• Home
  • Setup and configuration
  • Set up Cloud Automation
  • Automation

Automation

Cloud Automation provides its own API. For details, see Keptn API. To interact with the Dynatrace Cloud Automation API, you can use the Cloud Automation API token, or generate an OAuth API client based on a Dynatrace user.

Token-based Automation

In the Cloud Automation UI (bridge), go to your user menu in the upper-right corner and copy the API token, which is used for authenticating API calls.

Note: To access the token, the user needs to be assigned the cloudautomation:metadata:read policy statement. For details about the API, see API.

OAuth-based Automation

You can connect your Cloud Automation identity to third-party integrations using OAuth. When authorizing an OAuth application, make sure that you trust the application, verify its developers, and check what kind of information the application is going to access.

Note: Dynatrace user permissions are transferred to the OAuth API client. Consequently, the OAuth API client cannot have wider permissions than the user. If you want the OAuth API client to have narrower permissions than the user, you need to create a new user with restricted permissions, and then use it to generate the OAuth API client.

To generate an OAuth API client

  1. In Dynatrace, go to the user menu and select Account settings.
  2. Select Accounts, and then select your account tile.
  3. Select Account management API.
  4. Select Create new client.
  5. Enter a client description and the user email.
  6. Under OAuth scopes, select Cloud Automation.
  7. Select at least the following scopes for a typical third-party integration:
    • Read resources - cloudautomation:resources:read
    • Read events - cloudautomation:events:read
    • Send events - cloudautomation:events:write
    • Write/Edit logs - cloudautomation:logs:write
    • Read integrations - cloudautomation:integrations:read
    • Write/Edit integrations - cloudautomation:integrations:write
    • Delete integrations - cloudautomation:integrations:delete
    • Read secrets - cloudautomation:secrets:read
  8. Select Generate client.
  9. Copy your client ID, your client secret, and your Dynatrace account URN. These settings are required for the Client credentials flow.

Test the OAuth API client

  1. Authenticate with your client ID and client secret obtained above to retrieve the token:

    plaintext
    curl --location --request POST 'https://sso.dynatrace.com/sso/oauth2/token?grant_type=client_credentials&client_id=<YOUR-CLIENT-ID>&client_secret=<YOUR-CLIENT-SECRET>&resource=<YOUR-DYNATRACE-ACCOUNT-URN>&scope=cloudautomation:events:read' \ --header 'Content-Type: application/x-www-form-urlencoded'
  2. Copy the retrieved access token.

  3. To request data, run the command below, making sure to replace

    • <YOUR-CLOUD-AUTOMATION-INSTANCE>) with your Cloud Automation instance ID
    • <YOUR-ACCESS-TOKEN> with the previously retrieved access token
    plaintext
    curl --location --request GET 'https://<YOUR-CLOUD-AUTOMATION-INSTANCE>/api/controlPlane/v1/event/triggered/sh.keptn.event.approval.triggered' \ --header 'Authorization: Bearer <YOUR-ACCESS-TOKEN>' \