Datadog
The Datadog connector lets AI agents query metrics, inspect monitors, browse dashboards, and manage incidents — all via the Datadog REST API. Datadog uses dual API key authentication: an API Key and an Application Key are both required and stored encrypted in MCPGate's vault.
Authentication#
Datadog uses dual API key authentication. To connect:
- Sign in to Datadog and navigate to Organization Settings → API Keys
- Create or copy an existing API Key and paste it into the first field
- Navigate to Organization Settings → Application Keys, create a key, and paste it into the second field
- Ensure the user who owns the Application Key has the permissions listed below
Note
Ensure the user who owns the Application Key has the following permissions.
| Permission | Purpose |
|---|---|
| monitors_read | List and read monitor details |
| monitors_write | Create, update, and mute monitors |
| metrics_read | Query metric time series data |
| dashboards_read | List dashboards |
| incident_read | List Datadog incidents |
| incident_write | Create incidents |
Tool reference#
The Datadog connector exposes 10 tools. Use the MCP Apps page to enable or disable individual tools per app, and the Guardrails page to add fine-grained rules on top.
| Tool | Category | Description |
|---|---|---|
| datadog_list_monitors | read | List all Datadog monitors |
| datadog_get_monitor | read | Get a specific Datadog monitor by ID |
| datadog_query_metrics | read | Query Datadog metrics for a given time range and query string |
| datadog_list_dashboards | read | List all Datadog dashboards |
| datadog_list_incidents | read | List Datadog incidents |
| datadog_create_monitor | write | Create a new Datadog monitor |
| datadog_update_monitor | write | Update an existing Datadog monitor |
| datadog_mute_monitor | write | Mute a Datadog monitor |
| datadog_create_incident | write | Create a new Datadog incident |
| datadog_delete_monitor | delete | Delete a Datadog monitor by ID |
Common guardrail recipes#
Read-only access#
Enable only the five read tools. Deny all write and delete tools. Useful for metric querying and observability agents that surface dashboard data without modifying monitors.
Operate preset#
Enable read tools plus datadog_mute_monitor and datadog_update_monitor. Deny datadog_create_monitor, datadog_create_incident, and datadog_delete_monitor. This lets the AI silence noisy monitors during maintenance without the ability to add or remove them.
Protect production monitors#
Apply the allow_values template to datadog_delete_monitor and target the monitor_id field. Set an empty allow-list to effectively deny all deletions while keeping other write operations available.
Troubleshooting#
- Metrics query syntax —
datadog_query_metricsuses Datadog's standard metrics query syntax (e.g.avg:system.cpu.user{*}.rollup(avg, 60)). Invalid syntax returns a 400 error. - Application Key vs. API Key — Some Datadog operations require only the API Key, others require both. If a tool returns 403, verify the Application Key was entered and that the owning user has the required permissions.
- Site region — Datadog has regional endpoints (US1, EU1, US3, etc.). MCPGate defaults to the US1 endpoint (
api.datadoghq.com). If your organisation uses a different region, contact support.