Tokens API - POST a new token

Creates a new Dynatrace API authentication token. The response contains the newly created token.

The new token is owned by the same user who owns the token used to authenticate the call.

The request consumes an application/json payload.

The request produces one of the following payload types:

  • application/json
  • text/plain
  • text/csv

Use the Accept header to set the required response type.

POST
  • Managed https://{your-domain}/e/{your-environment-id}/api/v1/tokens
  • SaaS https://{your-environment-id}.live.dynatrace.com/api/v1/tokens

Authentication

To execute this request, you need the Tenant Token Management permission assigned to your API token. See the Authentication page to learn how to obtain and use it.

Parameters

Parameter Type Description In Required
body CreateTenantToken

The JSON body of the request. Contains parameters of the new token.

body required

The CreateTenantToken object

Parameters of a new token.

Element Type Description Required
name string

The name of the token.

required
expiresIn Duration

How long the token is valid.

If not set, the token never expires.

optional
scopes string[]

The list of permissions assigned to the token:

  • ActiveGateCertManagement: ActiveGate certificate management.
  • AdvancedSyntheticIntegration: Synthetic Classic integration.
  • AppMonIntegration: AppMon integration for hybrid deployments.
  • CaptureRequestData: Capture request data.
  • DTAQLAccess: User sessions.
  • DataExport: Access problem and event feed, metrics, and topology.
  • DataImport: Import data and events from external sources.
  • DataPrivacy: Change data privacy settings.
  • Davis: Davis assistant integration.
  • DcrumIntegration: Dynatrace NAM integration.
  • DssFileManagement: Mobile symbolication file management.
  • ExternalSyntheticIntegration: Create and configure Synthetic monitors.
  • InstallerDownload: Download Dynatrace OneAgent.
  • LogExport: Access logs.
  • LogImport: Log import.
  • MaintenanceWindows: Configure maintenance windows.
  • PluginUpload: Upload plugins using the command line.
  • ReadConfig: Read configuration.
  • ReadSyntheticData: Read synthetic monitors, locations, and nodes.
  • RumJavaScriptTagManagement: Real user monitoring JavaScript tag management.
  • SupportAlert: Create support alerts.
  • TenantTokenManagement: Token management.
  • UserSessionAnonymization: Anonymize user session data for data privacy reasons.
  • WriteConfig: Write configuration.
required

The Duration object

Defines a period of time.

Element Type Description Required
value integer

The amount of time.

required
unit string

The unit of time.

If not set, millisecond is used.

The unit element can hold these values.
optional

Possible values

Possible values for the items element in the CreateTenantToken object:

  • ActiveGateCertManagement
  • AdvancedSyntheticIntegration
  • AppMonIntegration
  • CaptureRequestData
  • DTAQLAccess
  • DataExport
  • DataImport
  • DataPrivacy
  • Davis
  • DcrumIntegration
  • DssFileManagement
  • ExternalSyntheticIntegration
  • InstallerDownload
  • LogExport
  • LogImport
  • MaintenanceWindows
  • PluginUpload
  • ReadConfig
  • ReadSyntheticData
  • RumJavaScriptTagManagement
  • SupportAlert
  • TenantTokenManagement
  • UserSessionAnonymization
  • WriteConfig

Possible values for the unit element in the Duration object:

  • DAYS
  • HOURS
  • MILLIS
  • MINUTES
  • SECONDS

Request headers

Accept header value Description
application/json The response contains JSON payload with token.
text/plain The response contains token in plain text format.
accept: text/csv; header=present; charset=utf-8 The response contains token in CSV-format.
accept: text/csv; header=absent; charset=utf-8 The response contains token in CSV-format, preceded by the token heading.

Response format

The Token object

Element Type Description
token string

Dynatrace API authentication token.

Example

In this example, the request creates a new token named REST example. It is valid for 24 hours and has the following permissions:

  • Access problem and event feed, metrics, and topology
  • Read configuration
  • Write configuration

The Accept header sets the response content type as text/plain.

The response code of 201 indicates that the creation was successful. The response contains the new token as plain text.

The API token is passed in the Authorization header.

You can download or copy the example request body to try it out on your own.

Curl

curl -X POST \
  https://mySampleEnv.live.dynatrace.com/api/v1/tokens/ \
  -H 'Authorization: Api-Token abcdefjhij1234567890' \
  -H 'Content-Type: application/json' \
  -H 'Accept: text/plain'  
  -d '{
  "name": "REST example",
  "scopes": [
    "WriteConfig",
    "ReadConfig",
    "DataExport"
  ],
  "expiresIn": {
    "value": 24,
    "unit": "HOURS"
  }
}
'

Request body

api-examples/env/token/post-token.json
Download
{
  "name": "REST example",
  "scopes": [
    "WriteConfig",
    "ReadConfig",
    "DataExport"
  ],
  "expiresIn": {
    "value": 24,
    "unit": "HOURS"
  }
}

Response body

0987654321jihgfedcba

Response code

201

Result

The new token looks like this in the Dynatrace interface:

Dynatrace API authentication token - new