Personal access token

6-min read
Published Sep 15, 2021

Normally, access tokens require admin rights to generate. With personal access tokens, however, you can generate a token for API usage without admin rights. Available scopes are not pre-filtered based on your user permissions. Instead, your permissions are checked whenever you use your personal access token to authorize a request. You're also limited to the data from management zones you have access to.

A personal access token is bound to you. You can't generate a personal access token for another user.

Enable personal access tokens

Admin rights are required to enable this feature. After it's enabled, any user can generate a personal access token.

To enable personal access tokens

Go to Settings and select Integration > Access tokens.
Turn on Enable personal access tokens.

Generate personal access tokens

To generate a personal access token

Go to Personal Access Tokens (accessible via the user menu in the previous Dynatrace).
Select Generate new token.
Enter a name for your token.
Dynatrace doesn't enforce unique token names. You can create multiple tokens with the same name. Be sure to provide a meaningful name for each token you generate. Proper naming helps you to efficiently manage your tokens and perhaps delete them when they're no longer needed.
Select the required scopes for the token.
Select Generate token.
Copy the generated token to the clipboard. Store the token in a password manager for future use.
You can only access your token once upon creation. You can't reveal it afterward.

Available scopes

Name	API value	Description
Read ActiveGates	`activeGates.read`	Grants access to GET requests of the ActiveGates API.
Write ActiveGates	`activeGates.write`	Grants access to POST and DELETE requests of the ActiveGates API.
Read analyzers	`analyzers.read`
Write and execute analyzers	`analyzers.write`
Read API tokens	`apiTokens.read`	Grants access to GET requests of the Access tokens API.
Write API tokens	`apiTokens.write`	Grants access to POST, PUT, and DELETE requests of the Access tokens API.
Read attacks	`attacks.read`	Grants access to GET requests of the Attacks API and attack-related schemas in the Settings API.
Write Application Protection settings	`attacks.write`	Grants access to POST, PUT, and DELETE requests of the Settings API for Application Protection.
Read entities	`entities.read`	Grants access to GET requests of the Monitored entities and Custom tags APIs.
Write entities	`entities.write`	Grants access to POST, PUT, and DELETE requests of the Monitored entities and Custom tags APIs.
Ingest events	`events.ingest`	Grants access to POST request of the Events API v2.
Read events	`events.read`	Grants access to GET requests of the Events API v2.
Actions for extension monitoring configurations	`extensionConfigurationActions.write`
Read extensions monitoring configuration	`extensionConfigurations.read`	Grants access to GET requests from the Extensions monitoring configuration section of the Extensions 2.0 API.
Write extensions monitoring configuration	`extensionConfigurations.write`	Grants access to POST, PUT, and DELETE requests from the Extensions monitoring configuration section of the Extensions 2.0 API.
Read extensions	`extensions.read`	Grants access to GET requests from the Extensions section of the Extensions 2.0 API.
Write extensions	`extensions.write`	Grants access to POST, PUT, and DELETE requests from the Extensions section of the Extensions 2.0 API.
Read Geographic regions	`geographicRegions.read`	Grants access to GET requests of the Geographic regions API.
Install and update Hub items	`hub.install`	Grants permission to install and update extensions via the Hub items API.
Read Hub-related data	`hub.read`	Grants access to GET requests of the Hub items API.
Manage metadata of Hub items	`hub.write`	Grants permission to manage metadata of Hub items API.
Read JavaScript mapping files	`javaScriptMappingFiles.read`	Grants access to GET requests of the JavaScript mapping files API.
Write JavaScript mapping files	`javaScriptMappingFiles.write`	Grants access to PUT and DELETE requests of the JavaScript mapping files API.
Read metrics	`metrics.read`	Grants access to GET requests of the Metrics API v2.
Write metrics	`metrics.write`	Grants access to the DELETE a custom metric request of the Metrics API v2.
Read network zones	`networkZones.read`	Grants access to GET requests of the Network zones API.
Write network zones	`networkZones.write`	Grants access to POST, PUT, and DELETE requests of the Network zones API.
Read OneAgents	`oneAgents.read`	Grants access to GET requests of the OneAgents API.
Write OneAgents	`oneAgents.write`	Grants access to POST and DELETE requests of the OneAgents API.
Read problems	`problems.read`	Grants access to GET requests of the Problems API v2.
Write problems	`problems.write`	Grants access to POST, PUT, and DELETE requests of the Problems API v2.
Read releases	`releases.read`	Grants access to the Releases API.
Read RUM cookie names	`rumCookieNames.read`
Read security problems	`securityProblems.read`	Grants access to GET requests of the Security problems API.
Write security problems	`securityProblems.write`	Grants access to POST requests of the Security problems API.
Read settings	`settings.read`	Grants access to GET requests of the Settings API.
Write settings	`settings.write`	Grants access to POST and DELETE requests of the Settings API.
Read SLOs	`slo.read`	Grants access to GET requests of the Service-level objectives API.
Write SLOs	`slo.write`	Grants access to POST, PUT, and DELETE requests of the Service-level objectives API.
Look up a single trace	`traces.lookup`	Check whether a trace is present. This is required to use cross-environment tracing.
Read Unified Analysis page	`unifiedAnalysis.read`	Grants access to the Unified analysis schema in the Settings API.

Tokens API v1

Personal access token

Enable personal access tokens

Generate personal access tokens

Available scopes

Related topics