Resources/The Agent API Atlas/Developer/Datadog

Everything an AI agent can do with the Datadog API.

A reference guide for building AI agents: every method, how to authenticate, and the permissions each one needs.

Endpoints45

API versionv2

Last updated23 June 2026

Orientation

How the Datadog API works.

The Datadog API is how an app or AI agent works with a Datadog account: submitting and querying metrics, creating and editing monitors, searching logs, opening incidents, and reading the hosts that report in. Access is granted through an API key that identifies the organization, plus an application key for endpoints that read or manage data, and that application key can be limited to scopes that set which areas a call may reach. Datadog runs two API versions side by side, and it organizes everything by observability area, each with its own scope.

45Endpoints

9Capability groups

25Read

20Write

14Permissions

Authentication

Datadog authenticates with two keys rather than OAuth for first-party calls. Every request sends an API key in the DD-API-KEY header, which identifies the organization. Endpoints that read or manage data also need an application key in the DD-APPLICATION-KEY header. Submission endpoints, like sending metrics and logs and posting events, need only the API key. Third-party integrations and the MCP server can use OAuth 2.0 instead.

Permissions

The application key is the key that carries permissions. By default it inherits the permissions of the user or service account that created it, and it can be restricted to authorization scopes that name exactly what it may reach, like metrics_read, monitors_write, dashboards_read, logs_read_data, events_read, incident_write, slos_read, hosts_read, and monitors_downtime. A request whose application key lacks the endpoint's scope is refused with a 403. Datadog recommends scoping keys to least privilege.

Versioning

Datadog runs two API versions at once. The original endpoints live under v1, and newer areas live under v2, with some areas, like metrics queries, downtimes, and events, having both a v1 and a v2 form. There is no dated version string to pin; an integration calls each endpoint at the version its reference page documents, and Datadog migrates areas to v2 over time.

Data model

The API is organized by observability area: metrics, monitors, dashboards, logs, events, incidents, downtimes, service level objectives, and hosts, each with its own endpoints and scope. It is JSON over HTTPS at a regional site host, like api.datadoghq.com or api.datadoghq.eu, with some submission traffic going to a dedicated intake host. Newer v2 areas follow a JSON:API-style envelope with a data object, type, and attributes.

Connect & authenticate

Connection & authentication methods.

How an app or AI agent connects to Datadog determines what it can reach. There is a route for making calls, a route for receiving data, and a hosted server that exposes Datadog tools to agents, and each is governed by the keys behind it and the scopes those keys carry.

Ways to connect

REST API

The REST API answers at api.datadoghq.com (and regional sites such as api.datadoghq.eu, api.us5.datadoghq.com, and others). It runs two versions side by side: older areas under v1 and newer areas under v2. A call authenticates with an API key in the DD-API-KEY header, and read endpoints also require an application key in the DD-APPLICATION-KEY header. Some submission endpoints use a dedicated intake host, like http-intake.logs.datadoghq.com for logs.

Best forConnecting an app or AI agent to Datadog.

Governed byThe API key, the application key, and the scopes that key carries.

Docs ↗

MCP server (Model Context Protocol)

Datadog's hosted MCP server gives an AI agent live access to observability data and tools, covering APM, logs, metrics, monitors, dashboards, security signals, and more. It went generally available on 10 March 2026. The endpoint is the per-site MCP host, like https://mcp.datadoghq.com, and a toolsets query parameter enables specific tool groups. It authenticates with OAuth 2.0, or with an API key and application key sent as DD_API_KEY and DD_APPLICATION_KEY headers.

Best forConnecting an AI agent to Datadog through MCP.

Governed byThe OAuth grant, or the API key and application key and the scopes they carry.

Docs ↗

Authentication

API key

An API key identifies the organization and is required on every request, sent in the DD-API-KEY header. Data submission endpoints, like sending metrics, logs, and posting events, need only the API key. An organization has between one and 50 API keys.

TokenAPI key (DD-API-KEY header)

Best forSubmitting metrics, logs, and events.

Docs ↗

Application key

An application key is required, alongside the API key, on endpoints that read or manage data, sent in the DD-APPLICATION-KEY header. By default it inherits the permissions of the user or service account that created it. It is the key that carries scopes.

TokenApplication key (DD-APPLICATION-KEY header)

Best forReading and managing data through the API.

Docs ↗

Scoped application key

An application key can be restricted to authorization scopes, like metrics_read, monitors_write, dashboards_read, logs_read_data, or incident_write, so it reaches only the data and actions those scopes name. Scoping follows least privilege, and a key with no matching scope is refused. This is the least-privilege choice for connecting to Datadog.

TokenApplication key with authorization scopes

Best forLeast-privilege access scoped to specific areas.

Docs ↗

OAuth 2.0

OAuth 2.0 lets a third-party integration connect to a Datadog organization with the account owner's consent, granting access to a set of scopes rather than sharing raw keys. The Datadog MCP server uses OAuth 2.0 for authentication.

TokenOAuth access token

Best forThird-party integrations and the MCP server.

Docs ↗

Capability map

What an AI agent can do in Datadog.

The Datadog API is split into areas an agent can act on, like metrics, monitors, dashboards, logs, incidents, and hosts. Each area has its own methods and its own scope, and writes in some areas page on-call people or silence alerting.

Metrics

6 endpoints

Submit metric points, query timeseries and scalar data, list active metrics, and read a metric's metadata and tags.

Writes here submit real metric data to the account.

View endpoints →

Monitors

5 endpoints

Create, read, list, edit, and delete monitors, the alert definitions that watch metrics, logs, and more.

Writes here change real alerting and can silence or fire alerts.

View endpoints →

Dashboards

5 endpoints

Create, read, list, update, and delete dashboards.

Writes here change real dashboard data shared across a team.

View endpoints →

Logs

4 endpoints

Send logs over HTTP, search and list log events, and aggregate them into analytics.

Writes here submit real log data to the account.

View endpoints →

Events

4 endpoints

Post an event to the events stream, and list, search, and read events.

Writes here post real events to the account's stream.

View endpoints →

Incidents

6 endpoints

Create, read, list, update, search, and delete incidents.

Writes here change real incident records people coordinate around.

View endpoints →

Downtimes

5 endpoints

Schedule, read, list, update, and cancel downtimes, the windows that mute monitor alerting.

Writes here silence alerting for a scope of monitors.

View endpoints →

Service Level Objectives

6 endpoints

Create, read, list, update, and delete service level objectives, and read an objective's history.

Writes here change real reliability targets and their reporting.

View endpoints →

Hosts

4 endpoints

List hosts, read the active-host totals, and mute or unmute a single host.

Muting a host stops its monitors from alerting.

View endpoints →

Endpoint reference

Every Datadog API method.

Filter by method, access, or permission, or search any path. Select a row for version detail, rate limits, the related webhook event, and the source.

Hide deprecated

Method	Endpoint	What it does	Access	Permission	Version
Metrics Submit metric points, query timeseries and scalar data, list active metrics, and read a metric's metadata and tags.6
POST	`/api/v2/series`	Submit metric points so they can be graphed on dashboards.	write	—	Current
Submission needs only the API key (DD-API-KEY), no application key or scope. Data point submission is not rate limited. Acts onmetric Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/api/v2/query/timeseries`	Query timeseries data across multiple Datadog products.	read	`timeseries_query`	Current
The timeseries_query scope also covers the v1 query endpoint and scalar queries. Acts onmetric Permission (capability)`timeseries_query` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/api/v2/query/scalar`	Query scalar values across multiple Datadog products.	read	`timeseries_query`	Current
Returns a single computed value per query rather than a series. Acts onmetric Permission (capability)`timeseries_query` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/v1/query`	Query timeseries points over a time range (the older v1 metrics query).	read	`timeseries_query`	Current
The v1 query endpoint, superseded by the v2 timeseries query but still supported. Acts onmetric Permission (capability)`timeseries_query` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/v1/metrics`	Get the list of metrics actively reporting in a time window.	read	`metrics_read`	Current
Read-only. Acts onmetric Permission (capability)`metrics_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/v1/metrics/{metric_name}`	Get the metadata for a metric, like its unit and description.	read	`metrics_read`	Current
Read-only. Acts onmetric Permission (capability)`metrics_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Monitors Create, read, list, edit, and delete monitors, the alert definitions that watch metrics, logs, and more.5
POST	`/api/v1/monitor`	Create a monitor.	write	`monitors_write`	Current
A core write; creates an alert definition that can page people. Acts onmonitor Permission (capability)`monitors_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/v1/monitor/{monitor_id}`	Get a single monitor's details.	read	`monitors_read`	Current
Read-only. Acts onmonitor Permission (capability)`monitors_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/v1/monitor`	Get all monitors, with optional filtering.	read	`monitors_read`	Current
Read-only. Acts onmonitor Permission (capability)`monitors_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/api/v1/monitor/{monitor_id}`	Edit an existing monitor.	write	`monitors_write`	Current
Can change thresholds, message, and notification targets. Acts onmonitor Permission (capability)`monitors_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/api/v1/monitor/{monitor_id}`	Delete a monitor.	write	`monitors_write`	Current
Removes the alert definition; existing alerting stops. Acts onmonitor Permission (capability)`monitors_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Dashboards Create, read, list, update, and delete dashboards.5
POST	`/api/v1/dashboard`	Create a dashboard.	write	`dashboards_write`	Current
A core catalog write. Acts ondashboard Permission (capability)`dashboards_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/v1/dashboard/{dashboard_id}`	Get a dashboard.	read	`dashboards_read`	Current
Read-only. Acts ondashboard Permission (capability)`dashboards_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/v1/dashboard`	Get all dashboards.	read	`dashboards_read`	Current
Read-only. Acts ondashboard Permission (capability)`dashboards_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/api/v1/dashboard/{dashboard_id}`	Update a dashboard.	write	`dashboards_write`	Current
Overwrites the dashboard definition. Acts ondashboard Permission (capability)`dashboards_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/api/v1/dashboard/{dashboard_id}`	Delete a dashboard.	write	`dashboards_write`	Current
Irreversible. Acts ondashboard Permission (capability)`dashboards_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Logs Send logs over HTTP, search and list log events, and aggregate them into analytics.4
POST	`/api/v2/logs`	Send logs over HTTP to the log intake endpoint.	write	—	Current
Intake needs only the API key (DD-API-KEY), no application key or scope, and goes to the http-intake.logs host. Log submission is not rate limited. Acts onlog Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/api/v2/logs/events/search`	Search log events with a structured query body.	read	`logs_read_data`	Current
The logs_read_data scope returns log content, which can include sensitive data captured in logs. Acts onlog Permission (capability)`logs_read_data` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/v2/logs/events`	Get a list of log events with query parameters.	read	`logs_read_data`	Current
Read-only; the GET form of the search endpoint. Acts onlog Permission (capability)`logs_read_data` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/api/v2/logs/analytics/aggregate`	Aggregate log events into computed analytics buckets.	read	`logs_read_data`	Current
Read-only; returns counts and aggregates rather than raw log lines. Acts onlog Permission (capability)`logs_read_data` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Events Post an event to the events stream, and list, search, and read events.4
POST	`/api/v1/events`	Post an event to the events stream.	write	—	Current
The v1 post needs only the API key (DD-API-KEY), no application key or scope. Event submission is capped at 250,000 events per minute per organization. Acts onevent Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 events/min per org SourceOfficial documentation ↗
GET	`/api/v2/events`	Get a list of events from the events stream.	read	`events_read`	Current
Read-only; the v2 events list. Acts onevent Permission (capability)`events_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/api/v2/events/search`	Search events with a structured query body.	read	`events_read`	Current
Read-only. Acts onevent Permission (capability)`events_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/v2/events/{event_id}`	Get the details of a single event.	read	`events_read`	Current
Read-only. Acts onevent Permission (capability)`events_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Incidents Create, read, list, update, search, and delete incidents.6
POST	`/api/v2/incidents`	Create an incident.	write	`incident_write`	Current
A core write; opens an incident record people coordinate around. Acts onincident Permission (capability)`incident_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/v2/incidents/{incident_id}`	Get the details of an incident.	read	`incident_read`	Current
Read-only. Acts onincident Permission (capability)`incident_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/v2/incidents`	Get a list of incidents.	read	`incident_read`	Current
Read-only. Acts onincident Permission (capability)`incident_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/api/v2/incidents/{incident_id}`	Update an incident's attributes.	write	`incident_write`	Current
Can change state, severity, and assigned fields. Acts onincident Permission (capability)`incident_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/v2/incidents/search`	Search for incidents matching a query.	read	`incident_read`	Current
Read-only. Acts onincident Permission (capability)`incident_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/api/v2/incidents/{incident_id}`	Delete an incident.	write	`incident_write`	Current
Irreversible. Acts onincident Permission (capability)`incident_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Downtimes Schedule, read, list, update, and cancel downtimes, the windows that mute monitor alerting.5
POST	`/api/v2/downtime`	Schedule a downtime to mute monitor alerting for a scope.	write	`monitors_downtime`	Current
The monitors_downtime scope silences alerts for the scoped monitors during the window. Acts ondowntime Permission (capability)`monitors_downtime` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/v2/downtime/{downtime_id}`	Get a downtime's details.	read	`monitors_downtime`	Current
The same monitors_downtime scope governs reading and writing downtimes. Acts ondowntime Permission (capability)`monitors_downtime` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/v2/downtime`	Get all scheduled downtimes.	read	`monitors_downtime`	Current
Lists active and scheduled downtimes. Acts ondowntime Permission (capability)`monitors_downtime` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/api/v2/downtime/{downtime_id}`	Update a downtime's schedule or scope.	write	`monitors_downtime`	Current
Can extend or change which monitors are muted. Acts ondowntime Permission (capability)`monitors_downtime` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/api/v2/downtime/{downtime_id}`	Cancel a downtime so alerting resumes.	write	`monitors_downtime`	Current
Ends the mute window early and re-enables alerting. Acts ondowntime Permission (capability)`monitors_downtime` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Service Level Objectives Create, read, list, update, and delete service level objectives, and read an objective's history.6
POST	`/api/v1/slo`	Create a service level objective.	write	`slos_write`	Current
A core write; defines a reliability target and its budget. Acts onslo Permission (capability)`slos_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/v1/slo/{slo_id}`	Get a service level objective's details.	read	`slos_read`	Current
Read-only. Acts onslo Permission (capability)`slos_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/v1/slo`	Get a list of service level objectives.	read	`slos_read`	Current
Read-only. Acts onslo Permission (capability)`slos_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/api/v1/slo/{slo_id}`	Update a service level objective.	write	`slos_write`	Current
Overwrites the objective definition. Acts onslo Permission (capability)`slos_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/api/v1/slo/{slo_id}`	Delete a service level objective.	write	`slos_write`	Current
Irreversible. Acts onslo Permission (capability)`slos_write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/v1/slo/{slo_id}/history`	Get a service level objective's status history over a time range.	read	`slos_read`	Current
Read-only; returns the achieved level and error budget over the window. Acts onslo Permission (capability)`slos_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Hosts List hosts, read the active-host totals, and mute or unmute a single host.4
GET	`/api/v1/hosts`	Get the list of reporting hosts.	read	`hosts_read`	Current
Read-only. Acts onhost Permission (capability)`hosts_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/api/v1/hosts/totals`	Get the total number of active and up hosts.	read	`hosts_read`	Current
Read-only. Acts onhost Permission (capability)`hosts_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/api/v1/host/{host_name}/mute`	Mute a host so its monitors stop alerting.	write	`hosts_read`	Current
Muting and unmuting a host both fall under the hosts_read scope, even though they change alerting. Acts onhost Permission (capability)`hosts_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/api/v1/host/{host_name}/unmute`	Unmute a host so its monitors alert again.	write	`hosts_read`	Current
Re-enables alerting for the host. Acts onhost Permission (capability)`hosts_read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗

No endpoints match those filters.

Webhooks

Webhook events.

Datadog sends data out through its own integrations rather than a single webhook feed. A monitor or an event can route a notification to a chosen destination, like Slack, email, or a generic webhook integration, when an alert triggers.

Event	What it signals	Triggered by

No events match that search.

Rate limits & pagination

Rate limits, pagination & request size.

Datadog limits how fast an app or AI agent can call most read endpoints, while data submission for metrics and logs is not rate limited, and it reports the current state through a set of response headers.

Request rate

Datadog rate limits many read and management endpoints, while data submission is treated separately: metric point submission and the log intake are not rate limited, and event submission is capped at 250,000 events per minute per organization. The limit on a rate-limited endpoint varies by endpoint and can be raised on request. Every rate-limited response carries a set of headers that report the current state: X-RateLimit-Limit is how many requests are allowed in the period, X-RateLimit-Period is the reset window in seconds, X-RateLimit-Remaining is how many requests are left, X-RateLimit-Reset is the seconds until the next reset, and X-RateLimit-Name identifies the limit for an increase request. Exceeding a limit returns HTTP 429, and a caller should wait the period before calling again or settle into a rate just under the limit.

Pagination

List endpoints page through results, with the model depending on the area. Many v2 endpoints, like logs and events, use cursor-based pagination, returning a cursor in the response metadata to pass on the next request, while some v1 endpoints page by an offset or a page index. Each endpoint's reference page documents its own page-size parameter and default.

Request size

Page sizes are set per endpoint, with logs and events search commonly defaulting to a modest page and allowing a larger maximum. The HTTP log intake accepts a payload up to 5 MB per request and up to 1,000 log entries per array, and a single log entry is capped at 1 MB. Specific size ceilings are documented on each endpoint's reference page.

Errors

Status codes & error handling.

The status codes an agent should handle, and what to do about each.

Status	Code	Meaning	What to do
400	`Bad Request`	The request was malformed, like an invalid query, a missing required field, or a body that fails validation.	Read the errors array in the response, correct the request, and resend.
403	`Forbidden`	Authentication failed or access was denied. The API key or application key is missing or invalid, or the application key lacks a scope the endpoint requires.	Confirm both keys are sent and valid, and grant the application key the scope the endpoint needs.
404	`Not Found`	The requested resource does not exist, or the keys cannot see it.	Verify the path and identifier, and confirm the keys belong to the right organization and site.
429	`Too Many Requests`	A rate limit was exceeded on a rate-limited endpoint. The X-RateLimit headers describe the limit and when it resets.	Wait for the period named in X-RateLimit-Period or X-RateLimit-Reset, then retry, and slow the call rate.

Versioning & freshness

Version history.

Datadog runs two API versions side by side. The older v1 endpoints and the newer v2 endpoints coexist, and a given area lives under whichever version documents it, with newer areas built on v2.

Version history

What changed, and when

Latest versionv2

v2Current version

The newer v2 API (current for new areas)

Datadog's v2 API is the current generation, used for newer areas and for the modern form of migrated areas. It follows a JSON:API-style envelope with a data object carrying a type and attributes. Newer areas, such as incidents, downtimes (current form), event management, and the multi-product timeseries and scalar queries, are built on v2, while older areas remain on v1. There is no dated version string to pin; each endpoint is called at the version its reference page documents.

What changed

Incidents: incident management is v2 only.
Downtimes: the current downtime endpoints are v2, replacing the v1 form.
Events: the v2 Event Management API adds list, search, and get alongside the v1 post.
Metrics: multi-product timeseries and scalar queries are v2.

The original v1 API (still supported)

The v1 API is the original generation and remains supported for the areas that still live on it. Monitors, dashboards, hosts, service level objectives, the v1 metrics query, and active-metrics and metadata reads are served by v1. Datadog continues to migrate areas to v2 over time, but v1 endpoints stay available where no v2 form exists.

What changed

Monitors, dashboards, hosts, and service level objectives are served by v1.
The original metrics query, active-metrics list, and metric metadata are v1.
Posting an event uses the v1 events endpoint.

An integration calls each endpoint at the version its reference page documents, mixing v1 and v2 as needed.

Datadog API reference ↗

Questions

Datadog API, answered.

What's the difference between an API key and an application key?+

An API key identifies the organization and goes in the DD-API-KEY header on every request. An application key goes in the DD-APPLICATION-KEY header and is required in addition to the API key on endpoints that read or manage data, such as listing monitors or creating a dashboard. Submission endpoints, like sending metrics or logs, need only the API key. The application key is the one tied to a user or service account and the one that carries scopes.

How do authorization scopes work?+

Scopes restrict an application key to a defined set of access, so a key reaches only the data and actions its scopes name, like metrics_read for reading metrics or monitors_write for changing monitors. By default a key inherits the permissions of whoever created it, and adding scopes narrows it. Datadog recommends least privilege, granting only the scopes an integration needs. A call whose key lacks the required scope returns a 403.

Which endpoints are rate limited, and what happens when I hit a limit?+

Many read and management endpoints are rate limited, while data submission is handled separately: metric and log submission are not rate limited, and event submission is capped at 250,000 events per minute per organization. A rate-limited response carries X-RateLimit headers naming the limit, the period, what is left, and when it resets. Going over returns a 429, and the caller should wait the period before retrying or hold a rate just under the limit. Many limits can be raised on request.

Why are there both v1 and v2 endpoints?+

Datadog has migrated to a newer v2 API area by area over time, so the original v1 endpoints and the newer v2 endpoints run side by side. Some areas exist in both forms, such as metrics queries, downtimes, and events, where the v2 form is the current one. There is no single dated version to pin: each endpoint is called at the version its reference page documents, and newer areas like incidents are v2 only.

How does an AI agent connect through the MCP server?+

Datadog runs a hosted MCP server, generally available since 10 March 2026, that exposes its observability tools to AI agents, covering metrics, logs, monitors, dashboards, incidents, and more. An agent points at the per-site MCP endpoint and authenticates with OAuth 2.0, or with an API key and application key sent as DD_API_KEY and DD_APPLICATION_KEY headers. A toolsets query parameter on the endpoint enables specific tool groups.

Which Datadog site host should requests use?+

Datadog runs separate regional sites, and a request must target the host for the organization's site, such as api.datadoghq.com for US1, api.datadoghq.eu for EU, or api.us5.datadoghq.com for US5, among others. Keys belong to one site and do not work across sites. Some submission traffic uses a dedicated intake host on the same site, like http-intake.logs.datadoghq.com for logs.

What is Bollard AI?

Control what every AI agent can do in Datadog.

Bollard AI sits between a team's AI agents and Datadog. Grant each agent exactly the access it needs, read or write, area by area, and every call is checked and logged.

Set read, write, or full access per agent, never a shared Datadog application key.
Denied by default, so an agent reaches only what has been explicitly allowed.
Every call recorded in plain English: who, what, where, and the decision.

Control Datadog access in Bollard Browse all APIs →

Datadog

Ops Agent

Read metrics & dashboards ResourceOffReadFull use

Create monitors ActionOffReadFull use

Manage incidents ResourceOffReadFull use

Per-agent access, set in Bollard AI, not in Datadog

How the Datadog API works.

Connection & authentication methods.

REST API

MCP server (Model Context Protocol)

API key

Application key

Scoped application key

OAuth 2.0

What an AI agent can do in Datadog.

Metrics

Monitors

Dashboards

Logs

Events

Incidents

Downtimes

Service Level Objectives

Hosts

Every Datadog API method.

Metrics

Monitors

Dashboards

Logs

Events

Incidents

Downtimes

Service Level Objectives

Hosts

Webhook events.

Rate limits, pagination & request size.

Request rate

Pagination

Request size

Status codes & error handling.

Version history.

What changed, and when

Datadog API, answered.

More developer API guides for agents

DigitalOcean

GitHub

Make

LaunchDarkly

Gitea

Grafana

Control what every AI agent can do in Datadog.