19 May 2021 11:06 PM
I am trying to use the user management APIs, as they are shown in this page:
https://api.dynatrace.com/spec/#/User%20Management/UsersController_getUsers
when i click authorize at the top right it ask for a bearer, http, what is that?
should i enter a PAT, an API token or what exactly?
i also went to th eaccount management APIs section and generated client ID and secret, but as per your documentation, i am having issues to generate the Token from there, you have this snippet in there, is this snippet correct? does not look correct to me, why there is this strange string at the end on the parameters list: %3Adtaccount% ?
POST /sso/oauth2/token HTTP/1.1
Host: sso.dynatrace.com
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_id={your client id}&client_secret={your client secret}&scope=account-idm-read+account-idm-write&resource=urn%3Adtaccount%{your account UID}
Solved! Go to Solution.
21 May 2021 10:08 PM
Hi davide_piras,
The resource parameter is simply to let dynatrace SSO know that the token will be scoped to a particular account as users can be on multiple accounts. What you see is URL encoded. It will look something like this: urn:dtaccount:00000000000-0000-0000-000000-0000000000000 where the "0"'s would be replaced with our account UUID. Once you make the request you will get a JSON payload payload with a field called "access_token". You can copy this and paste it into the the swagger and run the request.
Thanks,
Ryan
22 May 2021 10:47 AM
Thanks Ryan, the documentation page doesn't only have that error, also the scope to be used is not:
scope=account-idm-read+account-idm-write
but the correct value is:
scope=account-idm-read account-idm-write
without a plus,
I got help from the consultant in the in-product chat, i understand url is encoded but as it is not clickable anyway and values should be replaced, that page would be more helpful if explaining clearly in details which value in each parameter for instance with a screenshot from Postman, SoapUI or whatever other http client...
anyway all worked now for me and i could successfully retrieve that token.
Thanks,
Davide
25 May 2021 04:01 PM
Hi Davide,
I really appreciate the feedback. I'll take this back to the team and see if we can come up with some simpler explanation.
Cheers!
Ryan
04 Jun 2025 04:55 PM
Indeed the format of the scope space separated format.
27 Sep 2023 03:30 PM
Hi, I have the same problem, is not working for me
https://www.dynatrace.com/support/help/shortlink/account-api-authentication#request-a-token
04 Jun 2025 04:53 PM
I guess you have already solved this, but this for the file:
Simple as Windows Batch file
curl -X POST "https://sso.dynatrace.com/sso/oauth2/token" ^
-H "Content-Type: application/x-www-form-urlencoded" ^
-d "grant_type=client_credentials" ^
-d "scope=THE_SCOPE_THAT_IS_NEEDED_FROM_THE_API_SWAGGER_PAGE" ^
-d "client_id=dt0s02.GU3CXFD6" ^
 "client_secret=OBTAINED_AFTER_CREATION_OF_OAUTH" ^
-d "resource=OBTAINED_AFTER_CREATION_OF_OAUTH"
You should get a response like this
