Create a platform token for the Dynatrace Monaco CLI

  • How-to guide
  • 3-min read
  • Published Jun 30, 2025

Dynatrace Monaco CLI version 2.24.0+

This guide shows you how to create a platform token for use with Dynatrace Configuration as Code via Monaco.

Create a platform token

A platform token for the Dynatrace Monaco CLI typically needs the scopes outlined in the table that follows.

PurposeScopes
Access platform metadata like Classic URLs and version informationapp-engine:apps:run
Manage Settings 2.0 objects and its all-users permissionsettings:objects:read, settings:objects:write
View Settings 2.0 schemassettings:schemas:read
Manage automation workflowsautomation:workflows:read, automation:workflows:write, automation:calendars:read, automation:calendars:write, automation:rules:read, automation:rules:write
Access all Automation Workflows1automation:workflows:admin
Manage Grail bucketsstorage:bucket-definitions:read, storage:bucket-definitions:write, storage:bucket-definitions:delete
Manage documentsdocument:documents:read, document:documents:write, document:documents:delete, document:trash.documents:delete
Manage segmentsstorage:filter-segments:read, storage:filter-segments:write, storage:filter-segments:delete, storage:filter-segments:admin
Manage Service-Level Objectives (SLOs)slo:slos:read, slo:slos:write
1

To use the automation:workflows:admin scope, you need to create a custom policy granting that scope, bind a group to it, and assign your user to that group in Account Management before creating the OAuth client. For detailed information on managing policies, see Manage IAM policies.

Use your platform token

  1. Follow the instructions for your operating system or CI/CD tool on how to make the platform token available as an environment variable.
  2. Reference the environment variable you have created in the platform token section of your manifest file.
  3. The Dynatrace Monaco CLI will make authenticated API calls.
Related tags
Software Delivery