IBM Cloud Docs
Connecting an external application

Connecting an external application

Your applications and drivers use connection strings to make a connection to IBM Cloud® Databases for MongoDB. Each deployment has connection strings specifically for drivers and applications. Connection strings are displayed in the Endpoints panel of your deployment's Overview, and can also be retrieved from the Cloud Databases CLI plug-in and the Cloud Databases API.

The connection strings can be used by any of the users you create in your deployment. While you can use the admin user for all of your connections and applications, it might be better to create users specifically for your applications to connect with. For more information, see Creating Users and Getting Connection Strings.

When connecting an external application, use only drivers that are supported by MongoDB or MongoDB's Featured Community-Supported Libraries. Cloud Databases does not support any drivers that are not supported by MongoDB.

Using Connection Information

All the information a driver needs to make a connection to your deployment is in the "MongoDB" section of your connection strings. The table contains a breakdown for reference.

Table 1. mongodb/URI connection information
Field Name Index Description
Type Type of connection - for MongoDB, it is "URI"
Scheme Scheme for a URI - for MongoDB, it is "mongodb"
Path Path for a URI - for MongoDB, it is the database name. When provisioning a MongoDB instance for the first time, the default database for the user to connect to is admin.
Authentication Username The username that you use to connect.
Authentication Password A password for the user - might be shown as $PASSWORD
Authentication Method How authentication takes place; "direct" authentication is handled by the driver. Mongo 3.6 uses SCRAM SHA 1, whereas Mongo 4.2 uses SHA 256
Hosts 0... A hostname and port to connect to
Composed 0... A URI combining Scheme, Authentication, Host, Path, and Replica Set name.
Certificate Name The allocated name for the self-signed certificate for database deployment
Certificate Base64 A base64 encoded version of the certificate.
  • 0... indicates that there might be one or more of these entries in an array.

Many MongoDB drivers are able to connect to your deployment when given the URI-formatted connection string found in the "composed" field of the connection information. For example,

mongodb://admin:$PASSWORD@d5eeee66-5bc4-498a-b73b-1307848f1eac.8f7bfd8f3faa4218aec56e069eb46187.databases.appdomain.cloud:30484/<database name>?authSource=admin&replicaSet=replset

The replicaSet query parameter contains the replica set name for your deployment. It is probably replset. Some drivers and applications need it passed in separately.

The following example uses the information from your connection string and the MongoDB Java Driver to connect to your database.

public class MongodbConnect {
    private static Logger log = LoggerFactory.getLogger(LoggerFactory.class);

    public static void main(String[] args) {

        System.setProperty("javax.net.ssl.trustStore", "path/to/keystore");
        System.setProperty("javax.net.ssl.trustStorePassword", "store_password");

        // make sure you append ssl=true to the connection URI
        final String mongoURI = "mongodb://user:password@host:port,host:port/?authSource=admin&replicaSet=replset&ssl=true";

        MongoClient mongoClient = MongoClients.create(mongoURI);
        boolean testDB = false;
        
        // this loop will continue attempting to connect to the database until the admin database is found
        while (!testDB) {
            try {
                // check if you can connect to the database by checking for
                // the presence of the admin database. If the admin databases isn't found
                // then you're not connected.
                MongoIterable<String> databases = mongoClient.listDatabaseNames();
                for (String name: databases) {
                    if (name.contains("admin")) {
                        System.out.println("admin found...");
                        testDB = true;
                    }
                }
            } catch (Exception e) {
                log.info(e.getMessage());
            }
        }

        // close connection
        mongoClient.close();

    }
}

This next example uses information from your connection string and the Python driver pymongo to connect to your database. This is just a simple connection example, without error handling or retry logic and may not be suitable for production.

import pymongo
from pymongo import MongoClient
from pymongo.errors import ConnectionFailure


client = MongoClient(
    "mongodb://admin:$PASSWORD@host.databases.appdomain.cloud:30484/<database name>?authSource=adminreplicaSet=replset",
    ssl=True,
    ssl_ca_certs="/path/to/cert/ca-certificate.crt"
)

try:
    db_list = client.list_database_names()
    print("List of databases:")
    print(db_list)

except ConnectionFailure as err:
    print("Unable to connect to database")

This final example uses the MongoDB Node.js driver

const MongoClient = require("mongodb").MongoClient;

let connectionString = "mongodb://<username>:<password>@<host>:<port>,<host>:<port>/<database>?authSource=admin&replicaSet=replset";

let options = {
    tls: true,
    tlsCAFile: `/path/to/cert`,
    useUnifiedTopology: true 
};

// connects to a MongoDB database
MongoClient.connect(connectionString, options, function (err, db) {
    if (err) {
        console.log(err);
    } else {
       // lists the databases that exist in the deployment
        db.db('example').admin().listDatabases(function(err, dbs) {
            console.log(dbs.databases);
            db.close();
        });
    }
});

Driver TLS and self-signed certificate support

All connections to Databases for MongoDB are TLS 1.2 enabled, so the driver you use to connect needs to be able to support encryption.

The following cipher suites are supported by Databases for MongoDB Enterprise Edition:

  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-CHACHA20-POLY1305
  • ECDHE-RSA-CHACHA20-POLY1305
  • DHE-RSA-AES128-GCM-SHA256
  • DHE-RSA-AES256-GCM-SHA384

Your deployment also comes with a self-signed certificate so the driver can verify the server upon connection.

For more information, see Cloud Databases Certificates FAQ.

Using the self-signed certificate

  1. Copy the certificate information from the Endpoints panel or the Base64 field of the connection information.
  2. If needed, decode the Base64 string into text.
  3. Save the certificate to a file. (You can use the Name that is provided or your own file name). *
  4. Provide the path to the certificate to the driver or client.

*For MacOS, ensure sure you have the certificate imported into your trust store, and mark the certificate as trust always.

CLI plug-in support for the self-signed certificate

You can display the decoded certificate for your deployment with the CLI plug-in with the command ibmcloud cdb deployment-cacert "your-service-name". It decodes the base64 into text. Copy and save the command's output to a file and provide the file's path to the driver.

Other Language Drivers

MongoDB has a vast array of language drivers. The table covers a few of the most common. If you're looking for more languages, try the MongoDB.org Driver List.