MCP Server Guide
Datadog MCP Server: Official Setup and Safe Operations
Give an incident-response agent controlled access to logs, metrics, traces, monitors, dashboards, and security findings through Datadog’s hosted MCP service.
The short answer
Datadog provides an official remote MCP server with OAuth support. Access requires MCP permissions plus the underlying Datadog permissions for each operation.
What is the Datadog MCP server?
Datadog’s MCP server turns observability and security capabilities into tools that an agent can call during diagnosis. It can work across APM, logs, metrics, monitors, dashboards, incidents, and supported security products without a custom connector for each area.
The server does not replace Datadog authorization. Datadog documents mcp_read and mcp_write permissions, while the user also needs the normal permission for the resource being accessed. This makes read and write separation straightforward if roles are designed before connection.
What you should know before connecting it
Hosted remote service
Clients connect to Datadog’s remote MCP offering and authenticate with OAuth. Follow the setup URL for your Datadog site rather than copying a region-specific endpoint from an old guide.
Toolsets reduce exposure
Datadog supports selecting toolsets and omitting tools. Only advertise the capabilities required by the agent; a smaller tool list is safer and usually improves model selection.
Published usage limits
Datadog documents a burst limit of 50 requests per 10 seconds and a monthly allowance of 50,000 tool calls. Design investigations to avoid wasteful polling.
Setup plan
- Create a dedicated Datadog role — Begin with mcp_read and only the underlying read permissions needed for the selected products.
- Configure the remote server — Use Datadog’s site-aware setup instructions and complete OAuth in the MCP client.
- Select toolsets — Enable logs, APM, metrics, monitors, or security tools only where the agent has a defined workflow.
- Test real permission boundaries — Confirm that the identity can read approved resources and is denied access elsewhere.
- Enable operational review — Use Audit Trail records, client logs, budgets, and alerts to track MCP usage.
Useful agent workflows
Incident correlation
Move from an alert to related traces, logs, deployments, and dashboards while preserving links for an engineer to verify.
Monitor explanation
Explain what a monitor evaluates, summarize recent state changes, and suggest evidence-based next checks.
Security triage
Collect supported security findings and context for an analyst without automatically changing suppression or response settings.
Security checklist
- Start with mcp_read; grant mcp_write only to a separate role and workflow.
- Limit underlying logs, APM, monitor, dashboard, and security permissions.
- Use toolsets and omitted tools to reduce advertised capabilities.
- Apply Datadog IP allowlists where compatible with the client architecture.
- Monitor Audit Trail entries and stay within published call limits.
- Verify compliance requirements; Datadog notes that customers remain responsible for their MCP usage.
Treat every MCP tool as an API capability, not as a harmless chat feature. Start read-only, test in a non-production account, and require human approval for changes.
Frequently asked questions
Does Datadog have an official MCP server?
Yes. Datadog documents an official remote MCP server covering observability and supported security workflows.
What permissions does it need?
The identity needs mcp_read or mcp_write as appropriate, plus the normal underlying permission for each Datadog resource.
Can I limit the available tools?
Yes. Datadog documents toolsets and tool omission so clients can expose only the capabilities they need.
Primary documentation
Verify current endpoints, permissions, and preview limitations in the official Datadog MCP server documentation before production rollout. Vendor capabilities can change faster than third-party guides.
Run an MCP-ready AI agent without server maintenance
OpenClaw Launch handles the agent host, updates, and uptime so you can focus on safe tool design.
Configure your agent