👉 Visit the DatoCMS homepage or see What is DatoCMS?

DatoCMS MCP Server

⚠️ Alpha Release: This server is in early development. Features may change and stability is not guaranteed.

A local Model Context Protocol (MCP) server that provides AI assistants with tools to interact with the DatoCMS Content Management API. This server enables LLMs to explore and execute DatoCMS API operations through structured documentation and safe execution capabilities.

Key Features

• Comprehensive API exploration. Browse all DatoCMS resources, actions, and methods with live documentation.
• Schema introspection. Access detailed information about your project's content models, fields, and relationships.
• Safe execution environment. Built-in usage rules and guardrails prevent API misuse.
• Script management. Create, store, and execute TypeScript scripts for complex operations and automation.
• Optional project access. Use with or without API token for documentation vs. execution capabilities.

Requirements

• Node.js 18 or newer
• VS Code, Cursor, Windsurf, Claude Desktop, Goose or any other MCP client

Getting started

First, install the DatoCMS MCP server with your client.

Standard config works in most of the tools:

{
  "mcpServers": {
    "datocms": {
      "command": "npx",
      "args": [
        "-y",
        "@datocms/mcp@latest"
      ],
      "env": {
        "DATOCMS_API_TOKEN": "your-project-api-token-here"
      }
    }
  }
}

Use the Claude Code CLI to add the DatoCMS MCP server:

claude mcp add datocms npx @datocms/mcp@latest -e DATOCMS_API_TOKEN=your-project-api-token-here

Follow the MCP install guide, use the standard config above.

Click the button to install:

Or install manually:

Go to Cursor Settings -> Tools & Integrations -> New MCP Server, then paste the following:

{
  "mcpServers": {
    "DatoCMS": {
      "command": "npx -y @datocms/mcp@latest",
      "env": {
        "DATOCMS_API_TOKEN": ""
      },
      "args": []
    }
  }
}

Follow the MCP install guide, use the standard config above.

Click the button to install:

Or install manually:

Follow the MCP install guide, use the standard config above. You can also install the DatoCMS MCP server using the VS Code CLI:

# For VS Code
code --add-mcp '{"name":"datocms","command":"npx","args":["-y", "@datocms/mcp@latest"], "env": {"DATOCMS_API_TOKEN": ""}}'

After installation, the DatoCMS MCP server will be available for use with your GitHub Copilot agent in VS Code.

Follow Windsurf MCP documentation. Use the standard config above.

Configuration

The DatoCMS MCP server supports the following environment variables:

• DATOCMS_API_TOKEN: Your DatoCMS API token for a specific project. When provided, enables full access including schema introspection, API execution, and script execution. Without this token, only API documentation and exploration tools are available, along with the ability to create and validate scripts (but not execute them).
• DATOCMS_ENVIRONMENT: Specifies which DatoCMS environment the MCP server should interact with. If not set, the server automatically uses the project’s primary environment.
• EXECUTION_TIMEOUT_SECONDS (optional): Script execution timeout in seconds. Defaults to 60 seconds.
• MAX_OUTPUT_BYTES (optional): Maximum output size in bytes for all executions. Defaults to 2048 bytes (2 KB).

With API token (full project access):

{
  "mcpServers": {
    "datocms": {
      "command": "npx",
      "args": ["-y", "@datocms/mcp@latest"],
      "env": {
        "DATOCMS_API_TOKEN": ""
      }
    }
  }
}

Without API token (documentation only):

{
  "mcpServers": {
    "datocms": {
      "command": "npx",
      "args": ["-y", "@datocms/mcp@latest"]
    }
  }
}

Tools

The DatoCMS MCP server provides the following tools:

Documentation & Exploration Tools

• resources: List all available DatoCMS API resources
• resource: Get details about a specific resource (e.g., items, assets)
• resource_action: Show available actions for a resource
• resource_action_method: Get detailed method documentation with examples

Schema Tools (require an API token)

• schema_info: Get detailed information about DatoCMS models and modular blocks, including fields, fieldsets, nested blocks, and relationships

API Execution Tools (require an API token)

• resource_action_readonly_method_execute: Execute read-only operations (e.g., list, find, raw queries)
• resource_action_destructive_method_execute: Execute write operations (e.g., create, update, destroy)

Script Management Tools

• create_script: Create and store TypeScript scripts that can interact with the DatoCMS API
• view_script: View the content of a previously created script
• update_script: Update an existing script
• execute_script: Run a script against your DatoCMS project (requires an API token)

Security

The DatoCMS MCP server implements multiple layers of security to prevent prompt injection and malicious code execution:

Script Validation

All scripts created through the create_script and update_script tools undergo strict structural validation before being stored or executed:

1. Package Whitelist: Scripts can only import from explicitly allowed packages:

   • @datocms/* - DatoCMS official packages
   • datocms-* - DatoCMS-prefixed packages
   • ./schema - Local schema definitions

   Any attempt to import from other packages (e.g., fs, child_process, net) will be rejected.

2. Enforced Function Signature: Scripts must export a default async function with exactly one parameter of type Client:

   export default async function(client: Client): Promise<void> {
     // Script code here
   }

   This ensures scripts can only interact with the DatoCMS API through the provided client, with no access to Node.js system APIs.

3. Type Safety: Scripts cannot use any or unknown types. This prevents type-unsafe operations and encourages developers to use proper type definitions from the schema.

4. AST-Level Validation: The server uses TypeScript's compiler API to parse and validate the script's Abstract Syntax Tree (AST), ensuring structural requirements are met before any code execution.

These validations are performed at script creation/update time, preventing malicious code from ever being stored or executed. For implementation details, see src/lib/scripts/validation.ts.

License

The package is available as open source under the terms of the MIT License.

What is DatoCMS?

DatoCMS is the REST & GraphQL Headless CMS for the modern web.

Trusted by over 25,000 enterprise businesses, agencies, and individuals across the world, DatoCMS users create online content at scale from a central hub and distribute it via API. We ❤️ our developers, content editors and marketers!

Why DatoCMS?

• API-First Architecture: Built for both REST and GraphQL, enabling flexible content delivery
• Just Enough Features: We believe in keeping things simple, and giving you the right feature-set tools to get the job done
• Developer Experience: First-class TypeScript support with powerful developer tools

Getting Started:

• ⚡️ Create Free Account - Get started with DatoCMS in minutes
• 🔖 Documentation - Comprehensive guides and API references
• ⚙️ Community Support - Get help from our team and community
• 🆕 Changelog - Latest features and improvements

Official Libraries:

• Content Delivery Client - TypeScript GraphQL client for content fetching
• REST API Clients - Node.js/Browser clients for content management
• CLI Tools - Command-line utilities for schema migrations (includes Contentful and WordPress importers)

Official Framework Integrations

Helpers to manage SEO, images, video and Structured Text coming from your DatoCMS projects:

• React Components
• Vue Components
• Svelte Components
• Astro Components

Additional Resources:

• Plugin Examples - Example plugins we've made that extend the editor/admin dashboard
• Starter Projects - Example website implementations for popular frameworks
• All Public Repositories