This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Automation of Generating the API token

smartpraseetha
Participant

‎07 May 2025 08:34 AM - last edited on ‎08 May 2025 08:28 AM by Community Team

Hello All,

  I am wondering if there is a any way to automate the token creation via a script without revealing the token?.

I am aware that we can use the respective Environment APIs like POST/PUT etc.

But in order to have the access to those API creations first we need to have the authorization token - By generating that from the /ui/access-tokens/create?gtf=-2h&gf=all (With the correct scopes say api.Tokens.write)

Assuming if any automation on generating the master token automatically via some script . My idea is to automate this token generation and use that authentication during  run time of my script, to  invoke other APIS with different scopes.

 

My concern is on  creating the token via the manual existing method.

It is not user friendly as one need to create this token every time for security reasons as the token cannot be stored anywhere.

On checking if we can use the credential vault for storing environment tokens , don't see it is  possible.

Having the token stored in say some other vaults like Hashcorp or cyberark seems to be too many dependencies.

 

Cheers,

Praseetha

 

Labels:
Reply
2 REPLIES 2

ChadTurner
DynaMight Legend
DynaMight Legend

‎07 May 2025 06:36 PM

Maybe I read this wrong but overall you will always need a primary token manually made, to then leverage some sort of automation. 

So lets say you built a Home Grown Self Service App, where users can request an API token with the scopes they need... or lets say you built an integration in ServiceNow which will allow you to have a user Request token Scope access and supply required information like Expiry, Justification as well as gaining manager approval. Once approved, Service now, or your home grown app, could post the request into Dynatrace and export the token value to a targeted repository, be it Cyberark or something in ServiceNow. But to do this, you would need to first Manually create a Master Token that will allow your Home Grown app or ServiceNow to  PUT the API call: 

ChadTurner_0-1746639296863.png

I would recommend enforcing a naming convention too that outlines the ServiceNow request for audit abilities. The question will come - "Why did Joe get Delete Access via API? Request 123456.... Ahh, Kevin approved it with this justification."

 

-Chad
0 Kudos
Reply

ChadTurner
DynaMight Legend
DynaMight Legend

‎07 May 2025 07:59 PM

Going an extra level, we had a use case where we needed to delete a set of log files. In order to delete these files we : 1 - needed a Cluster Token. 2 - Take that bearer token and decode it 3 - Use it before the decoded bearer token expires. So we formulated a script that called the Cluster, got the bearer, decoded it, then posted the delete of the logs, while then every 2 seconds checking the status of the delete. 

While that was all automated, it still resulted in manual action of creating the primary token for the script to use. 

-Chad
0 Kudos
Reply
Ask a question

Featured Posts