This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PRO TIP - Dynatrace Account Management API Postman Collection

DanielS
DynaMight Guru
DynaMight Guru

‎18 Aug 2023 02:10 PM - last edited on ‎29 Aug 2023 08:39 AM by Community Team

My fellow DynaMight :dynamight: Patrick Hofmann pahofmann has shared several Postman collections for the different Dynatrace API's with the community.
Encouraged by this because I use them daily, I created a Postman Collection for the new Account management API following the guidelines used in the ones created by Patrick.
I share the steps to get this working in your Postman client.
 

1. Create an Oauth2 Client in Dynatrace

For more reference in this step you can take a look at this post from @AgataWlodarczyk with a video from @adam_gardner 

  1. Open the User menu and select Account settings (in latest Dynatrace, Account Management).

  2. On the top navigation bar, go to Identity & access management > OAuth clients.

  3. Select Create client.

  4. Provide an email of the user who owns the client.

  5. Provide a description for the new client.

  6. Select the required token scopes. These are the scopes that the client will be able to grant. Tokens generated by the client might have different scope sets.

    • Allow read access for identity resources (users and groups) account-idm-read
    • Allow write access for identity resources (users and groups) account-idm-write
    • Allow read access for environment resources account-env-read
    • Allow write access for environment resources account-env-write
    • Allow read access for usage and consumption resources account-uac-read
    • Allow write access for usage and consumption resources account-uac-write
    • Allow IAM policy configuration for environments. iam-policies-management; iam:policies:read; iam:policies:write; iam:bindings:read; iam:bindings:write; iam:effective-permissions:read.

  7. Select Create client.

  8. Copy the generated information to the clipboard. Store it in a password manager for future use.

 

2. Create an Environment for your Collection in Postman

 

EnvironmentEnvironment

  1. Select Environments.
  2. Click the + sign.
  3. Name your Environment.
  4. The environment needs that you define these variables:
    • DT_CLIENT_ID Provided when you create the Oauth2 client in step 1.
    • DT_CLIENT_SECRET Provided when you create the Oauth2 client in step 1.
    • DT_ACCOUNT_URN Provided when you create the Oauth2 client in step 1.
    • DT_UUID Same value of DT_ACCOUNT_URN but stripping the urn:account:
    • DT_SCOPE A list of required scopes separated by a whitespace.
    • DT_TOKEN_URL ⚠️ PLEASE DON'T CHANGE THIS VALUE ⚠️ The URL https://sso.dynatrace.com/sso/oauth2/token where you need to obtain your Bearer token after create the Oauth2 client.
    • DT_TOKEN_NAME The name for your token.
    • DT_TOKEN In this variable you will store your assigned dynamic token.
    • DT_HOST ⚠️ PLEASE DON'T CHANGE THIS VALUE ⚠️ The URL api.dynatrace.com of the Dynatrace API for Account Management.
  5. Leave this Environment Selected.

 

3. Import Dynatrace Account Management API Collection

 

ImportImport

  1. Download the Dynatrace Account Management JSON from the repository.
  2. Select Collections.
  3. Click on Import and choose the previously downloaded JSON.
  4. Your Dynatrace Account Management API v1 Collection has been added to your collection.

 

4. Get your Bearer Token

 

Get your Bearer TokenGet your Bearer Token

  1. ⚠️ DON'T FORGET TO HAVE SELECTED THE ENVIRONMENT CREATED IN STEP 2 ⚠️
  2. Select your recently imported Dynatrace Account Management API v1 Collection.
  3. Click on the Authorization tab.
  4. Click on Get New Access Token.
  5. Wait until the token has been collected.
  6. Click on Use Token.
  7. ⚠️ BE SURE TO SELECT ALL YOUR TOKEN ⚠️ And then select Set as variable.
  8. Choose the DT_TOKEN variable to store your new Bearer Token.

 

5. Ready, Set, Go 🚦

 

Using CollectionUsing Collection

  1. ⚠️ DON'T FORGET TO HAVE SELECTED THE ENVIRONMENT CREATED IN STEP 2 ⚠️
  2. Select Collections.
  3. Then Select the Request you want to use and check the parameters.
  4. Click on Send.
  5. And if everything goes well you get your Response.
Dynatrace Certified Professional @ www.dosbyte.com
Reply
17 REPLIES 17

ChadTurner
DynaMight Legend
DynaMight Legend

‎18 Aug 2023 07:16 PM

Thank you for documenting this @DanielS 

-Chad
Reply

DanielS
DynaMight Guru
DynaMight Guru
In response to ChadTurner

‎18 Aug 2023 09:32 PM

Your welcome @ChadTurner. The use of Oauth2 clients to obtain valid Bearer tokens is what is coming to Dynatrace API.

Dynatrace Certified Professional @ www.dosbyte.com
0 Kudos
Reply

dannemca
DynaMight Guru
DynaMight Guru

‎18 Aug 2023 09:15 PM

This is gold!

Site Reliability Engineer @ Kyndryl
Reply

DanielS
DynaMight Guru
DynaMight Guru
In response to dannemca

‎18 Aug 2023 09:34 PM

Thanks @dannemca It took me a while to implement it in Postman, but it will surely be very useful for interacting with the API. I'm thinking improvements for future releases.

Dynatrace Certified Professional @ www.dosbyte.com
0 Kudos
Reply

Mizső
DynaMight Guru
DynaMight Guru

‎19 Aug 2023 09:21 AM

WOW!

This is a very good and detailed guide! Thanks for sharing it @DanielS !

Dynatrace Community RockStar 2024, Certified Dynatrace Professional
Reply

DanielS
DynaMight Guru
DynaMight Guru
In response to Mizső

‎23 Aug 2023 02:53 PM

Thanks @Mizső hope it helps.

Dynatrace Certified Professional @ www.dosbyte.com
Reply

Kenny_Gillette
DynaMight Leader
DynaMight Leader

‎21 Aug 2023 01:05 PM

GOLDEN!!!

Dynatrace Certified Professional
Reply

DanielS
DynaMight Guru
DynaMight Guru
In response to Kenny_Gillette

‎23 Aug 2023 02:54 PM

Thanks @Kenny_Gillette 

Dynatrace Certified Professional @ www.dosbyte.com
Reply

Malaik
Leader

‎10 Sep 2023 12:46 PM

Awesome, Thanks to share.

Sharing Knowledge
Reply

PedroDeodato
DynaMight Pro
DynaMight Pro

‎11 Sep 2023 10:28 AM

As a Partner who often needs to manage several Accounts, this is so very very useful!! Thank you, @DanielS !!

Best regards, Pedro Deodato
Reply

DanielS
DynaMight Guru
DynaMight Guru
In response to PedroDeodato

‎11 Sep 2023 05:02 PM

Glad to help @PedroDeodato 

Dynatrace Certified Professional @ www.dosbyte.com
0 Kudos
Reply

tijust1
Advisor

‎17 Nov 2023 11:27 PM

Thanks @DanielS for providing this valuable information. It helps me a lot while handling multiple environments. 

Tijust

Dynatrace Professional Certified
Reply

Leonardo_Val
Helper

‎19 Jul 2024 07:20 PM

Great contribution! Thank you so much!

Observability Manager - SDNET - Dynatrace Professional Certified
0 Kudos
Reply

djmnyc
Frequent Guest

‎05 Sep 2025 08:28 PM

This is amazing.  Thank you very much for putting this together.

I have one question, which I presume is from a slight UI change, but I am not sure.  In step 4 "Get Your Bearer Token" I followed everything through step 6 - Click on Use Token, but then I cannot for the life of me figure out how to set the token as a variable.  I cannot find the option "Set as Variable" anywhere within my Postman user interface.  I see this was originally created a few years ago.  By any chance has someone used this recently that can walk me through how to set the new bearer token as a variable, using the most recent version of Postman?   

Reply

DanielS
DynaMight Guru
DynaMight Guru
In response to djmnyc

‎05 Sep 2025 09:06 PM - edited ‎05 Sep 2025 09:09 PM

DanielS_1-1757102143869.png

 

Thank you @djmnyc , I appreciate your words and your good observation. The Postman UI has changed, and the process is now slightly different.

  1. Select all the token, then right-click.
  2. Go to Set and choose your "<ENVIRONMENT NAME>".
  3. Then select DT_TOKEN.

For some reason, when you do this, Postman adds a ↩️ CR LF (Carriage Return + Line Feed) character — I believe this is a bug.

4. To work around this, go to Environments.
5. Select your "<ENVIRONMENT NAME>".
6. Go to DT_TOKEN and manually erase the ↩️ CR LF character (you'll usually find it at the end of the value).

7. Then choose your favorite API and press Send — this should work.

 

Dynatrace Certified Professional @ www.dosbyte.com
0 Kudos
Reply

djmnyc
Frequent Guest
In response to DanielS

‎05 Sep 2025 09:21 PM

Oh wow.  That was quick!  

I was actually about to reply to say that I figured it out after poking around since my first post.  I was able to get it to work by selecting the entire token, making sure to only select up to the last visible character, right click, and assign to DT_TOKEN.  This worked for me!  Thanks so much.

Quick follow up question ... and I would imagine this is a common audit request for other DT admins ...  but I cannot find an easy solution online.  I have been asked to provide a user list, with all permissions for each user.  So, I would like to produce a user list with all the groups that each user is a member of.  I see the DT Acct Mgmt API has a call to get all users and another API call that will retrieve all groups for a given user.  I would imagine someone has solved this before with scripting, where you get the full user list, store in an array/list of some sort, and then iterate through that collection calling the group API for each user.  Each iteration would add the group membership list for each user in some sort of map.   Finally, the output could then be written as a simple CSV:

user1, group1, group2, group5
user2, group1, group3
user3, group3, group5
etc

I am completely new to Postman and learning python.  Is this something that can easily be done with Postman?  Have you seen this done before?  

Reply

DanielS
DynaMight Guru
DynaMight Guru
In response to djmnyc

‎05 Sep 2025 09:39 PM

Yes I use a lot Postman Flows, it is a great tool to help you navigate the API's and simplify data extraction.

I work with three main group levels, where each higher-level group inherits the permissions of the previous one and adds some additional capabilities. To simplify, let's call them: User, Power User, and Admin.

Each group is associated with specific IAM policies, and may or may not include permission boundaries, depending on the case.

Since this structure is replicated across each Business Unit in the company, I only maintain and deliver the core set of policies for User, Power User, and Admin.

If someone wants to understand what a given user can do — and considering we have around 17,000 users, each typically assigned to only one group — I suggest they take a random sample from the user base. Once I receive that subset, I can extract and provide the relevant permission details for analysis. Hope it helps

Dynatrace Certified Professional @ www.dosbyte.com
0 Kudos
Reply
Ask a question

Featured Posts