To get authenticated to use the Dynatrace API, you need a valid API token. Access to the API is fine-grained, meaning that you also need the proper permissions assigned to the token. See the description of each request to find out which permissions are required to use it.
Generate a token
To generate an API token
- Select Settings in the navigation menu.
- Go to Integration > Dynatrace API.
- Select Generate token.
- Enter a name for your token.
- Select the required permissions for the token.
- Select Generate.
You can assign multiple permissions to a single token, or you can generate several tokens, each with different access levels and use them accordingly—check your organization's security policies for the best practice.
Alternatively you can use the POST a new token API call to generate a token.
Dynatrace doesn't enforce unique token names. You can create multiple tokens with the same name. Be sure to provide a meaningful name for each token you generate. Proper token naming helps you to efficiently manage your tokens and perhaps delete them when they're no longer needed.
You can authenticate by attaching the token to the Authorization HTTP header preceding the Api-Token realm.
--header 'Authorization: Api-Token abcdefjhij1234567890'
The following example shows authentication via HTTP header.
curl --request GET \ --url https://mySampleEnv.live.dynatrace.com/api/v1/config/clusterversion \ --header 'Authorization: Api-Token abcdefjhij1234567890' \
You can authenticate by adding the token as the value of the api-token query parameter.
curl --request GET \ --url 'https://mySampleEnv.live.dynatrace.com/api/v1/config/clusterversion?api-token=abcdefjhij1234567890' \
Dynatrace provides the following permissions for API tokens. You can set them in the UI, as described above, or via Tokens API. Some scopes are only available via API.
|Access problems and event feed, metrics, and topology||
||Allows to use various calls of Environment API.|
|ActiveGate certificate management||
||Allows to configure certificate on private ActiveGates.|
|Anonymize user sessions for data privacy reasons||
||Allows to use Anonymization API|
|AppMon integration for hybrid deployments||
||Allows to import monitoring data from AppMon.|
|Capture request data||
||Allows to create, edit, and delete request attributes via Request attributes API|
|Change data privacy settings||
||Allows to use Data privacy API and data privacy calls of Web application configuration API|
|Create and read synthetic monitors, locations, and nodes||
||Allows to use Synthetic API.|
|Create support alerts||
||Allows to create support alerts for crush analysis.
Part of PaaS token.
|Davis Assistant integration||
||Integration with Davis.|
|Download OneAgent and ActiveGate installers||
||Allows to download installers via Deployment API.
Part of PaaS token.
|Dynatrace NAM integration||
||Integration with NAM.|
|Import data and events from external sources||
||Allows to import data and events from external sources.|
||Allows to push data stream for storing without using OneAgent.|
|Mobile symbolication file management||
||Allows to use Mobile Symbolication API.|
|Read audit logs||
||Grants access to the audit log.|
||Allows to perform GET calls of the Configuration API.|
|Read log content||
||Allows to use Log Monitoring API.|
|Read synthetic monitors, locations, and nodes||
||Allows to perform GET requests of the Synthetic API.|
|REST request forwarding||
||Allows to fetch data from remote Dynatrace environments for multi-environment dashboarding.|
||Allows to create and delete tokens as well as view their metadata via Tokens API.|
||Allows to use User sessions API|
||Allows to perform POST, PUT, and DELETE calls of the Configuration API.|
|Upload plugins using the command line||
||Allows to upload OneAgent extensions via command line tool.|