Tokens API - PUT an existing token

Updates the specified Dynatrace API authentication token. You can:

  • Change the token name.
  • Add or remove token permissions.
  • Revoke the token. A revoked token still exists in the environment, but it can't be used.

The request consumes an application/json payload.

  • Managed https://{your-domain}/e/{your-environment-id}/api/v1/tokens/{id}
  • SaaS https://{your-environment-id}{id}


To execute this request, you need the Token management (TenantTokenManagement) permission assigned to your API token. To learn how to obtain and use it, see Tokens and authentication.


Parameter Type Description In Required
id string

The ID of the token to be updated.

You can't update the token you're using for authentication of the request.

path required
body UpdateToken

The JSON body of the request. Contains updated parameters of the token.

body optional

The UpdateToken object

Element Type Description Required
revoked boolean

The token is revoked (true) or active (false).

name string

The name of the token.

scopes string[]

The list of permissions assigned to the token.

Apart from the new permissions, you need to submit the existing permissions you want to keep, too. Any existing permission, missing in the payload, is revoked.

  • InstallerDownload: PaaS integration - Installer download.
  • DataExport: Access problem and event feed, metrics, and topology.
  • PluginUpload: Upload Extension.
  • SupportAlert: PaaS integration - Support alert.
  • DcrumIntegration: Dynatrace module integration - NAM.
  • AdvancedSyntheticIntegration: Dynatrace module integration - Synthetic Classic.
  • ExternalSyntheticIntegration: Create and read synthetic monitors, locations, and nodes.
  • AppMonIntegration: Dynatrace module integration - AppMon.
  • LogExport: Read log content.
  • ReadConfig: Read configuration.
  • WriteConfig: Write configuration.
  • DTAQLAccess: User sessions.
  • UserSessionAnonymization: Anonymize user session data for data privacy reasons.
  • DataPrivacy: Change data privacy settings.
  • CaptureRequestData: Capture request data.
  • Davis: Dynatrace module integration - Davis.
  • DssFileManagement: Mobile symbolication file management.
  • LogImport: Log import.
  • RumJavaScriptTagManagement: Real user monitoring JavaScript tag management.
  • TenantTokenManagement: Token management.
  • ActiveGateCertManagement: ActiveGate certificate management.
  • RestRequestForwarding: Fetch data from a remote environment.
  • ReadSyntheticData: Read synthetic monitors, locations, and nodes.
  • DataImport: Data ingest, e.g.: metrics and events.
  • Read audit logs.
  • Read metrics using API V2.
  • Read entities using API V2.
  • entities.write: Write entities using API V2.
  • Read network zones using API V2.
  • networkZones.write: Write network zones using API V2.
  • Read ActiveGates using API V2.
  • activeGates.write: Write ActiveGates using API V2.
  • Read credential vault entries.
  • credentialVault.write: Write credential vault entries.
  • Read synthetic locations using API V2.
  • syntheticLocations.write: Write synthetic locations using API V2.
The scopes element can hold these values.

Possible values

Possible values for the scopes element in the UpdateToken object:

  • InstallerDownload
  • DataExport
  • PluginUpload
  • SupportAlert
  • DcrumIntegration
  • AdvancedSyntheticIntegration
  • ExternalSyntheticIntegration
  • AppMonIntegration
  • LogExport
  • ReadConfig
  • WriteConfig
  • DTAQLAccess
  • UserSessionAnonymization
  • DataPrivacy
  • CaptureRequestData
  • Davis
  • DssFileManagement
  • LogImport
  • RumJavaScriptTagManagement
  • TenantTokenManagement
  • ActiveGateCertManagement
  • RestRequestForwarding
  • ReadSyntheticData
  • DataImport
  • entities.write
  • networkZones.write
  • activeGates.write
  • credentialVault.write
  • syntheticLocations.write

Response format

A successful request doesn't return any content.


In this example, the request queries the metadata of the admin token, which has the ID of d5836312-5790-4e80-afcf-09971954c3ea. It assigns two new permissions: Real user monitoring JavaScript tag management and ActiveGate certificate management. The name and validity of the token remain intact. The response code of 204 indicates that the update was successful.

The token, as displayed in the Dynatrace interface, has the following settings before the edit:

Dynatrace API authentication token

The API token is passed in the Authorization header.

You can download or copy the example request body to try it out on your own.


curl -X PUT \ \
  -H 'Authorization: Api-Token abcdefjhij1234567890' \
  -H 'Content-Type: application/json' \
  -d '{
  "scopes": [

Request URL

Request body

  "scopes": [

Response code



The updated token, as displayed in the Dynatrace interface, has the following parameters: Dynatrace API authentication token - updated