Dynatrace offers different options to authenticate API calls. Dynatrace Monaco supports the following authentication options:
For details about Dynatrace Identity and Access Management (including platform tokens,API tokens, and OAuth clients), see Tokens and OAuth clients.
To create a platform token, follow the steps described in Create a platform token for the Dynatrace Monaco CLI. Each available type of platform configuration requires specific OAuth scopes.
To create an OAuth client, follow the steps described in Create an OAuth2 client.
Each available type of platform configuration requires specific OAuth scopes.
To use the automation:workflows:admin scope, you need to do the following before creating the OAuth client.
For detailed information on managing policies, see IAM policy reference.
To manage OpenPipeline configurations, ensure that the user belongs to a group with the policy Data Processing and Storage assigned to it. Do this before creating the OAuth client.
In addition to the scopes available to the OAuth client, permissions can be further limited via policies applied to the user's groups.
When working with a service user, ensure the service user's permissions match the OAuth scopes for all environments. For details on how permissions can be controlled, see Working with policies.
To use your OAuth client:
Dynatrace Monaco supports the following configuration types:
The specific configuration types are defined in the Monaco configuration YAML file.
Settings 2.0 resources require a classic Dynatrace API access token or OAuth credentials.
The Dynatrace Monaco CLI provides general support for any Settings 2.0 schema available in your environment. For information about schemas, see Settings 2.0 - Available schemas.
For latest Dynatrace, you will need the following OAuth scopes.
| Purpose | Scope |
|---|---|
| Manage Settings 2.0 objects and its all-users permission | settings:objects:read, settings:objects:write |
| View Settings 2.0 schemas | settings:schemas:read |
For classic Dynatrace, you will need the following OAuth scopes.
| Purpose | Scope |
|---|---|
| Manage Settings 2.0 objects and its all-users permission | settings.read, settings.write |
The Dynatrace platform provides a collection of platform services, each with a specific area of responsibility. OAuth credentials are required to target platform APIs.
The Dynatrace Monaco CLI provides support for Dynatrace platform API types as described in the table below.
| Platform service | Configuration type | Endpoint | OAuth client permissions | Monaco CLI version |
|---|---|---|---|---|
Automation |
|
|
| 2.6.0+ |
Automation |
|
|
| 2.6.0+ |
Automation |
|
|
| 2.6.0+ |
Grail–-storage management |
|
|
| 2.9.0+ |
Documents (Dashboards, Notebooks, Launchpads) |
|
|
| 2.15.0+ |
OpenPipeline |
|
|
| 2.15.0+ |
Grail |
|
|
| 2.19.0+ |
SLOs |
|
|
| 2.22.0+ |
Replaced by Settings API. To learn more, see OpenPipeline API.
To manage account resources, such as user management or policy handling, OAuth credentials require the following permissions:
account-idm-readaccount-idm-writeaccount-env-readaccount-env-writeiam-policies-managementiam:policies:writeiam:policies:readiam:bindings:writeiam:bindings:readiam:boundaries:readiam:boundaries:writeConfiguration via the Configuration API requires an API access token. Dynatrace Monaco CLI provides support for most Configuration APIs, as described in the table below. This table provides:
Note that most Configuration APIs are deprecated in favor of Settings 2.0, see Settings 2.0.
| Configuration type | Constraints | Endpoint and access permission |
|---|---|---|
alerting-profile | Settings API Problem alerting profiles schema: | |
RUM: allowed-beacon-origins | ||
anomaly-detection-applications | ||
anomaly-detection-aws | ||
anomaly-detection-database-services | ||
anomaly-detection-disks | ||
anomaly-detection-hosts | ||
anomaly-detection-metrics | Settings API Metric events schema:
| |
anomaly-detection-services | ||
anomaly-detection-vmware | ||
app-detection-rule | ||
app-detection-rule-host | ||
application-web | ||
application-mobile | ||
auto-tag | Settings API Automatically applied tags schema: | |
aws-credentials | It can't be downloaded. | |
azure-credentials | It can't be downloaded. | |
calculated-metrics-application-mobile | ||
calculated-metrics-application-web | ||
calculated-metrics-log | Settings API with SchemaID | |
calculated-metrics-service | ||
calculated-metrics-synthetic | ||
conditional-naming-host | ||
conditional-naming-processgroup | ||
conditional-naming-service | ||
content-resources | ||
credential-vault | It can't be downloaded. | |
custom-service-java | ||
custom-service-dotnet | ||
custom-service-go | ||
custom-service-nodejs | ||
custom-service-php | ||
Dashboard Classic | ||
dashboard-share-settings classic | ||
data-privacy | ||
extension | It can't be downloaded. | |
extension-elasticsearch | ||
failure-detection-parametersets | ||
failure-detection-rules | ||
frequent-issue-detection | Settings API with | |
geo-ip-address-mappings | ||
geo-ip-detection-headers | ||
hosts-auto-update | ||
key-user-actions-mobile | ||
key-user-actions-web | ||
kubernetes-credentials | It can't be downloaded. | Settings API with Settings API - Connection settings schema table |
maintenance-window | Settings API with the Maintenance windows | |
management-zone | Settings API with the Problem notifications | |
network-zone Dynatrace Monaco CLI version 2.10.0+ | ||
notification | Settings API with Problem notifications | |
reports | ||
request-attributes | ||
request-naming-service | ||
slo classic | ||
service-detection-full-web-request | ||
service-detection-full-web-service | ||
service-detection-opaque-web-request | ||
service-detection-opaque-web-service | ||
service-resource-naming | Services configuration API | |
synthetic-location | ||
synthetic-monitor | ||
user-action-and-session-properties-mobile |