Tools
The 18 MCP tools Papermark exposes and what each one does.
Both transports expose the same 18 tools. Argument schemas are identical to the REST API's request shapes — see the linked endpoint for full details.
Documents (4)
| Tool | What it does | Required scope |
|---|---|---|
list_documents | Paginated list of team documents. Args: limit, cursor. | documents.read |
get_document | Fetch one document by ID. Args: id. | documents.read |
search_documents | Substring search by name. Args: query, limit. | documents.read |
upload_document | Upload from a local file path or HTTPS URL. Args: source, name?, folder?. Stdio only — the HTTP variant doesn't expose this because remote agents can't read the user's local filesystem. | documents.write |
Links (3)
| Tool | What it does | Required scope |
|---|---|---|
list_links | List share links, optionally filtered by documentId or dataroomId. Args: documentId?, dataroomId?, limit, cursor. | links.read |
create_link | Create a share link with access controls. Args: one of documentId/dataroomId, optional name, password, expiresAt, emailProtected, allowDownload. | links.write (+ documents.read or datarooms.read on the target) |
list_link_views | Raw view events for one link. Args: linkId, limit, cursor. | analytics.read + links.read |
Datarooms (5)
| Tool | What it does | Required scope |
|---|---|---|
list_datarooms | Paginated list of team datarooms. Args: limit, cursor. | datarooms.read |
search_datarooms | Substring search by name. Args: query, limit. | datarooms.read |
get_dataroom | Fetch one dataroom by ID. Args: id. | datarooms.read |
create_dataroom | Create an empty dataroom. Args: name, description?. | datarooms.write |
list_dataroom_documents | Documents inside a dataroom. Args: dataroomId, limit, cursor. | datarooms.read |
Visitors (2)
| Tool | What it does | Required scope |
|---|---|---|
list_visitors | Persistent visitor entities (one per email). Args: limit, cursor. | visitors.read |
list_visitor_views | All view events from one visitor. Args: visitorId, limit, cursor. | visitors.read + analytics.read |
Analytics (4)
| Tool | What it does | Required scope |
|---|---|---|
get_document_analytics | Aggregate stats for a document — total views, unique viewers, average read time. Args: documentId, optional start/end. | analytics.read |
get_link_analytics | Same shape, scoped to one share link. Args: linkId, optional start/end. | analytics.read |
get_dataroom_analytics | Aggregate across every document in a dataroom. Args: dataroomId, optional start/end. | analytics.read |
get_view_analytics | Per-view detail — page-by-page durations, location, device. Args: viewId. | analytics.read |
Writes are scope-gated
The agent can only call tools whose required scopes are on the
token. A documents.read-only token gives you a read-only agent —
the write tools (create_link, create_dataroom, upload_document)
will return a 403 forbidden error envelope, which the MCP client
surfaces back to the model so it can apologize and ask the user.
If you want a stricter sandbox, point the server at a non-production
environment via PAPERMARK_API_URL (and mint a separate token there
with only the scopes the agent needs).
Tool naming
Tool names use snake_case — that's the MCP convention, not a
Papermark choice. They're the same in stdio and HTTP transports.