Authentication
The Evernote MCP server uses OAuth 2.0. You sign in to Evernote once, in your client, and approve access — there are no API keys or tokens to manage.
OAuth 2.0
When you add the server, your client starts an OAuth flow against accounts.evernote.com. You review and grant access on Evernote’s consent screen, and the client receives a token it sends with each request. The server validates that token before any tool runs.
No app registration
Clients that support OAuth Dynamic Client Registration connect with no manual setup — you don’t create an Evernote app or paste credentials. The server registers your client automatically as part of the flow.
Permissions
Access is scoped to what your Evernote account already allows. The AI tool can only see and change what you can see and change.
Review actions. As with any connected tool, review what your assistant does before confirming changes to your notes.