Create an OAuth client for Configuration as Code

This guide shows you how to create an OAuth client for use with Dynatrace Configuration as Code.

Create an OAuth client

1. Access Dynatrace Account Management at https://myaccount.dynatrace.com.

2. Go to Identity & access management > API OAuth clients.

3. Select Create client.

4. Enter the email address of the user who owns the client.

5. Enter a description of the new client.

6. Select the required scopes.

   Each available type of Platform configuration requires specific OAuth scopes. For details, see Configuration types and access permissions.
   Generally, OAuth client credentials for Dynatrace Configuration as Code should have at least these scopes:

   • View settings objects for schema (settings:objects:read)
   • Create settings objects for schema (settings:objects:write)
   • View settings schemas (settings:schemas:read)

7. Select Create client.

8. Copy the generated client ID and secret and store them in a safe place.

   You can only access your client secret once upon creation. You can't reveal it afterward.

Ensure service user permissions

In addition to the scopes available to the OAuth client, permissions can be further limited via policies applied to the user's groups.

For details on how permissions can be controlled, see Manage user permissions with IAM policies.

To ensure that your OAuth client works as intended, verify that the service user's groups grant the same scopes as the OAuth client you have created for all environments you want to use it with.

Use your OAuth client

1. Follow the instructions for your operating system or CI/CD tool on how to make the client ID and secret available as environment variables.
2. Reference the environment variables you have created in the oAuth section of your manifest file.
3. Dynatrace Configuration as Code will request OAuth access tokens using your client credentials to make authenticated API calls.