ListIncidents
Retrieve all incidents for your organization, including related objects like users and attachments. Manage pagination with size and offset parameters for precise control over the response data.
Instructions
Get all incidents for the user's organization.
Query Parameters:
include: Specifies which types of related objects should be included in the response.
page[size]: Size for a given page. The maximum allowed value is 100.
page[offset]: Specific offset to use as the beginning of the returned page.
Responses:
200 (Success): OK
Content-Type:
application/jsonResponse Properties:
data: An array of incidents.
included: Included related resources that the user requested.
Example:
{
"data": [
{
"attributes": {
"created": "2020-04-21T15:34:08.627205+00:00",
"creation_idempotency_key": null,
"customer_impact_duration": 0,
"customer_impact_end": null,
"customer_impact_scope": null,
"customer_impact_start": null,
"customer_impacted": false,
"detected": "2020-04-14T00:00:00+00:00",
"incident_type_uuid": "00000000-0000-0000-0000-000000000001",
"modified": "2020-09-17T14:16:58.696424+00:00",
"public_id": 1,
"resolved": null,
"severity": "SEV-1",
"time_to_detect": 0,
"time_to_internal_response": 0,
"time_to_repair": 0,
"time_to_resolve": 0,
"title": "Example Incident"
},
"id": "00000000-aaaa-0000-0000-000000000000",
"relationships": {
"attachments": {
"data": [
{
"id": "00000000-9999-0000-0000-000000000000",
"type": "incident_attachments"
},
{
"id": "00000000-1234-0000-0000-000000000000",
"type": "incident_attachments"
}
]
},
"commander_user": {
"data": {
"id": "00000000-0000-0000-cccc-000000000000",
"type": "users"
}
},
"created_by_user": {
"data": {
"id": "00000000-0000-0000-cccc-000000000000",
"type": "users"
}
},
"integrations": {
"data": [
{
"id": "00000000-0000-0000-4444-000000000000",
"type": "incident_integrations"
},
{
"id": "00000000-0000-0000-5555-000000000000",
"type": "incident_integrations"
}
]
},
"last_modified_by_user": {
"data": {
"id": "00000000-0000-0000-cccc-000000000000",
"type": "users"
}
}
},
"type": "incidents"
},
{
"attributes": {
"created": "2020-04-21T15:34:08.627205+00:00",
"creation_idempotency_key": null,
"customer_impact_duration": 0,
"customer_impact_end": null,
"customer_impact_scope": null,
"customer_impact_start": null,
"customer_impacted": false,
"detected": "2020-04-14T00:00:00+00:00",
"incident_type_uuid": "00000000-0000-0000-0000-000000000002",
"modified": "2020-09-17T14:16:58.696424+00:00",
"public_id": 2,
"resolved": null,
"severity": "SEV-5",
"time_to_detect": 0,
"time_to_internal_response": 0,
"time_to_repair": 0,
"time_to_resolve": 0,
"title": "Example Incident 2"
},
"id": "00000000-1111-0000-0000-000000000000",
"relationships": {
"attachments": {
"data": [
{
"id": "00000000-9999-0000-0000-000000000000",
"type": "incident_attachments"
}
]
},
"commander_user": {
"data": {
"id": "00000000-aaaa-0000-0000-000000000000",
"type": "users"
}
},
"created_by_user": {
"data": {
"id": "00000000-aaaa-0000-0000-000000000000",
"type": "users"
}
},
"integrations": {
"data": [
{
"id": "00000000-0000-0000-0001-000000000000",
"type": "incident_integrations"
},
{
"id": "00000000-0000-0000-0002-000000000000",
"type": "incident_integrations"
}
]
},
"last_modified_by_user": {
"data": {
"id": "00000000-aaaa-0000-0000-000000000000",
"type": "users"
}
}
},
"type": "incidents"
}
],
"included": [
"unknown_type"
],
"meta": "unknown_type"
}400: Bad Request
Content-Type:
application/jsonResponse Properties:
errors: A list of errors.
Example:
{
"errors": [
"Bad Request"
]
}401: Unauthorized
Content-Type:
application/jsonResponse Properties:
errors: A list of errors.
Example:
{
"errors": [
"Bad Request"
]
}403: Forbidden
Content-Type:
application/jsonResponse Properties:
errors: A list of errors.
Example:
{
"errors": [
"Bad Request"
]
}404: Not Found
Content-Type:
application/jsonResponse Properties:
errors: A list of errors.
Example:
{
"errors": [
"Bad Request"
]
}429: Too many requests
Content-Type:
application/jsonResponse Properties:
errors: A list of errors.
Example:
{
"errors": [
"Bad Request"
]
}Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| include | No | Specifies which types of related objects should be included in the response. | |
| page[offset] | No | Specific offset to use as the beginning of the returned page. | |
| page[size] | No | Size for a given page. The maximum allowed value is 100. |
Output Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| data | Yes | An array of incidents. | |
| meta | No | ||
| included | No | Included related resources that the user requested. |
Implementation Reference
- datadog_mcp/server.py:75-146 (registration)Whitelists the Datadog /api/v2/incidents endpoint (line 113) as a safe read-only MCP tool via RouteMap with MCPType.TOOL. This registers the 'ListIncidents' tool (derived from OpenAPI operationId) for proxying GET requests to Datadog incidents API.
def _get_route_filters(self) -> list[RouteMap]: """Get route filtering rules for safe observability-focused tools. Security Model: 1. DENY ALL destructive operations (POST, PUT, PATCH, DELETE) 2. ALLOW ONLY specific read-only GET endpoints 3. DEFAULT DENY everything else This whitelist approach ensures only safe, read-only operations are exposed through the MCP interface. """ # Define safe read-only endpoints for observability workflows safe_endpoints = [ # Metrics and time-series data r"^/api/v2/metrics.*", # Query metrics data r"^/api/v2/query/.*", # Time-series queries # Dashboards and visualizations r"^/api/v2/dashboards.*", # Dashboard configurations r"^/api/v2/notebooks.*", # Notebook data # Monitoring and alerts r"^/api/v2/monitors.*", # Monitor configurations r"^/api/v2/downtime.*", # Scheduled downtimes r"^/api/v2/synthetics.*", # Synthetic tests # Logs and events r"^/api/v2/logs/events/search$", # Search logs r"^/api/v2/logs/events$", # List log events r"^/api/v2/logs/config.*", # Log pipeline configs # APM and traces r"^/api/v2/apm/.*", # APM data r"^/api/v2/traces/.*", # Trace data r"^/api/v2/spans/.*", # Span data # Infrastructure r"^/api/v2/hosts.*", # Host information r"^/api/v2/tags.*", # Tag management (read) r"^/api/v2/usage.*", # Usage statistics # Service management r"^/api/v2/services.*", # Service catalog r"^/api/v2/slos.*", # Service level objectives r"^/api/v2/incidents.*", # Incident management # Security and compliance r"^/api/v2/security_monitoring.*", # Security signals r"^/api/v2/cloud_workload_security.*", # CWS data # Teams and organization (read-only) r"^/api/v2/users.*", # User information r"^/api/v2/roles.*", # Role information r"^/api/v2/teams.*", # Team structure # API metadata r"^/api/v2/api_keys$", # List API keys (no create/delete) r"^/api/v2/application_keys$", # List app keys (no create/delete) ] filters = [ # SECURITY: Block ALL destructive operations first RouteMap( methods=["POST", "PUT", "PATCH", "DELETE"], mcp_type=MCPType.EXCLUDE ), ] # Add whitelisted read-only endpoints filters.extend( RouteMap( pattern=pattern, methods=["GET"], mcp_type=MCPType.TOOL, ) for pattern in safe_endpoints ) # SECURITY: Default deny everything else filters.append(RouteMap(pattern=r".*", mcp_type=MCPType.EXCLUDE)) return filters - datadog_mcp/server.py:174-178 (handler)Creates the FastMCP server instance using the OpenAPI spec and route maps, generating handlers for all whitelisted endpoints including incidents. The handler proxies authenticated requests to Datadog API.
self.mcp_server = FastMCP.from_openapi( openapi_spec=openapi_spec, client=auth_client, route_maps=route_maps, ) - datadog_mcp/server.py:65-74 (helper)Creates the authenticated httpx client passed to FastMCP, used by all tool handlers including ListIncidents for API calls.
async def _create_authenticated_client(self) -> httpx.AsyncClient: """Create an authenticated HTTP client for Datadog API calls.""" headers = self.datadog_client.get_auth_headers() return httpx.AsyncClient( base_url=self.config.datadog.base_url, headers=headers, timeout=self.config.datadog.timeout, ) - datadog_mcp/server.py:36-64 (schema)Loads the Datadog OpenAPI specification containing input/output schemas for the incidents endpoints, used to generate MCP tool schemas including ListIncidents.
def _load_openapi_spec(self) -> dict[str, Any]: """Load the OpenAPI specification from file or use bundled version.""" import logging logger = logging.getLogger("datadog_mcp") # Use custom path if provided, otherwise use bundled spec if self.config.datadog.openapi_spec_path: spec_path = Path(self.config.datadog.openapi_spec_path) logger.info(f"Using custom OpenAPI spec: {spec_path}") else: spec_path = self._get_bundled_spec_path() logger.info("Using bundled OpenAPI spec") try: with open(spec_path, encoding="utf-8") as f: if spec_path.suffix in [".yaml", ".yml"]: import yaml spec: dict[str, Any] = yaml.safe_load(f) else: spec = json.load(f) return spec except FileNotFoundError as e: msg = f"OpenAPI spec file not found: {spec_path}" raise FileNotFoundError(msg) from e except (json.JSONDecodeError, yaml.YAMLError) as e: msg = f"Invalid specification in file {spec_path}: {e}" raise ValueError(msg) from e