notion-mcp
Notion's official MCP server. Read and write pages, databases, blocks. Internal-integration-token authenticated. The 'agent that lives in your workspace docs' enabler.
Default if your knowledge / docs / project tracking lives in Notion. Scope the integration to specific pages — Notion's permission model is page-tree-based and you should use that.
What it does
Read and write Notion. Tools cover search (full-text across shared pages), get_page, update_page, append_block_children, query_database, create_database_item, update_database_item. Auth is an Internal Integration Token from your Notion workspace.
When you actually need it
Notion is where many teams keep meeting notes, decision logs, OKRs, runbooks. An agent that can read those and write back is a strong fit for:
- Meeting summary → Notion page. Agent reads a transcript, drafts a summary, appends to your meeting-notes database.
- Question answered from your docs. Agent gets a question via Slack, searches the Notion knowledge base, drafts an answer with citations back to specific pages.
- Status update collation. Agent reads each team-member’s weekly update page, drafts a single roll-up, posts to a parent.
Setup
Create an Internal Integration at notion.so/profile/integrations. Pick the workspace, decide the capabilities (Read content, Update content, Insert content) — start with Read only, add the others when you genuinely need them. Copy the Internal Integration Token.
"notion": {
"command": "npx",
"args": ["-y", "@notionhq/notion-mcp-server"],
"env": {
"NOTION_INTEGRATION_TOKEN": "secret_…"
}
}
Then in Notion, share specific pages with the integration. Walk the tree before you share — sharing a parent page shares every descendant.
The catch
The permission model is the safety lever. Use it. A common mistake: someone shares the workspace’s top-level “Company” page with the integration “to make it work” while developing — and that’s now the whole company knowledge base in the agent’s blast radius.
A better pattern: create a dedicated parent page like “Agent Workspace”, share that, and only put content the agent should access under it. If the agent needs to read the meeting-notes database, share the database explicitly — not the whole workspace.
The other catch is rate limits. Notion’s API is 3 requests per second. An agent doing block-level operations on a page (which can be 50+ blocks) hits the ceiling fast. The MCP server doesn’t queue or back-off — your agent will see HTTP 429s. Add a “use the search tool first to narrow before paginating” rule in the prompt.
FOR: Notion workspace operations where pages shared with the integration are scoped to a dedicated agent-workspace tree.
Use it. The page-level sharing model is genuinely strong — exploit it. Create a dedicated 'Agent Workspace' parent page and only put pages the agent should access under it. Add a rate-limit-aware rule in the prompt to avoid 429s.
Maintained by Notion's API team.
Notion's open-source MCP server licence.
Maintained by Notion's API team.
Internal Integration Token via env. Server doesn't log it.
api.notion.com only.
Notion integrations support per-page sharing — the strongest safety lever. Walk the page tree before sharing parents.
Until you share specific pages, the integration sees nothing. The model is opt-in by design.
Notion pages contain user-authored content — comments, embedded notes, callouts. Hostile content in any read result can attempt to redirect the agent. Treat all page content as untrusted text.
MCP SDK + @notionhq/client (official Notion SDK).
Notion's 3 RPS limit is the strictest of the common MCPs. Block-level ops on a single page can serialise into many calls; agents hit 429s easily.
npm package published with provenance attestations.
Notion's server-side request logs apply (governed by Notion's privacy policy).
Notion's cloud (US for most workspaces; EU for EU-region workspaces under Enterprise tier).
6 present · human approval optional
update_pageappend_block_childrenupdate_blockdelete_blockcreate_database_itemupdate_database_item
NOT A FORMAL SECURITY AUDIT · Adoption posture based on public-source review · See methodology for what's measured and what isn't