Configure and manage account API OAuth clients

The Account Management API helps you manage your account and its users. For example, you can manage access to Dynatrace environments by creating groups with various access levels and then associating these groups with users.

Recommendations

To use the Account management API, you must create an OAuth2 client that uses the standard client credentials flow to authenticate a service user with the API.

• You can designate any user on your account as a service user, but we recommend that you do not use the service user for any other purpose. The service user must belong to a group that provides account user management permissions.
• Create a separate Client ID for each application or integration that you build, and don't share clients between them. This approach provides you maximum control and security. Each client must have at least one scope. This enables you to authorize APIs on an application basis, as well as via the associated service user.

Configuration

To create a client

1. Select Create new client.
2. Use the form to generate a Client ID and a Client secret for your service user.

After you have a Client ID and a Client secret, you can use Dynatrace SSO to request an access token for your OAuth client.

To do so, issue a POST request to https://sso.dynatrace.com/sso/oauth2/token with the application/x-www-form-urlencoded' content type.

• You can use any OAuth or HTTP client to execute the request.
• Provide the following parameters in the request body.
• Be sure to URL-encode all values.

API documentation can be found here: https://api.dynatrace.com/spec/