Summary
Connects Claude to the Datto SaaS Protection (Backupify) API so you can query M365 and Google Workspace backup status without leaving your chat. You get tools to list customer orgs, inspect protected domains and seats, browse backup history, queue restores, and pull activity logs or license usage reports. The restore tool is marked destructive and requires confirmation. Useful if you're an MSP or IT admin who wants to check backup posture, troubleshoot missing snapshots, or kick off a restore job through conversation instead of clicking through the Datto portal. Credentials flow in via environment variables locally or per-request headers when running behind the WYRE MCP Gateway.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Datto SaaS Protection MCP Server
A Model Context Protocol server exposing the Datto SaaS Protection (Backupify) API to Claude and other MCP clients.
What it does
Surface SaaS backup posture for your M365 and Google Workspace tenants directly to AI assistants — list customer organizations, inspect protected domains and seats, browse backup history, queue restores, and audit activity logs and license usage.
Tools
| Tool | Purpose |
|---|---|
datto_saas_list_clients | List all customer organizations |
datto_saas_list_domains | List protected domains under a client |
datto_saas_list_seats | List seats in a domain (toggle archived) |
datto_saas_get_seat | Fetch a single seat detail |
datto_saas_list_backups | List backup runs for a seat |
datto_saas_queue_restore | Queue a restore (DESTRUCTIVE — requires confirmation) |
datto_saas_get_restore_status | Check restore progress |
datto_saas_list_activity | Org activity log (date-range elicitation) |
datto_saas_get_license_usage | Seat counts vs purchased |
Credentials
Local (env mode)
export DATTO_SAAS_PUBLIC_KEY="..."
export DATTO_SAAS_SECRET_KEY="..."
export DATTO_SAAS_REGION="us" # or "eu"
Hosted (gateway mode)
The WYRE MCP Gateway injects credentials per request via headers:
X-Datto-SaaS-Public-Key(required, secret)X-Datto-SaaS-Secret-Key(required, secret)X-Datto-SaaS-Region(optional, defaultus)
Run
npm install
npm run build
npm start # stdio
MCP_TRANSPORT=http npm start # HTTP on :8080
License
Apache 2.0 — see LICENSE.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Configuration
DATTO_SAAS_API_KEY*secretDatto SaaS Protection (Backupify) API key
DATTO_SAAS_REGIONdefault: usRegion: 'us' (default) or 'eu'
MCP_TRANSPORTdefault: stdioTransport mode for the server. Set to 'stdio' for local CLI use; the image defaults to 'http' for gateway hosting.
AUTH_MODEdefault: envCredential source: 'env' reads vars locally, 'gateway' expects header injection from the WYRE MCP Gateway.
LOG_LEVELdefault: infoLog verbosity: debug, info, warn, error
Registryactive
Packageghcr.io/wyre-technology/datto-saas-protection-mcp:v2.0.5
TransportSTDIO
AuthRequired
UpdatedMay 29, 2026