Dynatrace offers different options to authenticate API calls. Dynatrace Monaco supports the following authentication options:
For details about Dynatrace Identity and Access Management (including platform tokens,API tokens, and OAuth clients), see Tokens and OAuth clients.
To create a platform token, follow the steps described in Create a platform token for the Dynatrace Monaco CLI. Each available type of platform configuration requires specific OAuth scopes.
To create an OAuth client, follow the steps described in Create an OAuth2 client.
Each available type of platform configuration requires specific OAuth scopes.
To use the automation:workflows:admin scope, you need to do the following before creating the OAuth client.
For detailed information on managing policies, see IAM policy reference.
To manage OpenPipeline configurations, ensure that the user belongs to a group with the policy Data Processing and Storage assigned to it. Do this before creating the OAuth client.
In addition to the scopes available to the OAuth client, permissions can be further limited via policies applied to the user's groups.
When working with a service user, ensure the service user's permissions match the OAuth scopes for all environments. For details on how permissions can be controlled, see Working with policies.
To use your OAuth client:
Dynatrace Monaco supports the following configuration types:
The specific configuration types are defined in the Monaco configuration YAML file.
Settings 2.0 resources require a classic Dynatrace API access token or OAuth credentials.
The Dynatrace Monaco CLI provides general support for any Settings 2.0 schema available in your environment. For information about schemas, see Settings 2.0 - Available schemas.
For latest Dynatrace, you will need the following OAuth scopes.
| Purpose | Scope |
|---|---|
| Manage Settings 2.0 objects and its all-users permission | settings:objects:read, settings:objects:write |
| View Settings 2.0 schemas | settings:schemas:read |
For classic Dynatrace, you will need the following OAuth scopes.
| Purpose | Scope |
|---|---|
| Manage Settings 2.0 objects and its all-users permission | settings.read, settings.write |
The Dynatrace platform provides a collection of platform services, each with a specific area of responsibility. OAuth credentials are required to target platform APIs.
The Dynatrace Monaco CLI provides support for Dynatrace platform API types as described in the table below.
To manage account resources, such as user management or policy handling, OAuth credentials require the following permissions:
account-idm-readaccount-idm-writeaccount-env-readaccount-env-writeiam-policies-managementiam:policies:writeiam:policies:readiam:bindings:writeiam:bindings:readiam:boundaries:readiam:boundaries:writeConfiguration via the Configuration API requires an API access token. Dynatrace Monaco CLI provides support for most Configuration APIs, as described in the table below. This table provides:
Note that most Configuration APIs are deprecated in favor of Settings 2.0, see Settings 2.0.