Tools
The MCP tools Papermark exposes and what each one does.
The server exposes 43 tools covering the full v1 API surface: the same documents, links, datarooms, folders, visitors, and analytics you get over HTTP. Argument schemas are identical to the REST API's request shapes, so see the linked reference endpoint for full field detail.
All 43 tools are available on both transports. One tool,
upload_document, differs slightly: over stdio it accepts a local
file_path or a source_url; over HTTP it accepts source_url
only, because a remote server can't read the client's filesystem.
Documents (6)
| Tool | What it does | Required scope |
|---|---|---|
list_documents | Paginated list of team documents. Args: limit, cursor, query?. | documents.read |
get_document | Fetch one document by ID. Args: document_id. | documents.read |
search_documents | Substring search by name. Args: query, limit. | documents.read |
upload_document | Upload a document. Provide exactly one upload source: file_path (local path, stdio transport only) or source_url (public HTTPS URL). Optional: name, folder_id, create_link. | documents.write |
update_document | Rename a document or move it between folders. Args: document_id, name?, folder_id?. | documents.write |
delete_document | Permanently delete a document and its links and view history. Args: document_id. | documents.write |
Document versions (4)
| Tool | What it does | Required scope |
|---|---|---|
list_document_versions | List every version of a document. Args: document_id. | documents.read |
get_document_version | Fetch one version by ID. Args: document_id, version_id. | documents.read |
add_document_version | Upload a new version from a public HTTPS URL. Args: document_id, source_url. | documents.write |
promote_document_version | Make a version the primary one shown to viewers. Args: document_id, version_id. | documents.write |
Folders (6)
Team-library folders, for organizing standalone documents outside any dataroom.
| Tool | What it does | Required scope |
|---|---|---|
list_folders | List folders, optionally under one parent. Args: parent_id?, limit, cursor. | documents.read |
get_folder | Fetch one folder by ID. Args: folder_id. | documents.read |
create_folder | Create a folder. Args: name, parent_id?, icon?, color?. | documents.write |
update_folder | Rename a folder or change its icon/color. Args: folder_id, name?, icon?, color?. | documents.write |
move_folder | Reparent a folder. Args: folder_id, parent_id. | documents.write |
delete_folder | Delete a folder. Pass cascade: true to also delete everything nested inside it. Args: folder_id, cascade?. | documents.write |
Links (6)
| Tool | What it does | Required scope |
|---|---|---|
list_links | List share links, optionally filtered by document_id or dataroom_id. Args: document_id?, dataroom_id?, limit, cursor. | links.read |
get_link | Fetch one share link by ID. Args: link_id. | links.read |
create_link | Create a share link with access controls. Args: one of document_id/dataroom_id, optional name, password, expires_at, email_protected, allow_download, enable_confidential_view, enable_watermark, watermark_config. | links.write (+ documents.read or datarooms.read on the target) |
update_link | Change a link's name, expiry, password, access controls, or watermark. Args: link_id + any field to change. Pass watermark_config: null to clear an existing config. | links.write |
delete_link | Revoke a share link (soft delete; view history is kept). Args: link_id. | links.write |
list_link_views | Raw view events for one link. Args: link_id, limit, cursor. | analytics.read + links.read |
Datarooms (8)
| Tool | What it does | Required scope |
|---|---|---|
list_datarooms | Paginated list of team datarooms. Args: limit, cursor. | datarooms.read |
search_datarooms | Substring search by name. Args: query, limit. | datarooms.read |
get_dataroom | Fetch one dataroom by ID. Args: dataroom_id. | datarooms.read |
create_dataroom | Create an empty dataroom. Args: name, description?. | datarooms.write |
update_dataroom | Rename a dataroom or change its settings. Args: dataroom_id + any field to change. | datarooms.write |
delete_dataroom | Delete a dataroom and its links and folders. Documents in the team library are kept. Args: dataroom_id. | datarooms.write |
list_dataroom_documents | Documents attached to a dataroom. Args: dataroom_id, limit, cursor. | datarooms.read |
attach_dataroom_document | Attach an existing team-library document to a dataroom. Args: dataroom_id, document_id, folder_id?. | datarooms.write |
Dataroom folders (6)
| Tool | What it does | Required scope |
|---|---|---|
list_dataroom_folders | List folders inside a dataroom. Args: dataroom_id, parent_id?, limit, cursor. | datarooms.read |
get_dataroom_folder | Fetch one dataroom folder by ID. Args: dataroom_id, folder_id. | datarooms.read |
create_dataroom_folder | Create a folder inside a dataroom. Args: dataroom_id, name, parent_id?, icon?, color?. | datarooms.write |
update_dataroom_folder | Rename a dataroom folder or change its icon/color. Args: dataroom_id, folder_id + any field. | datarooms.write |
move_dataroom_folder | Reparent a folder within the dataroom. Args: dataroom_id, folder_id, parent_id. | datarooms.write |
delete_dataroom_folder | Delete a dataroom folder. Pass cascade: true to also detach everything nested inside it. Args: dataroom_id, folder_id, cascade?. | datarooms.write |
Visitors (3)
| Tool | What it does | Required scope |
|---|---|---|
list_visitors | Persistent visitor entities (one per email). Args: limit, cursor. | visitors.read |
get_visitor | Fetch one visitor by ID. Args: visitor_id. | visitors.read |
list_visitor_views | All view events from one visitor. Args: visitor_id, limit, cursor. | visitors.read + analytics.read |
Analytics (4)
| Tool | What it does | Required scope |
|---|---|---|
get_document_analytics | Aggregate stats for a document: total views, unique viewers, average read time. Args: document_id, optional since/until. | analytics.read |
get_link_analytics | Same shape, scoped to one share link. Args: link_id, optional since/until. | analytics.read |
get_dataroom_analytics | Aggregate across every document in a dataroom. Args: dataroom_id, optional since/until. | analytics.read |
get_view_analytics | Per-view detail: page-by-page durations, location, device. Args: view_id. | analytics.read |
Result shapes
Tool results mirror the REST API responses field-for-field; the server invents nothing. Two conventions are worth calling out:
- Every resource carries a read-only
objectfield (document,link,dataroom, …) so the model can tell resource types apart. delete_*tools return the API's deleted-object acknowledgment,{ "id": "…", "object": "…", "deleted": true }, not a custom shape.
Writes are scope-gated
The agent can only call tools whose required scopes are on the
token. A read-only token (documents.read, links.read, …) gives
you a read-only agent. The write tools (create_*, update_*,
delete_*, upload_document, attach_dataroom_document) return a
403 forbidden error envelope, which the MCP client surfaces back to
the model so it can apologize and ask the user.
If you want a stricter sandbox, point the server at a non-production
environment via PAPERMARK_API_URL (and mint a separate token there
with only the scopes the agent needs).
Tool naming
Tool names use snake_case. That's the MCP convention, not a
Papermark choice. They're the same in stdio and HTTP transports.