notion-security-basics

Featured

Apply Notion API security best practices for integration tokens, OAuth2 flows, least-privilege capabilities, and page-level access control. Use when securing integration tokens, configuring OAuth2 for public integrations, rotating credentials, or auditing which pages an integration can access. Trigger with phrases like "notion security", "notion secrets", "secure notion", "notion API key security", "notion token rotation", "notion OAuth2", "notion permissions audit".

AI & Automation 2,274 stars 319 forks Updated today MIT

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Notion Security Basics ## Overview Security fundamentals for the Notion API: integration token management, internal vs public integration models, principle of least privilege for capabilities, page-level access auditing, token rotation, OAuth2 flows for public integrations, and webhook verification. All examples use `@notionhq/client` v2.x and target the `2022-06-28` API version. ## Prerequisites - Notion integration created at [notion.so/my-integrations](https://www.notion.so/my-integrations) - Node.js 18+ with `@notionhq/client` installed (`npm install @notionhq/client`) - Understanding of environment variables and `.env` file patterns - For public integrations: OAuth2 client ID and secret from the integration dashboard ## Instructions ### Step 1: Secure Token Storage and `.env` Management Integration tokens are secrets with the same sensitivity as database passwords. Notion tokens use the `ntn_` prefix (current) or `secret_` prefix (legacy). Both grant full access to every page shared with the integration. ```bash # .gitignore — add these patterns BEFORE creating .env .env .env.local .env.*.local .env.production .env.staging # .env.example — commit this template (no real values) NOTION_TOKEN=ntn_your_internal_integration_token_here NOTION_OAUTH_CLIENT_ID= NOTION_OAUTH_CLIENT_SECRET= NOTION_OAUTH_REDIRECT_URI=http://localhost:3000/auth/notion/callback ``` ```typescript import { Client } from '@notionhq/client'; // Always load tokens from environment — never har...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI Notion · Productivity OAuth · Auth npm · DevTools

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

notion-policy-guardrails

Governance for Notion integrations: integration naming standards, page sharing policies, property naming conventions, database schema standards, and access audit scripts. Trigger with phrases like "notion governance", "notion policy", "notion naming convention", "notion access audit", "notion schema standard".

2,274 Updated today
jeremylongshore
AI & Automation Featured

notion-install-auth

Install and configure the Notion API SDK with authentication. Use when setting up a new Notion integration, configuring API tokens, or initializing @notionhq/client in your project. Trigger with phrases like "install notion", "setup notion", "notion auth", "configure notion API", "notion integration setup".

2,274 Updated today
jeremylongshore
AI & Automation Featured

notion-enterprise-rbac

Configure Notion enterprise access control with OAuth, workspace permissions, and audit logging. Use when implementing OAuth public integrations, managing multi-workspace access, or building permission-aware Notion applications. Trigger with phrases like "notion SSO", "notion RBAC", "notion enterprise", "notion OAuth", "notion permissions", "notion multi-workspace".

2,274 Updated today
jeremylongshore
AI & Automation Featured

evernote-security-basics

Implement security best practices for Evernote integrations. Use when securing API credentials, implementing OAuth securely, or hardening Evernote integrations. Trigger with phrases like "evernote security", "secure evernote", "evernote credentials", "evernote oauth security".

2,274 Updated today
jeremylongshore
AI & Automation Featured

notion-prod-checklist

Execute Notion API production deployment checklist and readiness verification. Use when deploying Notion integrations to production, preparing for launch, verifying go-live readiness, or auditing an existing Notion integration. Trigger: "notion production checklist", "deploy notion integration", "notion go-live", "notion launch readiness", "notion prod audit".

2,274 Updated today
jeremylongshore