DataPacket MCP Server

An MCP (Model Context Protocol) server that provides access to the DataPacket GraphQL API. It exposes all DataPacket API operations as MCP tools, allowing LLMs and MCP clients to manage dedicated servers, view invoices, provision new servers, handle support requests, and more.

Features

• 33 tools covering all DataPacket GraphQL queries and mutations
• Two transports: stdio (for local integrations) and streamable HTTP (for remote/web deployments)
• Full coverage of the DataPacket API: servers, provisioning, billing, traffic, DNS, support, and post-install scripts

Prerequisites

• Node.js 22 or later
• A DataPacket API token (generate one in the Security page of the DataPacket client panel)

Installation

git clone git@github.com:hjpotter92/datapacket-mcp-server.git
cd datapacket-mcp-server
npm install
npm run build

Configuration

All options can be set via environment variables or CLI flags. CLI flags take precedence over environment variables.

Option	CLI Flag	Environment Variable	Default	Description
API Token	--api-token <token>	DATAPACKET_API_TOKEN	(required)	DataPacket API bearer token
Transport	--transport <type>	TRANSPORT	stdio	stdio or http
Port	--port <number>	PORT	3000	HTTP server port (only for http transport)
Debug	--debug	DEBUG=true or DEBUG=1	off	Log all GraphQL requests and responses to stderr

Usage

stdio transport (default)

# Via environment variable
DATAPACKET_API_TOKEN=your-token node build/index.js

# Via CLI flag
node build/index.js --api-token your-token

# Or using the bin name after npm link
datapacket-mcp-server --api-token your-token

Streamable HTTP transport

node build/index.js --api-token your-token --transport http --port 3000

The server will listen at http://localhost:3000/mcp.

MCP client configuration

stdio (e.g. for Cursor, Claude Desktop):

{
  "mcpServers": {
    "datapacket": {
      "command": "node",
      "args": ["/path/to/datapacket-mcp-server/build/index.js", "--api-token", "your-token"]
    }
  }
}

Streamable HTTP:

{
  "mcpServers": {
    "datapacket": {
      "type": "streamable-http",
      "url": "http://localhost:3000/mcp"
    }
  }
}

Available Tools

Queries (17)

Tool	Description
get_account	Account info (name, email, hostname, creation date)
get_error_codes	List all API error codes
get_invoice	Single invoice by number
list_invoices	Paginated invoices with filters
list_locations	All available data center locations
list_operating_systems	Available OS images for provisioning
list_post_install_scripts	Paginated post-install scripts
list_provisioning_configurations	Server configs matching filter criteria
get_reverse_dns_record	PTR record for an IP
get_server	Single server details by name/alias/IP
get_server_links_configuration_task	Link config task status
list_servers	Paginated server list with filters
get_subscription	Single subscription details
list_subscriptions	Paginated subscriptions
get_support_request	Single support request with posts
list_support_requests	Paginated support requests
get_traffic	Traffic statistics over a time period

Mutations (16)

Tool	Description
change_server_ipmi_password	Change IPMI password
configure_server_links	Enable/disable link aggregation
create_post_install_script	Create a new post-install script
create_support_request	Open a support ticket
delete_post_install_script	Delete a post-install script
perform_server_power_action	Power on/off/reset/cycle a server
provision_server	Provision a new server
set_default_traffic_plan	Set default traffic plan for provisioning
set_reverse_dns_record	Set or delete a PTR record
set_server_alias	Set custom server alias
set_server_boot_device	Set boot device via IPMI
set_server_primary_ip	Set primary IP address
set_server_tag	Set or delete a single tag
set_server_tags	Replace all tags on a server
support_request_reply	Reply to a support ticket
update_post_install_script	Update an existing post-install script

Security Best Practices for Remote Deployments

When running the server with the HTTP transport in a hosted/remote environment, follow these recommendations to keep your deployment secure:

Never expose the server directly to the internet

Always place the MCP server behind a reverse proxy (e.g. Nginx, Caddy, Traefik). The server does not implement TLS or authentication on its own, so the reverse proxy should handle:

• TLS termination — serve traffic over HTTPS only.
• Access control — restrict access by IP allowlist, VPN, or an authentication layer (e.g. HTTP Basic Auth, OAuth2 proxy, mutual TLS).

Protect your API token

• Do not pass the token via CLI flags in production — command-line arguments are visible in process listings (ps, /proc). Use the DATAPACKET_API_TOKEN environment variable instead.
• Never commit tokens to version control. Use a secrets manager (e.g. Vault, AWS Secrets Manager, Doppler) or a .env file excluded from git.
• Rotate tokens regularly through the DataPacket security settings.

Limit network exposure

• Bind the server to 127.0.0.1 or a private interface rather than 0.0.0.0. Let the reverse proxy handle external traffic.
• Use firewall rules (e.g. iptables, security groups) to restrict which hosts can reach the server port.

Run with least privilege

• Run the Node.js process as a non-root user with minimal filesystem permissions.
• Use a process manager (e.g. systemd, PM2) to handle restarts, log rotation, and resource limits.
• Consider running inside a container with a read-only filesystem and no extra capabilities.

Monitor and audit

• Enable access logging on your reverse proxy to track all requests to the /mcp endpoint.
• Monitor for unusual traffic patterns — the MCP server performs privileged operations (provisioning, power actions, DNS changes) that should be auditable.
• Set up alerts for failed or unexpected requests.

Development

# Watch mode (recompiles on changes)
npm run dev

# Then run the server in another terminal
node build/index.js --api-token your-token

License

MIT