Datadog · OAuth Scopes

Datadog OAuth Scopes

OAuth 2.0 derived

Datadog publishes 68 OAuth 2.0 scopes via the authorizationCode flow. Scopes are the fine-grained permissions an application requests at authorization time to act against the Datadog API on a user’s behalf.

Tokens are issued from /oauth2/v1/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

AnalyticsDashboardsMonitoringPlatformT1Visualizations
Scopes: 68 Flows: authorizationCode Method: derived

OAuth endpoints

Authorization URL
/oauth2/v1/authorize
Token URL
/oauth2/v1/token
Flows
authorizationCode

Scopes (68)

ScopeDescriptionFlows
apm_api_catalog_read View API catalog and API definitions. authorizationCode
apm_api_catalog_write Add, modify, and delete API catalog definitions. authorizationCode
apm_read Read and query APM and Trace Analytics. authorizationCode
apm_service_catalog_read View service catalog and service definitions. authorizationCode
apm_service_catalog_write Add, modify, and delete service catalog definitions when those definitions are maintained by Datadog. authorizationCode
appsec_vm_read View infrastructure, application code, and library vulnerabilities. This does not restrict API or inventory SQL access to the vulnerability data source. authorizationCode
cases_read View Cases. authorizationCode
cases_write Create and update cases. authorizationCode
ci_visibility_pipelines_write Create CI Visibility pipeline spans using the API. authorizationCode
ci_visibility_read View CI Visibility. authorizationCode
cloud_cost_management_read View Cloud Cost pages and the cloud cost data source in dashboards and notebooks. For more details, see the Cloud Cost Management docs. authorizationCode
cloud_cost_management_write Configure cloud cost accounts and global customizations. For more details, see the Cloud Cost Management docs. authorizationCode
code_analysis_read View Code Analysis. authorizationCode
continuous_profiler_pgo_read Read and query Continuous Profiler data for Profile-Guided Optimization (PGO). authorizationCode
create_webhooks Create webhooks integrations. authorizationCode
dashboards_embed_share Create, modify, and delete shared dashboards with share type 'embed'. authorizationCode
dashboards_invite_share Create, modify, and delete shared dashboards with share type 'invite'. authorizationCode
dashboards_public_share Generate public and authenticated links to share dashboards or embeddable graphs externally. authorizationCode
dashboards_read View dashboards. authorizationCode
dashboards_write Create and change dashboards. authorizationCode
data_scanner_read View Data Scanner configurations. authorizationCode
data_scanner_write Edit Data Scanner configurations. authorizationCode
embeddable_graphs_share Generate public links to share embeddable graphs externally. authorizationCode
events_read Read Events data. authorizationCode
hosts_read List hosts and their attributes. authorizationCode
incident_notification_settings_write Configure Incidents Notification settings. authorizationCode
incident_read View incidents in Datadog. authorizationCode
incident_settings_write Configure Incident Settings. authorizationCode
incident_write Create, view, and manage incidents in Datadog. authorizationCode
metrics_read View custom metrics. authorizationCode
monitor_config_policy_write Edit and delete monitor configuration. authorizationCode
monitors_downtime Set downtimes to suppress alerts from any monitor in an organization. Mute and unmute monitors. The ability to write monitors is not required to set downtimes. authorizationCode
monitors_read View monitors. authorizationCode
monitors_write Edit, delete, and resolve individual monitors. authorizationCode
org_management Edit org configurations, including authentication and certain security preferences such as configuring SAML, renaming an org, configuring allowed login methods, creating child orgs, subscribing & unsubscribing from apps in the marketplace, and enabling & disabling Remote Configuration for the entire organization. authorizationCode
security_comments_read Read comments of vulnerabilities. authorizationCode
security_monitoring_filters_read Read Security Filters. authorizationCode
security_monitoring_filters_write Create, edit, and delete Security Filters. authorizationCode
security_monitoring_findings_read View a list of findings that include both misconfigurations and identity risks. authorizationCode
security_monitoring_notification_profiles_read View Rule Security Notification rules. authorizationCode
security_monitoring_notification_profiles_write Create, edit, and delete Security Notification rules. authorizationCode
security_monitoring_rules_read Read Detection Rules. authorizationCode
security_monitoring_rules_write Create and edit Detection Rules. authorizationCode
security_monitoring_signals_read View Security Signals. authorizationCode
security_monitoring_suppressions_read Read Rule Suppressions. authorizationCode
security_monitoring_suppressions_write Write Rule Suppressions. authorizationCode
security_pipelines_read View Security Pipelines. authorizationCode
security_pipelines_write Create, edit, and delete CSM Security Pipelines. authorizationCode
slos_corrections Apply, edit, and delete SLO status corrections. A user with this permission can make status corrections, even if they do not have permission to edit those SLOs. authorizationCode
slos_read View SLOs and status corrections. authorizationCode
slos_write Create, edit, and delete SLOs. authorizationCode
synthetics_global_variable_read View, search, and use Synthetics global variables. authorizationCode
synthetics_global_variable_write Create, edit, and delete global variables for Synthetics. authorizationCode
synthetics_private_location_read View, search, and use Synthetics private locations. authorizationCode
synthetics_private_location_write Create and delete private locations in addition to having access to the associated installation guidelines. authorizationCode
synthetics_read List and view configured Synthetic tests and test results. authorizationCode
synthetics_write Create, edit, and delete Synthetic tests. authorizationCode
teams_manage Manage Teams. Create, delete, rename, and edit metadata of all Teams. To control Team membership across all Teams, use the User Access Manage permission. authorizationCode
teams_read Read Teams data. A User with this permission can view Team names, metadata, and which Users are on each Team. authorizationCode
test_optimization_read View Test Optimization. authorizationCode
timeseries_query Query Timeseries data. authorizationCode
usage_read View your organization's usage and usage attribution. authorizationCode
user_access_invite Invite other users to your organization. authorizationCode
user_access_manage Disable users, manage user roles, manage SAML-to-role mappings, and configure logs restriction queries. authorizationCode
user_access_read View users and their roles and settings. authorizationCode
workflows_read View workflows. authorizationCode
workflows_run Run workflows. authorizationCode
workflows_write Create, edit, and delete workflows. authorizationCode

Source

OAuth Scopes

datadog-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/datadog-api-openapi.yml
schemes:
- name: AuthZ
  source: openapi/datadog-api-openapi.yml
  flows:
  - flow: authorizationCode
    authorizationUrl: /oauth2/v1/authorize
    tokenUrl: /oauth2/v1/token
  description: This API uses OAuth 2 with the implicit grant flow.
scopes:
- scope: apm_api_catalog_read
  description: View API catalog and API definitions.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: apm_api_catalog_write
  description: Add, modify, and delete API catalog definitions.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: apm_read
  description: Read and query APM and Trace Analytics.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: apm_service_catalog_read
  description: View service catalog and service definitions.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: apm_service_catalog_write
  description: Add, modify, and delete service catalog definitions when those definitions are
    maintained by Datadog.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: appsec_vm_read
  description: View infrastructure, application code, and library vulnerabilities. This does
    not restrict API or inventory SQL access to the vulnerability data source.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: cases_read
  description: View Cases.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: cases_write
  description: Create and update cases.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: ci_visibility_pipelines_write
  description: Create CI Visibility pipeline spans using the API.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: ci_visibility_read
  description: View CI Visibility.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: cloud_cost_management_read
  description: View Cloud Cost pages and the cloud cost data source in dashboards and notebooks.
    For more details, see the Cloud Cost Management docs.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: cloud_cost_management_write
  description: Configure cloud cost accounts and global customizations. For more details, see
    the Cloud Cost Management docs.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: code_analysis_read
  description: View Code Analysis.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: continuous_profiler_pgo_read
  description: Read and query Continuous Profiler data for Profile-Guided Optimization (PGO).
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: create_webhooks
  description: Create webhooks integrations.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: dashboards_embed_share
  description: Create, modify, and delete shared dashboards with share type 'embed'.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: dashboards_invite_share
  description: Create, modify, and delete shared dashboards with share type 'invite'.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: dashboards_public_share
  description: Generate public and authenticated links to share dashboards or embeddable graphs
    externally.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: dashboards_read
  description: View dashboards.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: dashboards_write
  description: Create and change dashboards.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: data_scanner_read
  description: View Data Scanner configurations.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: data_scanner_write
  description: Edit Data Scanner configurations.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: embeddable_graphs_share
  description: Generate public links to share embeddable graphs externally.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: events_read
  description: Read Events data.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: hosts_read
  description: List hosts and their attributes.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: incident_notification_settings_write
  description: Configure Incidents Notification settings.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: incident_read
  description: View incidents in Datadog.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: incident_settings_write
  description: Configure Incident Settings.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: incident_write
  description: Create, view, and manage incidents in Datadog.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: metrics_read
  description: View custom metrics.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: monitor_config_policy_write
  description: Edit and delete monitor configuration.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: monitors_downtime
  description: Set downtimes to suppress alerts from any monitor in an organization. Mute and
    unmute monitors. The ability to write monitors is not required to set downtimes.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: monitors_read
  description: View monitors.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: monitors_write
  description: Edit, delete, and resolve individual monitors.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: org_management
  description: Edit org configurations, including authentication and certain security preferences
    such as configuring SAML, renaming an org, configuring allowed login methods, creating child
    orgs, subscribing & unsubscribing from apps in the marketplace, and enabling & disabling
    Remote Configuration for the entire organization.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: security_comments_read
  description: Read comments of vulnerabilities.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: security_monitoring_filters_read
  description: Read Security Filters.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: security_monitoring_filters_write
  description: Create, edit, and delete Security Filters.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: security_monitoring_findings_read
  description: View a list of findings that include both misconfigurations and identity risks.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: security_monitoring_notification_profiles_read
  description: View Rule Security Notification rules.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: security_monitoring_notification_profiles_write
  description: Create, edit, and delete Security Notification rules.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: security_monitoring_rules_read
  description: Read Detection Rules.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: security_monitoring_rules_write
  description: Create and edit Detection Rules.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: security_monitoring_signals_read
  description: View Security Signals.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: security_monitoring_suppressions_read
  description: Read Rule Suppressions.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: security_monitoring_suppressions_write
  description: Write Rule Suppressions.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: security_pipelines_read
  description: View Security Pipelines.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: security_pipelines_write
  description: Create, edit, and delete CSM Security Pipelines.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: slos_corrections
  description: Apply, edit, and delete SLO status corrections. A user with this permission can
    make status corrections, even if they do not have permission to edit those SLOs.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: slos_read
  description: View SLOs and status corrections.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: slos_write
  description: Create, edit, and delete SLOs.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: synthetics_global_variable_read
  description: View, search, and use Synthetics global variables.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: synthetics_global_variable_write
  description: Create, edit, and delete global variables for Synthetics.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: synthetics_private_location_read
  description: View, search, and use Synthetics private locations.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: synthetics_private_location_write
  description: Create and delete private locations in addition to having access to the associated
    installation guidelines.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: synthetics_read
  description: List and view configured Synthetic tests and test results.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: synthetics_write
  description: Create, edit, and delete Synthetic tests.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: teams_manage
  description: Manage Teams. Create, delete, rename, and edit metadata of all Teams. To control
    Team membership across all Teams, use the User Access Manage permission.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: teams_read
  description: Read Teams data. A User with this permission can view Team names, metadata, and
    which Users are on each Team.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: test_optimization_read
  description: View Test Optimization.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: timeseries_query
  description: Query Timeseries data.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: usage_read
  description: View your organization's usage and usage attribution.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: user_access_invite
  description: Invite other users to your organization.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: user_access_manage
  description: Disable users, manage user roles, manage SAML-to-role mappings, and configure
    logs restriction queries.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: user_access_read
  description: View users and their roles and settings.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: workflows_read
  description: View workflows.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: workflows_run
  description: Run workflows.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml
- scope: workflows_write
  description: Create, edit, and delete workflows.
  flows:
  - authorizationCode
  sources:
  - openapi/datadog-api-openapi.yml