> ## Documentation Index > Fetch the complete documentation index at: https://docs.sawmills.ai/llms.txt > Use this file to discover all available pages before exploring further. # Enable Datadog Integration > Connect your Datadog API and Application Key credentials to Sawmills with step-by-step setup instructions and automatic permission validation. ## About Datadog Integration The Datadog Integration lets Sawmills use Datadog credentials for Datadog-backed features. When you save the Datadog configuration, Sawmills validates the credentials and checks predefined permissions before storing them. ## Step-by-Step: Configure Datadog Integration ### 1. Access Integrations Open the user menu at the top right and select **Integrations**. ### 2. Open Datadog Configuration In the Integrations section, open **Datadog** configuration. ### 3. Enter Credentials Provide: * **Datadog API Key** * **Datadog Application Key** * **Datadog Site** ## Best Practice: Service Account + Custom Role For production, use a dedicated Datadog **service account** (not a personal user key). ### 1. Create a service account in Datadog Create a service account for Sawmills integration usage. ### 2. Assign roles Assign: * **Datadog Read Only Role** (baseline read access) * A custom role for extra Sawmills checks, for example: **Sawmills Integration Role** ### 3. Add permissions to the custom role Grant these Datadog permissions (typo-safe). Required to save: * `logs_read_config` * `metrics_read` * `dashboards_read` * `monitors_read` * `slos_read` * `notebooks_read` Optional but checked in UI (non-blocking): * `audit_logs_read` * `logs_live_tail` * `logs_read` * `datalogs_read_index_data` * `usage_notifications_read` * `usage_read` * `logs_read_archives` * `metrics_read` * `timeseries_query` ### 4. Create keys for the service account * Create an API key in Datadog. * Create an application key for the same service account. * Use those keys in Sawmills Datadog integration. ### 5. Save and Validate Click **Save**. Before persisting, Sawmills runs validation and shows: * Keys status: **Working** or **Invalid** * Required permissions status * Per-permission status for predefined checks Save is blocked if keys are invalid or required permissions are missing. ## Backend Validation Flow Validation is enforced in the backend service: * `POST /v1/notification-integrations/datadog/validate`: validates keys and returns per-permission status. * `POST /v1/notification-integrations`: blocks save when keys are invalid or required permissions are missing. * `PATCH /v1/notification-integrations/{id}`: re-validates merged Datadog config before update is persisted. ## Required Permission * `logs_read_config` * `metrics_read` * `dashboards_read` * `monitors_read` * `slos_read` * `notebooks_read` `notebooks_read` is required, but notebook data access still follows Datadog sharing rules. The Application Key can only read notebooks visible to the key owner (user or service account). Private or team-restricted notebooks are not readable unless that identity has access. ## Predefined Permissions Checked * `audit_logs_read` * `logs_live_tail` * `logs_read` * `datalogs_read_index_data` * `usage_notifications_read` * `usage_read` * `logs_read_archives` * `metrics_read` * `timeseries_query`