Create a platform token for the Dynatrace Monaco CLI How-to guide 3-min read Published Jun 30, 2025 Dynatrace Monaco CLI version 2.24.0+
This guide shows you how to create a platform token for use with Dynatrace Configuration as Code via Monaco.
A platform token for the Dynatrace Monaco CLI typically needs the scopes outlined in the table that follows.
For general instructions on creating a platform token, see Platform tokens . Refer to the table below to select the token scopes. Access platform metadata like Dynatrace classic URLs and version information
app-engine:apps:run
Manage Settings 2.0 objects and its all-users permission
settings:objects:read, settings:objects:write
View Settings 2.0 schemas
settings:schemas:read
Manage automation workflows
automation:workflows:read, automation:workflows:write, automation:calendars:read, automation:calendars:write, automation:rules:read, automation:rules:write
Access all Automation Workflows1
automation:workflows:admin
Manage Grail buckets
storage:bucket-definitions:read, storage:bucket-definitions:write, storage:bucket-definitions:delete
Manage documents
document:documents:read, document:documents:write, document:documents:delete, document:trash.documents:delete
Manage segments
storage:filter-segments:read, storage:filter-segments:write, storage:filter-segments:delete, storage:filter-segments:admin
Manage Service-Level Objectives (SLOs)
slo:slos:read, slo:slos:write
1 To use the automation:workflows:admin scope, you need to create a custom policy granting that scope, bind a group to it, and assign your user to that group in Account Management before creating the OAuth client. For detailed information on managing policies, see Manage IAM policies .
Follow the instructions for your operating system or CI/CD tool on how to make the platform token available as an environment variable. Reference the environment variable you have created in the platform token section of your manifest file . The Dynatrace Monaco CLI will make authenticated API calls.