Why do I need an access token and an environment ID?

Dynatrace relies on unique character strings to identify your monitoring environment. This is necessary to enable, for example, external integration of your Dynatrace monitoring environment with 3rd party messaging services, Dynatrace REST API, PaaS environments, VoiceOps/ChatOps, and other reporting tools.

All external access to your Dynatrace monitoring environment relies on two major pieces of information: the environment ID and an access token.

Environment ID

Each environment that you monitor with Dynatrace is identified with a unique character string (i.e., your environment ID). The Dynatrace API relies heavily on environment IDs to ensure that it pulls monitoring data from and pushes relevant external events to the correct Dynatrace environments.

Within Dynatrace SaaS, your Dynatrace environment ID (otherwise known as a tenant ID), is included at the beginning of your Dynatrace environment´s URL (see highlight in image below).

In case you are operating your own Dynatrace Managed installation, you can find your environment id within your custom domain path after the /e/ subpath (see highlight in image below).

You can also find your environment ID listed on your Dynatrace account page along with your licensing details. To find this page, click the User menu button in the upper-right corner of the menu bar and select Account settings.

Environment IDs for PaaS, Linux/AIX/Solaris, & containerized environments

If your environment is PaaS-based, built on Linux/AIX/Solaris, or is containerized, follow these steps to locate your environment ID.

Select Deploy Dynatrace from the navigation menu.

If you have a PaaS-based infrastructure: Click the Set up PaaS integration button. Your environment ID appears in the Environment ID text box.

If your infrastructure is based on Linux/AIX/Solaris: Click Start installation and select your operating system (Linux/AIX/Solaris). Your environment ID appears at the beginning of the URL included in the Use this command on the target host text box.

If you have a containerized infrastructure: Click Start installation and select Linux. Your environment ID appears at the beginning of the URL included in the Use this command on the target host text box.

Access tokens

Authentication required for Dynatrace OneAgent downloads or for accessing the Dynatrace API is achieved using access keys called tokens. Dynatrace defines the scope of tokens to limit access to specific product functionality for security reasons. A PaaS token, for example, allows the download of OneAgent for PaaS and installation of OneAgent on multiple hosts, but it doesn’t enable you to access the rest of the Dynatrace API.

There are some situations where required tokens are automatically created and other situations where they must be generated manually. For example, OneAgent for Windows ships with a token automatically. Conversely, OneAgent for PaaS requires that you manually generate an access token.

Create user-generated access tokens

To generate and manage access tokens

  1. Log into your Dynatrace environment and from the navigation menu click Settings > Integration.
  2. Select Dynatrace API, Platform as a Service, or Dynatrace modules to generate a token for the Dynatrace API, a token for PaaS, or a token for DCRUM or Synthetic.
  3. Click the Generate token button, then type a meaningful token name in the text field.

Note: The uniqueness of user-generated token names is not checked. Multiple same-named API, PaaS, or module tokens can exist. Be sure to provide a meaningful name for each token you define. Multiple same-named tokens can have different access configurations. Effective token naming helps you to efficiently manage your tokens, search for tokens, and perhaps delete them in the future if they’re no longer needed.

  1. (Optional) For creating Dynatrace API tokens, select or clear access switches as needed to set the access scope of the API token. For example, to create an API authentication token to access Dynatrace monitoring data for user session queries, select User session query language.
  2. Click the Generate button. The token appears in the My Dynatrace token list below.

At any time, you can copy an access token that you created by expanding Edit next to the token name and clicking the Copy button next to the token. Token management view also allows you to Disable/enable, Edit, or Delete tokens.

Locate existing access tokens

As is the case with environment IDs (see above), access tokens also appear in URLs, though at the end of URLs rather than at the beginning. For example, note the access token at the end of URL that appears in the Use this command on the target host text field in the image below.