Tenant tokens API - POST cancel rotation

Cancels the rotation of the tenant token. The new token is discarded and the old token remains valid. If you configured any OneAgents and ActiveGates to use the new token, you must restore the old configuration.

The request produces an application/json payload.

  • Managed https://{your-domain}/e/{your-environment-id}/api/v2/tenantTokenRotation/cancel
  • SaaS https://{your-environment-id}.live.dynatrace.com/api/v2/tenantTokenRotation/cancel
  • Environment ActiveGate https://{your-activegate-domain}/e/{your-environment-id}/api/v2/tenantTokenRotation/cancel


To execute this request, you need the Tenant token rotation (tenantTokenRotation.write) permission assigned to your API token. To learn how to obtain and use it, see Tokens and authentication.


The request doesn't provide any configurable parameters.


Response codes

Code Description

Success. Rotation process has been cancelled. The current tenant token remains valid.


Failed. There is no ongoing rotation process.

Response body

The TenantTokenConfig object

Configuration of a tenant token.

Element Type Description
active TenantToken
old TenantToken

The TenantToken object

Tenant token

Element Type Description
value string

The secret of the tenant token.


In this example, the request cancels the rotation process started in start request example.

The response code of 200 indicates a successful request. The old token 1234567890qrstuvwxyz remains valid; the new token is discarded.

The API token is passed in the Authorization header.


curl -X POST \
  https://mySampleEnv.live.dynatrace.com/api/v2/tenantTokenRotation/finish \
  -H 'Authorization: Api-Token dt0c01.abc123.abcdefjhij1234567890' \  
  -H 'Accept: application/json'

Response body

  "active": {
    "value": "1234567890qrstuvwxyz"
  "old": {
    "value": null

Response code