mapping: $. - path: /v1/api/atlas/v2/groups/{groupid}/serviceaccounts/clientid-invite name: api-atlas-v2-groups-groupid-serviceaccounts-clientid-invite description: REST surface for api-atlas-v2-groups-groupId-serviceAccounts-clientId}:invite. operations: - method: POST name: invitegroupserviceaccount description: Assign One Service Account to One Project call: atlas-service-accounts.invitegroupserviceaccount with: clientId: rest.clientId body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/atlas/v2/orgs/{orgid}/serviceaccounts name: api-atlas-v2-orgs-orgid-serviceaccounts description: REST surface for api-atlas-v2-orgs-orgId-serviceAccounts. operations: - method: GET name: listorgserviceaccounts description: Return All Organization Service Accounts call: atlas-service-accounts.listorgserviceaccounts outputParameters: - type: object mapping: $. - method: POST name: createorgserviceaccount description: Create One Organization Service Account call: atlas-service-accounts.createorgserviceaccount with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/atlas/v2/orgs/{orgid}/serviceaccounts/{clientid} name: api-atlas-v2-orgs-orgid-serviceaccounts-clientid description: REST surface for api-atlas-v2-orgs-orgId-serviceAccounts-clientId. operations: - method: DELETE name: deleteorgserviceaccount description: Delete One Organization Service Account call: atlas-service-accounts.deleteorgserviceaccount with: clientId: rest.clientId outputParameters: - type: object mapping: $. - method: GET name: getorgserviceaccount description: Return One Organization Service Account call: atlas-service-accounts.getorgserviceaccount with: clientId: rest.clientId outputParameters: - type: object mapping: $. - method: PATCH name: updateorgserviceaccount description: Update One Organization Service Account call: atlas-service-accounts.updateorgserviceaccount with: clientId: rest.clientId body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/atlas/v2/orgs/{orgid}/serviceaccounts/{clientid}/accesslist name: api-atlas-v2-orgs-orgid-serviceaccounts-clientid-accesslist description: REST surface for api-atlas-v2-orgs-orgId-serviceAccounts-clientId-accessList. operations: - method: GET name: listorgserviceaccountaccesslist description: Return All Access List Entries for One Organization Service Account call: atlas-service-accounts.listorgserviceaccountaccesslist with: clientId: rest.clientId outputParameters: - type: object mapping: $. - method: POST name: createorgserviceaccountaccesslist description: Add Access List Entries for One Organization Service Account call: atlas-service-accounts.createorgserviceaccountaccesslist with: clientId: rest.clientId body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/atlas/v2/orgs/{orgid}/serviceaccounts/{clientid}/accesslist/{ipaddress} name: api-atlas-v2-orgs-orgid-serviceaccounts-clientid-accesslist-ipaddress description: REST surface for api-atlas-v2-orgs-orgId-serviceAccounts-clientId-accessList-ipAddress. operations: - method: DELETE name: deleteorgserviceaccountaccesslistentry description: Remove One Access List Entry from One Organization Service Account call: atlas-service-accounts.deleteorgserviceaccountaccesslistentry with: clientId: rest.clientId ipAddress: rest.ipAddress outputParameters: - type: object mapping: $. - path: /v1/api/atlas/v2/orgs/{orgid}/serviceaccounts/{clientid}/groups name: api-atlas-v2-orgs-orgid-serviceaccounts-clientid-groups description: REST surface for api-atlas-v2-orgs-orgId-serviceAccounts-clientId-groups. operations: - method: GET name: getorgserviceaccountgroups description: Return All Service Account Project Assignments call: atlas-service-accounts.getorgserviceaccountgroups with: clientId: rest.clientId outputParameters: - type: object mapping: $. - path: /v1/api/atlas/v2/orgs/{orgid}/serviceaccounts/{clientid}/secrets name: api-atlas-v2-orgs-orgid-serviceaccounts-clientid-secrets description: REST surface for api-atlas-v2-orgs-orgId-serviceAccounts-clientId-secrets. operations: - method: POST name: createorgserviceaccountsecret description: Create One Organization Service Account Secret call: atlas-service-accounts.createorgserviceaccountsecret with: clientId: rest.clientId body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/atlas/v2/orgs/{orgid}/serviceaccounts/{clientid}/secrets/{secretid} name: api-atlas-v2-orgs-orgid-serviceaccounts-clientid-secrets-secretid description: REST surface for api-atlas-v2-orgs-orgId-serviceAccounts-clientId-secrets-secretId. operations: - method: DELETE name: deleteorgserviceaccountsecret description: Delete One Organization Service Account Secret call: atlas-service-accounts.deleteorgserviceaccountsecret with: clientId: rest.clientId secretId: rest.secretId outputParameters: - type: object mapping: $. - type: mcp namespace: atlas-service-accounts-mcp port: 9090 transport: http description: MCP adapter for MongoDB Atlas Administration API — Service Accounts. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: return-all-project-service-accounts description: Return All Project Service Accounts hints: readOnly: true destructive: false idempotent: true call: atlas-service-accounts.listgroupserviceaccounts outputParameters: - type: object mapping: $. - name: create-one-project-service-account description: Create One Project Service Account hints: readOnly: false destructive: false idempotent: false call: atlas-service-accounts.creategroupserviceaccount with: body: tools.body outputParameters: - type: object mapping: $. - name: remove-one-project-service-account description: Remove One Project Service Account hints: readOnly: false destructive: true idempotent: true call: atlas-service-accounts.deletegroupserviceaccount with: clientId: tools.clientId outputParameters: - type: object mapping: $. - name: return-one-project-service-account description: Return One Project Service Account hints: readOnly: true destructive: false idempotent: true call: atlas-service-accounts.getgroupserviceaccount with: clientId: tools.clientId outputParameters: - type: object mapping: $. - name: update-one-project-service-account description: Update One Project Service Account hints: readOnly: false destructive: false idempotent: true call: atlas-service-accounts.updategroupserviceaccount with: clientId: tools.clientId body: tools.body outputParameters: - type: object mapping: $. - name: return-all-access-list-entries description: Return All Access List Entries for One Project Service Account hints: readOnly: true destructive: false idempotent: true call: atlas-service-accounts.listgroupserviceaccountaccesslist with: clientId: tools.clientId outputParameters: - type: object mapping: $. - name: add-access-list-entries-one description: Add Access List Entries for One Project Service Account hints: readOnly: true destructive: false idempotent: false call: atlas-service-accounts.creategroupserviceaccountaccesslist with: clientId: tools.clientId body: tools.body outputParameters: - type: object mapping: $. - name: remove-one-access-list-entry description: Remove One Access List Entry from One Project Service Account hints: readOnly: false destructive: true idempotent: true call: atlas-service-accounts.deletegroupserviceaccountaccesslistentry with: clientId: tools.clientId ipAddress: tools.ipAddress outputParameters: - type: object mapping: $. - name: create-one-project-service-account-2 description: Create One Project Service Account Secret hints: readOnly: false destructive: false idempotent: false call: atlas-service-accounts.creategroupserviceaccountsecret with: clientId: tools.clientId body: tools.body outputParameters: - type: object mapping: $. - name: delete-one-project-service-account description: Delete One Project Service Account Secret hints: readOnly: false destructive: true idempotent: true call: atlas-service-accounts.deletegroupserviceaccountsecret with: clientId: tools.clientId secretId: tools.secretId outputParameters: - type: object mapping: $. - name: assign-one-service-account-one description: Assign One Service Account to One Project hints: readOnly: false destructive: false idempotent: false call: atlas-service-accounts.invitegroupserviceaccount with: clientId: tools.clientId body: tools.body outputParameters: - type: object mapping: $. - name: return-all-organization-service-accounts description: Return All Organization Service Accounts hints: readOnly: true destructive: false idempotent: true call: atlas-service-accounts.listorgserviceaccounts outputParameters: - type: object mapping: $. - name: create-one-organization-service-account description: Create One Organization Service Account hints: readOnly: false destructive: false idempotent: false call: atlas-service-accounts.createorgserviceaccount with: body: tools.body outputParameters: - type: object mapping: $. - name: delete-one-organization-service-account description: Delete One Organization Service Account hints: readOnly: false destructive: true idempotent: true call: atlas-service-accounts.deleteorgserviceaccount with: clientId: tools.clientId outputParameters: - type: object mapping: $. - name: return-one-organization-service-account description: Return One Organization Service Account hints: readOnly: true destructive: false idempotent: true call: atlas-service-accounts.getorgserviceaccount with: clientId: tools.clientId outputParameters: - type: object mapping: $. - name: update-one-organization-service-account description: Update One Organization Service Account hints: readOnly: false destructive: false idempotent: true call: atlas-service-accounts.updateorgserviceaccount with: clientId: tools.clientId body: tools.body outputParameters: - type: object mapping: $. - name: return-all-access-list-entries-2 description: Return All Access List Entries for One Organization Service Account hints: readOnly: true destructive: false idempotent: true call: atlas-service-accounts.listorgserviceaccountaccesslist with: clientId: tools.clientId outputParameters: - type: object mapping: $. - name: add-access-list-entries-one-2 description: Add Access List Entries for One Organization Service Account hints: readOnly: true destructive: false idempotent: false call: atlas-service-accounts.createorgserviceaccountaccesslist with: clientId: tools.clientId body: tools.body outputParameters: - type: object mapping: $. - name: remove-one-access-list-entry-2 description: Remove One Access List Entry from One Organization Service Account hints: readOnly: false destructive: true idempotent: true call: atlas-service-accounts.deleteorgserviceaccountaccesslistentry with: clientId: tools.clientId ipAddress: tools.ipAddress outputParameters: - type: object mapping: $. - name: return-all-service-account-project description: Return All Service Account Project Assignments hints: readOnly: true destructive: false idempotent: true call: atlas-service-accounts.getorgserviceaccountgroups with: clientId: tools.clientId outputParameters: - type: object mapping: $. - name: create-one-organization-service-account-2 description: Create One Organization Service Account Secret hints: readOnly: false destructive: false idempotent: false call: atlas-service-accounts.createorgserviceaccountsecret with: clientId: tools.clientId body: tools.body outputParameters: - type: object mapping: $. - name: delete-one-organization-service-account-2 description: Delete One Organization Service Account Secret hints: readOnly: false destructive: true idempotent: true call: atlas-service-accounts.deleteorgserviceaccountsecret with: clientId: tools.clientId secretId: tools.secretId outputParameters: - type: object mapping: $.