Notion integration for AI agents.
Let your AI agents work in Notion — create and update pages, query and edit databases, and search the workspace — through a brokered, audited connection. Open Connector runs the OAuth, seals the token in an encrypted vault, and serves Notion tools to your agent over MCP or a typed API — credentials injected server-side, every call audited, nothing leaving your infrastructure. Open source (AGPL-3.0) and self-hostable.
Real Notion actions, brokered and audited.
Your user connects Notion once; your agent can then create and update pages, query and edit databases, and search the workspace — scoped to the OAuth permissions you grant and the tool allowlist you configure. Every action is least-privilege and written to a tamper-evident audit trail.
- 1
Your user grants Notion access once (OAuth) — the token lands in the vault.
- 2
Your agent calls a tool over MCP or the typed API; Open Connector injects the credential server-side.
- 3
Every brokered call appends a hash-chained audit record — nothing leaves your infra.
Notion integration, answered
- How do AI agents use Notion through Open Connector?
- Your user connects Notion once (OAuth). Open Connector stores the token in an encrypted vault and exposes Notion tools to your agent over MCP or a typed API, injecting the credential server-side on each call — the agent never sees a raw token, and every action is audited.
- Is this a Notion MCP server?
- Yes. Open Connector can serve Notion as a named MCP server with a scoped tool allowlist and a per-user mcp_url, so any MCP client connects and calls Notion tools with credentials brokered server-side.
- Where do Notion OAuth tokens live?
- In your own infrastructure. Self-host Open Connector and the Notion token is sealed in an AES-256-GCM vault in your Postgres, injected at call time — it never leaves your environment.
Give your agents Notion — keep the keys.
Open source, self-hostable, with Notion credentials that never leave your infrastructure. Run it from source today.