Todoist MCP

Interact with your Todoist account to manage tasks and projects.

View on GitHub →

Todoist MCP

Note: predictably obsoleted by Todoist AI SDK, see here.

Connect this Model Context Protocol server to your LLM to interact with Todoist.

Functionality

This integration implements all the APIs available from the Todoist TypeScript Client, providing access to:

Task Management

  • Create tasks (with content, descriptions, due dates, priorities, labels, and more)
  • Create tasks with natural language (e.g., "Submit report by Friday 5pm #Work")
  • Retrieve tasks (individual, filtered, or all tasks)
  • Retrieve completed tasks (by completion date or due date)
  • Get productivity statistics
  • Update tasks
  • Move tasks (individually or in batches)
  • Close/reopen tasks
  • Delete tasks

Project Management

  • Create, retrieve, update, and delete projects

Section Management

  • Create, retrieve, update, and delete sections within projects

Comment Management

  • Add, retrieve, update, and delete comments for tasks or projects

Label Management

  • Create, retrieve, update, and delete labels
  • Manage shared labels

Collaboration

  • Get collaborators for projects

Setup

Build the server app:

bun install
bun run build

Run in development

TODOIST_API_KEY=<key> bun dev

Docker deployment:

docker compose up -d

Debugging:

Use the inspector to debug the server:


bunx @modelcontextprotocol/inspector

Configure Claude:

You must install the Claude desktop app which supports MCP.

You can get your Todoist API key from Todoist > Settings > Integrations > Developer.

Then, in your claude_desktop_config.json, add a new MCP server:

{
    "mcpServers": {
        "default-server": {
            "type": "streamable-http",
            "url": "http://localhost:3000/mcp",
            "note": "For Streamable HTTP connections, add this URL directly in your MCP Client"
        }
    }
}

You can now launch Claude desktop app and ask to update Todoist.

🔐 Security Features

This MCP server has been secured with enterprise-grade security measures:

  • Authentication Required: JWT Bearer tokens or API key authentication
  • Rate Limiting: Prevents abuse with configurable limits
  • Input Validation: Comprehensive request validation and sanitization
  • Security Headers: CORS, CSP, HSTS, and other security headers
  • Logging & Monitoring: Security event logging and request monitoring
  • Environment Configuration: Secure configuration via environment variables

See SECURITY.md for detailed security documentation.

Quick Security Setup

  1. Generate secure tokens:

    npm run setup-security

  2. Create .env file:

    cp .env.example .env
# Add your generated tokens and Todoist API key

  3. Required Environment Variables:

    JWT_SECRET=your_generated_jwt_secret_here
TODOIST_API_KEY=your_todoist_api_key_here

Authentication

The server supports two authentication methods:

Method 1: API Key (Recommended for scripts)

curl -X POST http://localhost:3000/mcp \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc": "2.0", "method": "tools/list", "id": 1}'

Method 2: JWT Bearer Token (Recommended for applications)

curl -X POST http://localhost:3000/mcp \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc": "2.0", "method": "tools/list", "id": 1}'

Related Servers