Cluster API - Authentication

To get authenticated to use the Cluster API, you need a valid API token. Access to the API is controlled by scope, meaning that you also need the proper permissions assigned to the token. See the description of each request to find out which permissions are required to use it.

Generate a token

To generate an API token

Select Settings in the navigation menu.
Go to API tokens.
Select Generate token.
Enter a name for your token.

Dynatrace provides the following permissions for API tokens. You can set them in the UI, as described above, or via Tokens API. You can assign multiple permissions to a single token, or you can generate several tokens, each with different access levels and use them accordingly—check with your organization's security policies for the best practice. We recommend to keep tokens with a dedicated single scope to limit potential damage in case of leakage.

Name API value Description
Cluster token management ClusterTokenManagement Allows to access Tokens API and manage tokens.
Service Provider API ServiceProviderAPI Allows access to Cluster Management API operations.
Select Save.


Your API call can get authenticated in two ways: per call via an HTTP header or query parameter, or per login via cluster API screen.

HTTP header

You can authenticate by attaching the token to the Authorization HTTP header preceding the Api-Token realm.

--header 'Authorization: Api-Token abcdefjhij1234567890'

The following example shows authentication via HTTP header.

curl --request GET \
  --url \
  --header 'Authorization: Api-Token abcdefjhij1234567890' \

Query parameter

You can authenticate by adding the token as the value of the api-token query parameter.

curl --request GET \
  --url '' \

Cluster API screen

  1. In the upper-right corner, open the User menu and select Cluster Management API.
  2. From the dropdown menu box in the top bar, select API definition: Cluster Management API or Cluster API.
  3. In the API explorer, click Authorize.
    The Available authorizations dialog appears.
  4. Paste your token into the appropriate field and click Authorize.
    Once completed, from the same dialog box you can click Logout to discontinue the authentication.