Create a platform token for the Dynatrace Monaco CLI

  • How-to guide
  • 3-min read
  • Published Jun 30, 2025

Dynatrace Monaco CLI version 2.24.0+

This guide shows you how to create a platform token for use with Dynatrace Configuration as Code via Monaco.

Create a platform token

A platform token for the Dynatrace Monaco CLI typically needs the scopes outlined in the table that follows.

Purpose
Scopes
Access platform metadata like Classic URLs and version information
app-engine:apps:run
Manage Settings 2.0 objects and its all-users permission
settings:objects:read, settings:objects:write
View Settings 2.0 schemas
settings:schemas:read
Manage automation workflows
automation:workflows:read, automation:workflows:write, automation:calendars:read, automation:calendars:write, automation:rules:read, automation:rules:write
Access all Automation Workflows1
automation:workflows:admin
Manage Grail buckets
storage:bucket-definitions:read, storage:bucket-definitions:write, storage:bucket-definitions:delete
Manage documents
document:documents:read, document:documents:write, document:documents:delete, document:trash.documents:delete
Manage segments
storage:filter-segments:read, storage:filter-segments:write, storage:filter-segments:delete, storage:filter-segments:admin
Manage Service-Level Objectives (SLOs)
slo:slos:read, slo:slos:write
1

To use the automation:workflows:admin scope, you need to create a custom policy granting that scope, bind a group to it, and assign your user to that group in Account Management before creating the OAuth client. For detailed information on managing policies, see Manage IAM policies.

Use your platform token

  1. Follow the instructions for your operating system or CI/CD tool on how to make the platform token available as an environment variable.
  2. Reference the environment variable you have created in the platform token section of your manifest file.
  3. The Dynatrace Monaco CLI will make authenticated API calls.
Related tags
Software Delivery