Configuration types and access permissions

Dynatrace Configuration as Code via Monaco (the Dynatrace Monaco CLI) supports the following configuration types:

For details on how to define configuration types, see Configuration.

Settings 2.0

This type of configuration is available on the latest Dynatrace Platform and previous Dynatrace environments.

Settings 2.0 requires an API access token or OAuth credentials.

The Dynatrace Monaco CLI provides general support for any Settings 2.0 schema available in your environment.

  • For details on Settings 2.0 schemas, see Settings 2.0 - Available schemas.

  • To configure Settings 2.0 settings, your access token requires the following permissions:

    • Read settings (settings.read)
    • Write settings (settings.write)
  • Dynatrace Platform App settings require OAuth credentials. See our OAuth client guide for configuring them.

    For Settings 2.0, the required permissions are:

    • View settings objects for schema (settings:objects:read)
    • Create settings objects for schema (settings:objects:write)
    • View settings schemas (settings:schemas:read)

App settings may require more permissions than those listed above. Consult the App's documentation for details.

Supported configuration API types

This type of configuration is available for the latest Dynatrace Platform and previous Dynatrace environments.

Note that most configuration APIs are deprecated in favor of Settings 2.0.

Configuration requires an API access token.

The Dynatrace Monaco CLI provides support for most Configuration APIs.

  • The supported configuration types, their API endpoints, and the access token permissions required for interacting with any endpoint are listed below.

  • If there's a link in the Configuration type column, be sure to follow it for important additional information about that configuration type.

Configuration type
Endpoint
Access token permissions
Alerting profiles API - POST a profile
/api/config/v1/alertingProfiles
Read Configuration and Write Configuration
allowed-beacon-origins
Single Configuration Endpoint
Allowed beacon domains API - PUT configuration
/api/config/v1/allowedBeaconOriginsForCors
Read Configuration and Write Configuration
anomaly-detection-applications
Single Configuration Endpoint
Application anomaly detection API - PUT configuration
/api/config/v1/anomalyDetection/applications
Read Configuration and Write Configuration
anomaly-detection-aws
Single Configuration Endpoint
AWS anomaly detection API - PUT configuration
/api/config/v1/anomalyDetection/aws
Read Configuration and Write Configuration
anomaly-detection-database-services
Single Configuration Endpoint
Database anomaly detection API - PUT configuration
/api/config/v1/anomalyDetection/databaseServices
Read Configuration and Write Configuration
anomaly-detection-disks
Disk events anomaly detection API - POST an event
/api/config/v1/anomalyDetection/diskEvents
Read Configuration and Write Configuration
anomaly-detection-hosts
Single Configuration Endpoint
Host anomaly detection API - PUT configuration
/api/config/v1/anomalyDetection/hosts
Read Configuration and Write Configuration
anomaly-detection-metrics
Non-Unique Name Configuration
Metric events anomaly detection API - POST an event
/api/config/v1/anomalyDetection/metricEvents
Read Configuration and Write Configuration
anomaly-detection-services
Single Configuration Endpoint
Services anomaly detection API - PUT configuration
/api/config/v1/anomalyDetection/services
Read Configuration and Write Configuration
anomaly-detection-vmware
Single Configuration Endpoint
VMware anomaly detection API - PUT configuration
/api/config/v1/anomalyDetection/applications
Read Configuration and Write Configuration
Applications detection rules API - POST a rule
/api/config/v1/applicationDetectionRules
Read Configuration and Write Configuration
app-detection-rule-host
Single Configuration Endpoint
Applications detection rules API - PUT host detection headers
/api/config/v1/applicationDetectionRules/hostDetection
Read Configuration and Write Configuration
Read Configuration and Write Configuration
application-mobile
Mobile and custom app API - POST an app
/api/config/v1/applications/mobile
Read Configuration and Write Configuration
auto-tag
Read Configuration and Write Configuration
aws-credentials
Cannot be downloaded
AWS credentials API - POST new credentials
/api/config/v1/aws/credentials
Read Configuration and Write Configuration
azure-credentials
Cannot be downloaded
Azure credentials API - POST new credentials
/api/config/v1/azure/credentials
Read Configuration and Write Configuration
calculated-metrics-application-mobile
Special Name requirements
Mobile app metrics API - POST a metric
/api/config/v1/calculatedMetrics/mobile
Read Configuration and Write Configuration
calculated-metrics-application-web
Special Name requirements
Mobile app metrics API - POST a metric
/api/config/v1/calculatedMetrics/rum
Read Configuration and Write Configuration
calculated-metrics-log
Special Name requirements
Log Monitoring metrics API - PUT a metric
/api/config/v1/calculatedMetrics/log
Read Configuration and Write Configuration
calculated-metrics-service
Special Name requirements
Service metrics API - POST a metric
/api/config/v1/calculatedMetrics/service
Read Configuration and Write Configuration
calculated-metrics-synthetic
Special Name requirements
Synthetic metrics API - POST a metric
/api/config/v1/calculatedMetrics/synthetic
Read Configuration and Write Configuration
conditional-naming-host
Conditional naming API - POST a new naming rule
/api/config/v1/conditionalNaming/host
Read Configuration and Write Configuration
conditional-naming-processgroup
Conditional naming API - POST a new naming rule
/api/config/v1/conditionalNaming/processGroup
Read Configuration and Write Configuration
conditional-naming-service
Conditional naming API - POST a new naming rule
/api/config/v1/conditionalNaming/service
Read Configuration and Write Configuration
Content resources API - PUT configuration
/api/config/v1/contentResources
Read Configuration and Write Configuration
credential-vault
Cannot be downloaded
Read credential vault entries and Write credential vault entries
custom-service-java
Custom services API - POST a custom service rule
/api/config/v1/service/customServices/java
Read Configuration and Write Configuration
custom-service-dotnet
Custom services API - POST a custom service rule
/api/config/v1/service/customServices/dotnet
Read Configuration and Write Configuration
custom-service-go
Custom services API - POST a custom service rule
/api/config/v1/service/customServices/go
Read Configuration and Write Configuration
custom-service-nodejs
Custom services API - POST a custom service rule
/api/config/v1/service/customServices/nodejs
Read Configuration and Write Configuration
custom-service-php
Custom services API - POST a custom service rule
/api/config/v1/service/customServices/php
Read Configuration and Write Configuration
Dashboards API - POST a dashboard
/api/config/v1/dashboards
Read Configuration and Write Configuration
Dashboards API - GET sharing configuration
/api/config/v1/dashboards/{SCOPE}/shareSettings
Read Configuration and Write Configuration
Data privacy API - PUT configuration
/api/config/v1/dataPrivacy
Read Configuration, DataPrivacy
Read Configuration and Write Configuration
extension-elasticsearch
Single Configuration Endpoint
Extensions API - POST an extension .zip file
/api/config/v1/extensions/dynatrace.python.elasticsearch/global
Read Configuration and Write Configuration
failure-detection-parametersets
Failure detection API - POST a parameter set
/api/config/v1/service/failureDetection/parameterSelection/parameterSets
Read Configuration and Write Configuration
failure-detection-rules
Failure detection API - POST a detection rule
/api/config/v1/service/failureDetection/parameterSelection/rules
Read Configuration and Write Configuration
frequent-issue-detection
Single Configuration Endpoint
Frequent issue detection API - PUT configuration
/api/config/v1/frequentIssueDetection
Read Configuration and Write Configuration
geo-ip-address-mappings
Single Configuration Endpoint
IP address mapping rules - PUT configuration
/api/config/v1/geographicRegions/ipAddressMappings
Read Configuration and Write Configuration
geo-ip-detection-headers
Single Configuration Endpoint
IP mapping header rules - PUT configuration
/api/config/v1/geographicRegions/ipDetectionHeaders
Read Configuration and Write Configuration
Read Configuration and Write Configuration
key-user-actions-mobile
Scoped Configuration
Mobile and custom app API - GET key user actions
/api/config/v1/applications/mobile/{APPLICATION_ID}/keyUserActions
Read Configuration and Write Configuration
key-user-actions-web
Scoped Configuration
Web application configuration API - GET key user actions
/api/config/v1/applications/web/{APPLICATION_ID}/keyUserActions
Read Configuration and Write Configuration
kubernetes-credentials
Cannot be downloaded
Kubernetes credentials API - POST new credentials
/api/config/v1/kubernetes/credentials
Read Configuration and Write Configuration
maintenance-window
Read Configuration and Write Configuration
management-zone
Management zones API - POST a management zone
/api/config/v1/managementZones
Read Configuration and Write Configuration
network-zone
Dynatrace Monaco CLI version 2.10.0+
Network zones API
/api/v2/networkZones
Read network zones and Write network zones
notification
Read Configuration and Write Configuration
reports
Reports API - POST a report
/api/config/v1/reports
Read Configuration and Write Configuration
request-attributes
Request attributes API - POST a request attribute
/api/config/v1/service/requestAttributes
Read Configuration and Capture request data
request-naming-service
Non-Unique Name Configuration
Request naming API - POST a new request naming rule
/api/config/v1/service/requestNaming
Read Configuration and Write Configuration
slo
Read SLO and Write SLO
service-detection-full-web-request
Service detection API - POST a full web request rule
/api/config/v1/service/detectionRules/FULL_WEB_REQUEST
Read Configuration and Write Configuration
service-detection-full-web-service
Service detection API - POST a full web service rule
/api/config/v1/service/detectionRules/FULL_WEB_SERVICE
Read Configuration and Write Configuration
service-detection-opaque-web-request
Service detection API - POST an opaque web request rule
/api/config/v1/service/detectionRules/OPAQUE_AND_EXTERNAL_WEB_REQUEST
Read Configuration and Write Configuration
service-detection-opaque-web-service
Service detection API - POST an opaque web service rule
/api/config/v1/service/detectionRules/OPAQUE_AND_EXTERNAL_WEB_SERVICE
Read Configuration and Write Configuration
service-resource-naming
Single Configuration Endpoint
Services configuration API
/api/config/v1/service/resourceNaming
Read Configuration and Write Configuration
synthetic-location
Access problem and event feed, metrics, and topology and Create and read synthetic monitors, locations, and nodes
synthetic-monitor
Synthetic monitors API - POST a monitor
/api/v1/synthetic/monitors
Create and read synthetic monitors, locations, and nodes
user-action-and-session-properties-mobile
Scoped Configuration
Mobile and custom app API - GET all user session properties
"/api/config/v1/applications/mobile/{APPLICATION_ID}/userActionAndSessionProperties"
Read Configuration and Write Configuration

For more information about each token permission, see Dynatrace API - Tokens and authentication.

Supported platform API types

The Dynatrace Monaco CLI provides support for the following Dynatrace platform API types.

To target platform APIs, you need to provide OAuth credentials.

Configuration type
Endpoint
OAuth client permissions
Dynatrace Monaco CLI version
business-calendars
/platform/automation/v1/business-calendars
automation:calendars:read, automation:calendars:write
2.6.0+
scheduling-rules
/platform/automation/v1/scheduling-rules
automation:rules:read, automation:rules:write
2.6.0+
workflows
/platform/automation/v1/workflows
automation:workflows:read, automation:workflows:write
2.6.0+
buckets
/platform/storage/management/v1/bucket-definitions
storage:bucket-definitions:read, storage:bucket-definitions:write, storage:bucket-definitions:delete
2.9.0+
documents
/platform/document/v1/documents
document:documents:write, document:documents:read, document:documents:delete, document:trash.documents:delete
2.15.0+
openpipelines
/platform/openpipeline/v1/configurations
openpipeline:configurations:read, openpipeline:configurations:write
2.15.0+

Account management permissions

To manage account resources, you need to provide OAuth credentials with the following permissions:

account-idm-read
account-idm-write
account-env-read
account-env-write
iam-policies-management
iam:policies:write
iam:policies:read
iam:bindings:write
iam:bindings:read