B

Notion MCP Server

Notion's official hosted remote MCP server (mcp.notion.com) with 17 AI-first tools for search/fetch, pages, databases and data sources, comments, and users/teams. User-based OAuth (bearer tokens not supported) over Streamable HTTP (SSE fallback). Notion's own self-hosted makenotion/notion-mcp-server is now 'no longer actively maintained.' Note: scores other than authentication are a provisional assessment from Notion's documentation pending a live tool-level audit.

Overall Score75/100

Score Breakdown

Server Info

Package
https://mcp.notion.com/mcp
Registry
remote
Maintainer
NotionVendor
Category
Project Management
Tags
docsdatabasesproductivityhostedoauth
Last Scanned
7 Apr 2026

Findings

3 issues

Authentication & Identity

LOWImplements MCP OAuth spec for per-user authentication

Official Notion-hosted remote MCP at https://mcp.notion.com/mcp. Requires user-based OAuth (one-click authorization); bearer-token auth is explicitly not supported. Streamable HTTP transport with an SSE fallback for older clients. Notion recommends the hosted server for most users and has deprecated its self-hosted open-source server.

Remediation

Document the required OAuth scopes for each tool.

Tool Schema Quality

MEDIUMTool schemas not independently audited

The hosted server has no public source repository, so tool input schemas, required fields, and parameter constraints could not be verified directly. Provisional score pending a live tool-level audit.

Remediation

Run a live audit against the hosted endpoint to enumerate and score tool schemas.

Data Exposure

MEDIUMPagination and field selection not verified

Whether list operations paginate and support field selection could not be verified without a live audit of the hosted tool surface.

Remediation

Audit list operations for pagination and field-selection support.

Deploy Notion MCP Server securely

CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.

Deploy on CompleteFlow