iA Document Management MCP Server

MCP (Model Context Protocol) server for interacting with WingArc's iA Document Management System.

Features

This MCP server provides three main tools for interacting with iA Document Management:

1. ia_login - Authenticate with the iA Document Management System
2. ia_search_documents - Search for documents using free word search
3. ia_logout - Logout from the system

Installation

npm install
npm run build

Configuration

Set the base URL for your iA Document Management System:

export IA_BASE_URL="https://wat-cloud-div.spa-cloud.com"

Or provide it as a parameter when calling the tools.

Usage with Claude Desktop

Add the following to your Claude Desktop configuration file:

MacOS: ~/Library/Application Support/Claude/claude_desktop_config.json Windows: %APPDATA%/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "ia-document-management": {
      "command": "node",
      "args": [
        "/Users/sakiko/Applications/iA文書管理MCP/dist/index.js"
      ],
      "env": {
        "IA_BASE_URL": "https://wat-cloud-div.spa-cloud.com"
      }
    }
  }
}

Tools

ia_login

Authenticate with the iA Document Management System.

Parameters:

• user (required): Username
• password (required): Password
• domain (optional): Domain name (defaults to "local")
• baseUrl (optional): Base URL of the system

Returns:

• sessionCookie: Session cookie (JSESSIONID) to use for subsequent requests
• xsrfCookie: XSRF token cookie for CSRF protection
• xsrfToken: XSRF token value (also available in response header)
• userId: Authenticated user ID

ia_search_documents

Search for documents using free word search.

Parameters:

• searchWord (optional): Free word search term
• folderIds (required): Array of folder IDs to search (format: [{id: "123", federationId: "optional"}])
• operator (optional): "AND" or "OR" (defaults to "AND")
• recursive (optional): Include subfolders (defaults to true)
• properties (optional): System properties to retrieve (e.g., ["name", "createDate", "updateDate"])
• sessionCookie (required): Session cookie from ia_login
• xsrfToken (recommended): XSRF token from ia_login for CSRF protection
• baseUrl (optional): Base URL of the system

Returns:

• results: Array of matching documents
• resultCount: Number of documents found

ia_logout

Logout from the iA Document Management System.

Parameters:

• sessionCookie (required): Session cookie from ia_login
• xsrfToken (required): XSRF token from ia_login for CSRF protection
• baseUrl (optional): Base URL of the system

Returns:

• success: Boolean indicating logout success
• userId: User ID that was logged out (when successful)

Note: Logout now works correctly with proper CSRF headers (X-Requested-With and X-XSRF-TOKEN).

Example Workflow

1. Login:

Please login to iA Document Management with username "myuser" and password "mypassword"

2. Search Documents:

Search for documents containing "invoice" in folder ID "123"

3. Logout:

Please logout from the system

Security Notes

CSRF Protection

The iA Document Management System uses XSRF (Cross-Site Request Forgery) tokens for security:

• Login response includes an X-Xsrf-Token header and XSRF-TOKEN cookie
• Subsequent requests must include:
  • X-Requested-With: XMLHttpRequest header (required for all non-GET requests)
  • X-XSRF-TOKEN header with the token value
• The MCP server automatically handles these CSRF headers when xsrfToken is provided
• Important: Using an incorrect CSRF token will invalidate it, requiring a new login

Session Management

• Sessions are maintained via JSESSIONID cookie
• Sessions automatically expire after a period of inactivity
• Logout works correctly when proper CSRF headers are included
• Always store session credentials securely and never commit them to version control

API Documentation

• Login API
• Document Search API
• Logout API
• CSRF Token Implementation

License

MIT