What is an access token?

Dynatrace relies on unique character strings to identify your monitoring environment. This is necessary to enable, for example, external integration of your Dynatrace monitoring environment with 3rd party messaging services, Dynatrace REST API, PaaS environments, VoiceOps/ChatOps, and other reporting tools.

All external access to your Dynatrace monitoring environment relies on two major pieces of information: the environment ID and an access token.

Authentication required for Dynatrace OneAgent downloads or for accessing the Dynatrace API is achieved using access keys called tokens. Dynatrace defines the scope of tokens to limit access to specific product functionality for security reasons. A PaaS token, for example, allows the download of OneAgent for PaaS and installation of OneAgent on multiple hosts, but it doesn’t enable you to access the rest of the Dynatrace API.

There are some situations where required tokens are automatically created and other situations where they must be generated manually. For example, OneAgent for Windows ships with a token automatically. Conversely, OneAgent for PaaS requires that you manually generate an access token.

Create user-generated access tokens

To generate and manage access tokens

  1. Log into your Dynatrace environment and from the navigation menu click Settings > Integration.
  2. Select Dynatrace API, Platform as a Service, or Dynatrace modules to generate a token for the Dynatrace API, a token for PaaS, or a token for DCRUM or Synthetic.
  3. Click the Generate token button, then type a meaningful token name in the text field.

Note: The uniqueness of user-generated token names is not checked. Multiple same-named API, PaaS, or module tokens can exist. Be sure to provide a meaningful name for each token you define. Multiple same-named tokens can have different access configurations. Effective token naming helps you to efficiently manage your tokens, search for tokens, and perhaps delete them in the future if they’re no longer needed.

  1. (Optional) For creating Dynatrace API tokens, select or clear access switches as needed to set the access scope of the API token. For example, to create an API authentication token to access Dynatrace monitoring data for user session queries, select User session query language.
  2. Click the Generate button. The token appears in the My Dynatrace token list below.

At any time, you can copy an access token that you created by expanding Edit next to the token name and clicking the Copy button next to the token. Token management view also allows you to Disable/enable, Edit, or Delete tokens.

Locate existing access tokens

As is the case with environment IDs (see above), access tokens also appear in URLs, though at the end of URLs rather than at the beginning. For example, note the access token at the end of URL that appears in the Use this command on the target host text field in the image below.