Authentication
Our Site Reliability Guardian & Workflows incorporate the Cloud Automation use cases. As Cloud Automation support will be discontinued on December 31, 2024, we recommend a timely Upgrade from Cloud Automation to Site Reliability Guardian. Please contact your account team for additional information and assistance.
Cloud Automation provides its own API. For details, see Keptn API.
To interact with the Dynatrace Cloud Automation API, you can generate an OAuth 2.0 client
(recommended), or use the Cloud Automation API token
.
OAuth-based Authentication
You can connect third-party integrations to your Cloud Automation instance. To authenticate the integration, the OAuth 2.0 client credentials flow is used.
Make sure that you trust the integration, verify its developers, and check what kind of information the integration is going to access.
Generate an OAuth 2.0 client
To generate an OAuth 2.0 client
- Go to Account Management. If you have more than one account, select the account you want to manage.
- Select Identity & access management > OAuth clients.
- Select Create client.
- Enter a client description and the user email.
- Under Cloud Automation, select at least the following scopes for a typical third-party integration.
- View resources—
cloudautomation:resources:read
- View events—
cloudautomation:events:read
- Send events—
cloudautomation:events:write
- Create and edit logs—
cloudautomation:logs:write
- View integrations—
cloudautomation:integrations:read
- Create and edit integrations—
cloudautomation:integrations:write
- Delete integrations—
cloudautomation:integrations:delete
- View secrets—
cloudautomation:secrets:read
- View resources—
- Scroll down and select Create client.
- Copy your client ID, client secret, and Dynatrace account URN. These settings are required for the Client credentials flow.
The OAuth 2.0 client
cannot have wider permissions than the user who requested the client.
Test the OAuth 2.0 client for retrieving an access token
Token-based Authentication (deprecated)
In the Cloud Automation UI (bridge), go to your user menu in the upper-right corner and copy the API token, which is used for authenticating API calls.
To access the token, the user needs to be assigned the cloudautomation:metadata:read
policy statement. For details about the API, see API.
Migrate to OAuth 2.0-based authentication
Token-based authentication is deprecated. Adapt your integrations to use OAuth 2.0-based authentication instead.
API interaction in automation code
If you are sending HTTP requests to communicate with the API, you potentially add the x-token
header to authenticate the request with the provided token. Please adapt your HTTP requests to leverage OAuth 2.0-based authentication.