Tokens API - POST a new token

Creates a new Dynatrace API authentication token. The response contains the newly created token.

The new token is owned by the same user who owns the token used to authenticate the call.

The request consumes an application/json payload.

The request produces one of the following payload types:

application/json
text/plain
text/csv

Use the Accept header to set the required response type.

POST	Managed https://{your-domain}/e/{your-environment-id}/api/v1/tokens SaaS https://{your-environment-id}.live.dynatrace.com/api/v1/tokens

Authentication

To execute this request, you need the Token management (TenantTokenManagement) permission assigned to your API token. To learn how to obtain and use it, see Tokens and authentication.

Parameters

Parameter	Type	Description	In	Required
body	CreateToken	The JSON body of the request. Contains parameters of the new token.	body	optional

Request parameters JSON model

The CreateToken object

Element Type Description Required

name

string

Element	Type	Description	Required
name	string	The name of the token.	required
expiresIn	Duration		optional
scopes	string[]	The list of permissions to be assigned to the token. `InstallerDownload`: PaaS integration - Installer download. `DataExport`: Access problem and event feed, metrics, and topology. `PluginUpload`: Upload Extension. `SupportAlert`: PaaS integration - Support alert. `DcrumIntegration`: Dynatrace module integration - NAM. `AdvancedSyntheticIntegration`: Dynatrace module integration - Synthetic Classic. `ExternalSyntheticIntegration`: Create and read synthetic monitors, locations, and nodes. `AppMonIntegration`: Dynatrace module integration - AppMon. `LogExport`: Read log content. `ReadConfig`: Read configuration. `WriteConfig`: Write configuration. `DTAQLAccess`: User sessions. `UserSessionAnonymization`: Anonymize user session data for data privacy reasons. `DataPrivacy`: Change data privacy settings. `CaptureRequestData`: Capture request data. `Davis`: Dynatrace module integration - Davis. `DssFileManagement`: Mobile symbolication file management. `LogImport`: Log import. `RumJavaScriptTagManagement`: Real user monitoring JavaScript tag management. `TenantTokenManagement`: Token management. `ActiveGateCertManagement`: ActiveGate certificate management. `RestRequestForwarding`: Fetch data from a remote environment. `ReadSyntheticData`: Read synthetic monitors, locations, and nodes. `DataImport`: Data ingest, e.g.: metrics and events. `ReadAuditLogs`: Read audit logs. `entities.read`: Read entities using API V2. `entities.write`: Write entities using API V2. `networkZones.read`: Read network zones using API V2. `networkZones.write`: Write network zones using API V2. `credentialVault.read`: Read credential vault entries. `credentialVault.write`: Write credential vault entries. The scopes element can hold these values.	required

The name of the token.

required

expiresIn Duration optional

scopes

string[]

The list of permissions to be assigned to the token.

InstallerDownload: PaaS integration - Installer download.
DataExport: Access problem and event feed, metrics, and topology.
PluginUpload: Upload Extension.
SupportAlert: PaaS integration - Support alert.
DcrumIntegration: Dynatrace module integration - NAM.
AdvancedSyntheticIntegration: Dynatrace module integration - Synthetic Classic.
ExternalSyntheticIntegration: Create and read synthetic monitors, locations, and nodes.
AppMonIntegration: Dynatrace module integration - AppMon.
LogExport: Read log content.
ReadConfig: Read configuration.
WriteConfig: Write configuration.
DTAQLAccess: User sessions.
UserSessionAnonymization: Anonymize user session data for data privacy reasons.
DataPrivacy: Change data privacy settings.
CaptureRequestData: Capture request data.
Davis: Dynatrace module integration - Davis.
DssFileManagement: Mobile symbolication file management.
LogImport: Log import.
RumJavaScriptTagManagement: Real user monitoring JavaScript tag management.
TenantTokenManagement: Token management.
ActiveGateCertManagement: ActiveGate certificate management.
RestRequestForwarding: Fetch data from a remote environment.
ReadSyntheticData: Read synthetic monitors, locations, and nodes.
DataImport: Data ingest, e.g.: metrics and events.
ReadAuditLogs: Read audit logs.
entities.read: Read entities using API V2.
entities.write: Write entities using API V2.
networkZones.read: Read network zones using API V2.
networkZones.write: Write network zones using API V2.
credentialVault.read: Read credential vault entries.
credentialVault.write: Write credential vault entries.

The scopes element can hold these values.

required

The Duration object

Defines a period of time.

Element	Type	Description	Required
value	integer	The amount of time.	required
unit	string	The unit of time. If not set, millisecond is used. The unit element can hold these values.	optional

Element

Type

Description

Required

value

integer

The amount of time.

required

unit

string

The unit of time.

If not set, millisecond is used.

The unit element can hold these values.

optional

This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request. See the Example expandable section for working sample request.

      
  {
  "name": "string",
  "expiresIn": {
    "value": 0,
    "unit": "DAYS"
  },
  "scopes": [
    "string"
  ]
}

Possible values

Possible values for the scopes element in the CreateToken object:

InstallerDownload
DataExport
PluginUpload
SupportAlert
DcrumIntegration
AdvancedSyntheticIntegration
ExternalSyntheticIntegration
AppMonIntegration
LogExport
ReadConfig
WriteConfig
DTAQLAccess
UserSessionAnonymization
DataPrivacy
CaptureRequestData
Davis
DssFileManagement
LogImport
RumJavaScriptTagManagement
TenantTokenManagement
ActiveGateCertManagement
RestRequestForwarding
ReadSyntheticData
DataImport
ReadAuditLogs
entities.read
entities.write
networkZones.read
networkZones.write
credentialVault.read
credentialVault.write

Possible values for the unit element in the Duration object:

DAYS
HOURS
MILLIS
MINUTES
SECONDS

Request headers

Accept header value	Description
`application/json`	The response contains JSON payload with token.
`text/plain`	The response contains token in plain text format.
`accept: text/csv; header=present; charset=utf-8`	The response contains token in CSV-format.
`accept: text/csv; header=absent; charset=utf-8`	The response contains token in CSV-format, preceded by the token heading.

Response format

Response parameters JSON model

The Token object

Element	Type	Description
token	string	Dynatrace API authentication token.

    
{
  "token": "abcdefjhij1234567890"
}

Example

In this example, the request creates a new token named REST example. It is valid for 24 hours and has the following permissions:

Access problem and event feed, metrics, and topology
Read configuration
Write configuration

The Accept header sets the response content type as text/plain.

The response code of 201 indicates that the creation was successful. The response contains the new token as plain text.

The API token is passed in the Authorization header.

You can download or copy the example request body to try it out on your own.

Curl

curl -X POST \
  https://mySampleEnv.live.dynatrace.com/api/v1/tokens/ \
  -H 'Authorization: Api-Token abcdefjhij1234567890' \
  -H 'Content-Type: application/json' \
  -H 'Accept: text/plain'  
  -d '{
  "name": "REST example",
  "scopes": [
    "WriteConfig",
    "ReadConfig",
    "DataExport"
  ],
  "expiresIn": {
    "value": 24,
    "unit": "HOURS"
  }
}
'

Request body

Download

{
  "name": "REST example",
  "scopes": [
    "WriteConfig",
    "ReadConfig",
    "DataExport"
  ],
  "expiresIn": {
    "value": 24,
    "unit": "HOURS"
  }
}

Response body

0987654321jihgfedcba

Response code

201

Result

The new token looks like this in the Dynatrace interface:

Dynatrace API authentication token - new