topic Re: When I generate Personal access tokens it is missing required scope. logs.read (Read logs) in Open Q&A https://community.dynatrace.com/t5/Open-Q-A/When-generating-personal-access-tokens-the-required-scope-logs/m-p/278838#M36693 <P>Hi&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/91666">@HARUTYM</a>&nbsp;,</P><P>&nbsp;</P><P>That's correct PAT token is not covered the socope "&nbsp;<SPAN>logs.read". You can read&nbsp;<A href="https://docs.dynatrace.com/docs/manage/identity-access-management/access-tokens-and-oauth-clients/access-tokens/personal-access-token#available-scopes" target="_self">here</A>&nbsp;.<BR />If you like to have a token with scope "logs.read" then you have to generate access token&nbsp;<A href="https://docs.dynatrace.com/docs/manage/identity-access-management/access-tokens-and-oauth-clients/access-tokens#create-api-token" target="_self">here</A>&nbsp; but for this you might required environment level access.<BR /><BR />BR<BR /><BR /></SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Thu, 05 Jun 2025 20:35:02 GMT Akhil-Jayendran 2025-06-05T20:35:02Z When generating personal access tokens, the required scope logs.read (Read logs) is missing https://community.dynatrace.com/t5/Open-Q-A/When-generating-personal-access-tokens-the-required-scope-logs/m-p/278807#M36691 <P class="">When I generate a Personal Access Token, it does not include the required logs.read (Read logs) scope.</P> <P class="">Even when I create a token with all available scopes, I receive the following error when calling the "/logs/export" API:</P> <P>{<BR />"error": {<BR />"code": 403,<BR />"message": "Token is missing required scope. Use one of: logs.read (Read logs)"<BR />}<BR />}</P> <P><SPAN>&nbsp;</SPAN></P> Tue, 23 Dec 2025 15:59:10 GMT https://community.dynatrace.com/t5/Open-Q-A/When-generating-personal-access-tokens-the-required-scope-logs/m-p/278807#M36691 HARUTYM 2025-12-23T15:59:10Z Re: When I generate Personal access tokens it is missing required scope. logs.read (Read logs) https://community.dynatrace.com/t5/Open-Q-A/When-generating-personal-access-tokens-the-required-scope-logs/m-p/278838#M36693 <P>Hi&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/91666">@HARUTYM</a>&nbsp;,</P><P>&nbsp;</P><P>That's correct PAT token is not covered the socope "&nbsp;<SPAN>logs.read". You can read&nbsp;<A href="https://docs.dynatrace.com/docs/manage/identity-access-management/access-tokens-and-oauth-clients/access-tokens/personal-access-token#available-scopes" target="_self">here</A>&nbsp;.<BR />If you like to have a token with scope "logs.read" then you have to generate access token&nbsp;<A href="https://docs.dynatrace.com/docs/manage/identity-access-management/access-tokens-and-oauth-clients/access-tokens#create-api-token" target="_self">here</A>&nbsp; but for this you might required environment level access.<BR /><BR />BR<BR /><BR /></SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Thu, 05 Jun 2025 20:35:02 GMT https://community.dynatrace.com/t5/Open-Q-A/When-generating-personal-access-tokens-the-required-scope-logs/m-p/278838#M36693 Akhil-Jayendran 2025-06-05T20:35:02Z