Realm API Keys

In order for the Cosync Portal to be able to configure a MongoDB Realm Application for the Cosync Storage or CosyncJWT services automatically, the developer must first setup a set of programmatic API keys for either the organization or the project that the MongoDB Realm Application belongs to. Programmatic API keys are explained in the MongoDB Documentation.

The topology of MongoDB Atlas organizes everything under an organization that is associated with a developer account. An organization can contain a number of projects that in turn can contain a number of Atlas Clusters and/or MongoDB Realm Applications associated with them. Programmatic keys enable an outside program (like the Cosync Portal) to call into MongoDB and configure a MongoDB Realm Application through the Realm Administration API.

A programmatic key has both a public key and a private key associated with it. The developer must save the private key at the time a programmatic key is defined because it is not retrievable after the fact. The developer is responsible for safe guarding this private key; the Cosync Portal will use the public/private key pair to configure a MongoDB Realm Application but never save this pair to its data-base.

Creating a programmatic key is easy. First, from the MongoDB Realm Portal, the developer should select Access Manager from the top menu. In our example, the developer should create programmatic key that is specific to the project, so should select Project Access from the menu. Organization keys have the added advantages of working across projects for the entire developer account, they do however pose a greater security threat, should they be leaked out. Best practices would suggest that keys should be limited to the project per se, not the organization in general.


Second, the developer should select the API Keys tab and select Create API Key.


Third, before the developer can create the programmatic key, he/she must make sure that Project Owner is selected under Project Permissions. The developer should also copy the Public Key to a separate file for safekeeping.


Fourth, after the private key is created, the developer should save it away for safekeeping. It is not retrievable after this point.


At this juncture, the developer has created a programmatic key for the Cosync Portal to configure the MongoDB Realm Application programmatically for the Cosync Storage or CosyncJWT services. NOTE: the developer must save both the public and private keys in a separate file for the configuration process. These keys are effectively API passwords to the MongoDB Realm account, so should be guarded with the same level of scrutiny as an admin password. Our suggestion would be to save them to an encrypted USB key fab for safekeeping.