Connect Datto RMM

• API Key + API Secret Key — issued when you generate API keys on a Datto RMM user
• Platform — one of pinotage, merlot, concord, vidal, zinfandel, or syrah. Match the centrastage subdomain you log into (e.g. merlot.centrastage.net → merlot).

1. In Datto RMM, go to Setup → Global Settings → Access Control.
2. Tick Enable API Access and save. (If this is already on for your account, skip to the next step.)

1. Create a dedicated service user for Vectis (don’t reuse a person’s account — service users isolate the audit trail and survive staff turnover).
2. Go to Setup → Users → (the service user) → Generate API Keys.
3. Datto shows the secret key once at issuance. Copy it into a password manager immediately — there is no way to reveal it after the dialog closes.

Your Datto RMM portal URL tells you the platform:

• pinotage.centrastage.net → pinotage
• merlot.centrastage.net → merlot
• concord.centrastage.net → concord
• vidal.centrastage.net → vidal
• zinfandel.centrastage.net → zinfandel
• syrah.centrastage.net → syrah

1. Go to Admin → Integrations and click Configure on Datto RMM.
2. Paste API Key, API Secret Key, and pick your Platform.
3. Click Test. You should see “Connected to Datto RMM” with your account name.
4. Click Save, then Sync now.

After the first sync, Vectis lists every Datto RMM site and fuzzy-matches each to one of your ConnectWise / Autotask / HaloPSA / Atera customers by name. Anything it can’t auto-match appears as unlinked — drop down and pick the right customer, or mark “Keep separate” for non-customer sites (internal, demo, NOC).

Matching is required for the customer hub to show Datto RMM devices and alerts next to PSA tickets for the same customer. Until a Datto site is linked, its devices appear only in the RMM section. The built-in “Deleted Devices” site is filtered on import so it doesn’t manufacture a phantom customer.

Datto RMM’s API exposes two alert-mutation verbs: POST /api/v2/alert/{uid}/resolve and POST /api/v2/alert/{uid}/mute. There is no dedicated “acknowledge” verb. Vectis maps the two alert verbs as follows:

• Acknowledge → Datto mute — the alert stops paging without being closed
• Resolve → Datto resolve — the alert moves to the resolved feed

If you want a different mapping (e.g. ack means resolve in your workflow), the alert ack and resolve buttons on the customer hub dispatch independently — pick whichever fits your runbook.

401 Unauthorized — API key or secret is wrong. Re-copy from the password manager. If the secret was rotated in Datto, generate a new key pair under the same service user and update Vectis.

403 Forbidden — The API user’s role doesn’t grant API access. Check the role under Setup → Roles in Datto RMM.

404 Not Found — Platform is wrong. The API host is platform-specific; a merlot tenant won’t resolve from the pinotage endpoint.

Beta posture — Datto RMM ships as Beta in Vectis (spec-validated against Datto’s public help pages and the community-maintained PowerShell wrapper). If you’re the first Vectis customer to connect Datto RMM and something doesn’t match the spec, mail team@mspvectis.com and Vectis will turn the ticket around the same day.