Tenant tokens API - POST start rotation

Initiates the rotation of the tenant token. The request creates a new tenant token that you must add to the configuration of your OneAgents and ActiveGates. For a full description of the rotation process, see Rotate tenant token.

To avoid data loss, both old and new tokens are valid during the rotation process.

The request produces an application/json payload.

  • Managed https://{your-domain}/e/{your-environment-id}/api/v2/tenantTokenRotation/start
  • SaaS https://{your-environment-id}.live.dynatrace.com/api/v2/tenantTokenRotation/start
  • Environment ActiveGate https://{your-activegate-domain}/e/{your-environment-id}/api/v2/tenantTokenRotation/start


To execute this request, you need the Tenant token rotation (tenantTokenRotation.write) permission assigned to your API token. To learn how to obtain and use it, see Tokens and authentication.


The request doesn't provide any configurable parameters.


Response codes

Code Description

Success. The new tenant token is created and will replace the old one. The active field of the response contains the new tenant token.


Failed. Another rotation process is already in progress.

Response body

The TenantTokenConfig object

Configuration of a tenant token.

Element Type Description
active TenantToken
old TenantToken

The TenantToken object

Tenant token

Element Type Description
value string

The secret of the tenant token.


In this example, the request starts the rotation process for the mySampleEnv environment.

The response code of 200 indicates a successful request. The newly generated token is zyxwvutsrq0987654321.

The API token is passed in the Authorization header.


curl -X POST \
  https://mySampleEnv.live.dynatrace.com/api/v2/tenantTokenRotation/start \
  -H 'Authorization: Api-Token dt0c01.abc123.abcdefjhij1234567890' \  
  -H 'Accept: application/json'

Response body

  "active": {
    "value": "zyxwvutsrq0987654321"
  "old": {
    "value": "1234567890qrstuvwxyz"

Response code