Skip to main content

Overview

auth_status returns information about the current authentication state, including the authentication method, user identity, and granted scopes. This tool requires no parameters and no specific scope. Primary Use Cases:
  • Verify that authentication is configured correctly
  • Debug permission issues when other tools return authorization errors
  • Confirm which scopes are available before making tool calls
Key Features:
  • No parameters required
  • No scope required
  • Returns complete authentication context

Parameters

This tool takes no parameters.

Request Example

{}

Response Format

Success Response

{
  "authMethod": "api_key",
  "userId": "user_abc123",
  "teamId": "team_xyz789",
  "clientId": "client_001",
  "scopes": [
    "mcp:notes:read",
    "mcp:notes:write",
    "mcp:folders:read",
    "mcp:folders:write",
    "mcp:voice:read"
  ]
}
Field Descriptions:
FieldTypeDescription
authMethodstringAuthentication method used: jwt or api_key
userIdstringThe authenticated user’s ID
teamIdstring | nullThe team ID (present when using a team API key)
clientIdstringThe client application ID
scopesstring[]List of granted permission scopes

Understanding Scopes

The scopes array indicates which tools you have permission to use:
ScopeGrants Access To
mcp:notes:readsearch_notes, get_note_summary, get_note_transcript, get_note_documents, get_share_link
mcp:notes:writecreate_share_link, delete_share_link
mcp:folders:readlist_user_folders, get_user_folder_tree, get_user_folder_path, list_team_folders, get_team_folder_tree, get_team_folder, get_team_folder_path
mcp:folders:writecreate_team_folder, update_team_folder, delete_team_folder, move_team_folder
mcp:voice:readget_voice_file_job, get_voice_file_transcript, get_voice_file_translations, get_voice_file_translation

Usage Examples

Debugging Permission Errors

If a tool call returns a 403 Forbidden error, use auth_status to check your scopes: 
// 1. Call auth_status
{}

// 2. Check the response
{
  "authMethod": "api_key",
  "userId": "user_abc123",
  "teamId": null,
  "clientId": "client_001",
  "scopes": ["mcp:notes:read"]
}
In this example, the key only has mcp:notes:read scope. To use write tools like create_share_link, you need an API key with mcp:notes:write scope.

Verifying API Key Type

Check teamId to determine if you are using a user-based or team API key:
  • User-based key: teamId is null
  • Team key: teamId contains a team identifier
This is important because team folder tools require a team API key.

Common Errors

Invalid or Expired Credentials

Solution: Verify your API key or JWT token is correct and has not expired. Generate a new key if needed.

Best Practices

When initializing your MCP client, call auth_status first to confirm connectivity and verify available scopes. This catches configuration issues early before making other tool calls.
When a tool returns an unexpected authorization error, auth_status is the fastest way to diagnose the issue. Check whether the required scope is in the scopes array and whether the correct API key type is being used.

Next Steps

search_notes

Start searching for notes

Tools Overview

Learn about all available MCP tools