Notion MCP | OAuth Notion connector for AI agents

CALL ANY TOOL

Read pages, query databases, create content, and search across the workspace. Same toolkit, every framework, no auth plumbing.

notion_search

Search workspace

Find pages and databases across the user's Notion workspace by query string.

Parameters

Name

Type

Required

Description

query

string

Required

Search query to match against page and database titles

filter_type

string

Optional

Filter results by type: page or database

page_size

integer

Optional

Max results to return (max 100)

notion_page_get

Get page

notion_page_content_get

Get page content

notion_page_create

Create page

notion_database_query

Query database

notion_page_update

Update page

Build your Agent

Drop the toolkit in, point it at the user, and your agent can search Notion pages, query databases, and create content from the first run.

import { ScalekitClient } from "@scalekit-sdk/node";
import { DynamicStructuredTool } from "@langchain/core/tools";
import { createReactAgent } from "@langchain/langgraph/prebuilt";
import { z } from "zod";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["notion"], toolNames: ["notion_search", "notion_database_query", "notion_page_get"] },
  pageSize: 100,
});

const lcTools = tools.map((t) => new DynamicStructuredTool({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  schema: z.object({}).passthrough(),
  func: async (args) => {
    const { data } = await sk.tools.executeTool({
      toolName: t.tool.definition.name,
      identifier: "user_123",
      params: args,
    });
    return JSON.stringify(data);
  },
}));

const agent = createReactAgent({ llm, tools: lcTools });

import { ScalekitClient } from "@scalekit-sdk/node";
import OpenAI from "openai";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["notion"], toolNames: ["notion_search", "notion_database_query", "notion_page_get"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  type: "function",
  function: {
    name: t.tool.definition.name,
    description: t.tool.definition.description,
    parameters: t.tool.definition.input_schema,
  },
}));

const resp = await openai.responses.create({
  model: "gpt-4o", input: prompt, tools: llmTools,
});

import { ScalekitClient } from "@scalekit-sdk/node";
import Anthropic from "@anthropic-ai/sdk";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["notion"], toolNames: ["notion_search", "notion_database_query", "notion_page_get"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  input_schema: t.tool.definition.input_schema,
}));

const msg = await anthropic.messages.create({
  model: "claude-sonnet-4-6", max_tokens: 1024,
  tools: llmTools,
  messages: [{ role: "user", content: prompt }],
});

import { Agent } from "@google/adk/agents";
import {
  MCPToolset, StreamableHTTPConnectionParams,
} from "@google/adk/tools/mcp";

const toolset = new MCPToolset({
  connectionParams: new StreamableHTTPConnectionParams({
    url: "https://mcp.scalekit.com/notion",
    headers: { Authorization: `Bearer ${userScopedToken}` },
  }),
});

const agent = new Agent({
  name: "agent", model: "gemini-2.0-flash",
  tools: await toolset.getTools(),
});

Try these prompts

Paste any prompt into your agent to start pulling knowledge from Notion.

Search & recall

Copy the prompt

Copied

Find all pages about [topic] in Notion.

Copy the prompt

Copied

Search for [document name] in my workspace.

Copy the prompt

Copied

What pages were updated this week?

Copy the prompt

Copied

List all items in the [database name] database.

Action & creation

Copy the prompt

Copied

Create a new page under [parent page] titled [title].

Copy the prompt

Copied

Add a row to the [database name] database with status [status].

Copy the prompt

Copied

Update the status of [page name] to [status].

Copy the prompt

Copied

Get the full content of the [page name] page.

Projects & databases

Copy the prompt

Copied

Query the roadmap database for all items with status In Progress.

Copy the prompt

Copied

List all items in the backlog sorted by priority.

Copy the prompt

Copied

Find all meeting notes from this month.

Copy the prompt

Copied

What are the open action items in [project name]?

SEE HOW AUTH WORKS

Users authorize Notion once. Their workspace credentials stay vaulted, every call is checked, and every action is logged.

1

Authorize

Your user connects

Notion

once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access

Who:

user ‘A’

when:

Once per user

access:

Limited to user

2

Store

Their

Notion

token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection

vault:

encrypted

scope:

per-user

tokens:

auto-refreshed

3

Resolve

When your agent calls a

Notion

tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs

speed:

~40ms

check:

before every call

seen by:

nobody

4

Audit

Every

Notion

tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it

history:

90 days

export:

SIEM-ready

logged:

every call

Test other agents

Same per-user auth pattern across other knowledge agents and MCP connectors. Working code, live demos, fork what fits.

SUPPORT

Support ticket automation (Google ADK)

Google ADK agent that classifies Zendesk tickets, pulls Notion context, and posts to Slack. End-to-end ticket handoff.

SUPPORT

Support triage agent

Read Zendesk tickets, fetch runbooks from Notion, and route to the right Slack channel with a drafted response.

Why Scalekit

Secure your agent's access. Connectors ship in minutes

Other connector libraries treat auth as a demo afterthought. Scalekit starts with user identity, scope enforcement, and audit.

01.

Page edits lose workspace attribution

A shared Notion integration token looks fine in a demo. In production, every page write and database update logs as the integration, not the user. Page ownership breaks. Workspace sharing rules break. Scalekit resolves the actual user's token, so every Notion action is attributed to the right person.

// shared bot token
token = "sk_notion_shared_xxx"
audit → bot_service_account
user_filter → broken

// scalekit · per-user
token = resolve(user_id)
audit → user_abc
scope → enforced ✓

02.

Authentication is not authorization

03.

Multi-tenancy is architectural

04.

Notion today. Confluence, Airtable, Google Docs tomorrow.

“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”

Venu Madhav Kattagoni

Head of Engineering / Von

FAQs

Frequently Asked Questions

Does the agent access Notion as the user or as a shared key?

As the user. Each workspace member authorizes once and Scalekit resolves their credential at request time. Audit logs attribute every action to that user, not a shared service account.

Where is the Notion oauth 2.0 stored?

In Scalekit's managed AES-256 token vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM context.

Can I limit what the agent is allowed to do in Notion?

Yes. Pass a tool name filter to listScopedTools so the knowledge agent only sees the subset you authorize. Pre-API-call scope checks block out-of-policy actions before the request reaches Notion.

What happens when a user revokes Notion access?

The connection is invalidated on the next tool call. Subsequent requests for that user fail closed with a clear error. Other users in the tenant remain unaffected. The event is logged for audit.

Can the agent access private pages and databases?

Only pages and databases shared with the authorizing user. Cross-user access stays denied. The agent inherits the user's Notion read and write scope at request time.

Notion

Tools your knowledge agent reaches for on Notion, scoped per user.