From 676ca276dc34a99d8a2990b20a702a16b997e4da Mon Sep 17 00:00:00 2001
From: Bianca Lisle <bianca.vianadeaguiar@mongodb.com>
Date: Fri, 19 Sep 2025 13:45:09 +0100
Subject: [PATCH 1/2] chore: validate apiBaseUrl

---
 src/server.ts | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/server.ts b/src/server.ts
index 2e6ac2c46..c72638443 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -239,6 +239,13 @@ export class Server {
         // Validate API client credentials
         if (this.userConfig.apiClientId && this.userConfig.apiClientSecret) {
             try {
+                if (!this.userConfig.apiBaseUrl.startsWith("https://")) {
+                    const message =
+                        "Failed to validate MongoDB Atlas the credentials from the config: API URL must be HTTPS";
+                    console.error(message);
+                    throw new Error(message);
+                }
+
                 await this.session.apiClient.validateAccessToken();
             } catch (error) {
                 if (this.userConfig.connectionString === undefined) {

From acf048c0ccd89a9a16ff61db4fb4bfc466610431 Mon Sep 17 00:00:00 2001
From: Bianca Lisle <bianca.vianadeaguiar@mongodb.com>
Date: Fri, 19 Sep 2025 14:28:05 +0100
Subject: [PATCH 2/2] address comment

---
 src/server.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/server.ts b/src/server.ts
index c72638443..7d4a10b16 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -241,7 +241,7 @@ export class Server {
             try {
                 if (!this.userConfig.apiBaseUrl.startsWith("https://")) {
                     const message =
-                        "Failed to validate MongoDB Atlas the credentials from the config: API URL must be HTTPS";
+                        "Failed to validate MongoDB Atlas the credentials from config: apiBaseUrl must start with https://";
                     console.error(message);
                     throw new Error(message);
                 }