Skip to main content

Culture Amp

Culture Amp is an employee experience platform that organizations use to run engagement surveys, performance reviews, and people analytics. The Webrix connector exposes Culture Amp's read-only Public API so an MCP host can answer questions about employees, demographic attributes, performance cycles, and manager reviews without copying data into another system.

The connector is intentionally read-only. It mirrors the supported endpoints in the Culture Amp Public API specification and does not surface deprecated endpoints (such as the legacy Surveys API).

Authentication Types

Culture Amp supports a single authentication method for the Public API:

  • Client Credentials (OAuth 2.0) — Machine-to-machine authentication using an account-level client_id and client_secret issued from Admin Settings.
    • Pros: Server-side, account-scoped access; no end-user consent flow; one credential covers every employee in the account.
    • Cons: Only Account Owner-level admins can issue credentials; tokens carry only the permissions baked into the credential; access is read-only across the entire account.
    • Best for: Reporting, HRIS sync, performance dashboards, and audit pipelines.

Configuration

You'll need three things to set up the integration in Webrix:

  1. A Client ID and Client Secret generated from Culture Amp Admin Settings.
  2. The token URL: https://api.cultureamp.com/v1/oauth2/token.
  3. A scope string of the form target-entity:<entity_id>:<comma-separated permissions>. Culture Amp uses a non-standard scope format, so this is one single value rather than a list.

Target entity IDs

EnvironmentEntity ID
Production8ed17dce-9eca-4383-a9e1-54f82c362b6d
Sandbox79040b4d-3e2b-4480-a061-2e230eeb83b2

Permissions

PermissionWhat it grantsTools that need it
employees-readBasic employee profile dataList Employees, Get Employee
employee-demographics-readDemographic name/value assignmentsList Employee Demographics
performance-evaluations-readPerformance cycles and manager reviewsList Performance Cycles, Get Performance Cycle, List Manager Reviews, Get Manager Review, the by-employee/by-cycle variants

Combine the permissions you need with commas. For full coverage of this connector use:

target-entity:8ed17dce-9eca-4383-a9e1-54f82c362b6d:employees-read,employee-demographics-read,performance-evaluations-read

Setting up Client Credentials

1. Generate API credentials in Culture Amp

  1. Sign in at id.cultureamp.com as an Admin user with Account Owner permissions. Only Account Owners can create credentials.
  2. Click Settings in the top-right navigation.
  3. Click API in the left navigation under Admin Settings.
  4. Click Create API Credential and follow the prompts. Choose the permissions you want this credential to be able to mint tokens for.
  5. Copy the Client ID and Client Secret immediately — the secret is only shown once.
Treat credentials like passwords

Credentials are issued at the Account level and grant access to all of the account's data within their permission scope. Never commit them to source control, and rotate them if you suspect they've leaked.

2. Configure in Webrix

  1. In Webrix, go to IntegrationsNewBuilt-in.
  2. Select Culture Amp and click Use.
  3. Under Authentication Type, choose Client Credentials.
  4. Fill in:
    • Client ID — from step 1
    • Client Secret — from step 1
    • Token URLhttps://api.cultureamp.com/v1/oauth2/token
    • Scope — a single value of the form target-entity:<entity_id>:<comma-separated permissions> (see the table above).
  5. Click Save Changes, then Test Connection. Webrix will exchange the credentials for a short-lived bearer token and call a sanity endpoint.

3. Verify the integration

Run the List Employees tool with no arguments. A successful 200 response confirms the credentials, scope, and entity ID are all wired correctly.

Available Tools

The Culture Amp connector ships nine read-only tools that cover the entire non-deprecated Public API:

Employees (3 tools)

  • List Employees — Paginated list of employees, optionally filtered by email or employee_identifier.
  • Get Employee — Single employee by Culture Amp UUID, including links to demographics and manager reviews.
  • List Employee Demographics — Name/value demographic assignments for one employee.

Performance Cycles (2 tools)

  • List Performance Cycles — Cycles in the account, filterable by state (active / closed / ready) and after_date.
  • Get Performance Cycle — A single cycle by ID.

Manager Reviews (4 tools)

  • List Manager Reviews — Every manager review in the account, with after_date for incremental sync.
  • Get Manager Review — Full review payload (rating, open-text answers, multi-choice answers, acknowledgement).
  • List Manager Reviews by Employee — All manager reviews for one employee across cycles.
  • List Manager Reviews by Performance Cycle — All manager reviews inside one cycle (e.g. for completion-rate reporting).

Pagination

Every list endpoint returns a pagination.afterKey (also surfaced as pagination.nextPath) when there is another page. Pass that value back as the cursor argument on the next call. If a tool also accepts a filter like state or after_date, cursor takes precedence — finish walking the cursor before changing filters.

Common Use Cases

People analytics sync

List Employees (paginate via cursor) →
  For each employee: List Employee Demographics →
  Persist into your data warehouse keyed by employee.id

Incremental manager-review export

List Manager Reviews with after_date = <last sync timestamp> →
  Paginate via cursor →
  Get Manager Review for each new ID to capture full text answers

Per-cycle reporting

List Performance Cycles where state = "active" →
  For each cycle: List Manager Reviews by Performance Cycle →
  Aggregate ratings / completion status

Troubleshooting

invalid_client from the token endpoint

Cause: The Client ID or Client Secret is wrong, has trailing whitespace, or has been revoked in Culture Amp.

Solution:

  1. Re-copy the Client ID and Secret from Culture Amp Admin Settings → API.
  2. Make sure no whitespace was added when pasting.
  3. If the credential was revoked, generate a new one and update the integration.

invalid_scope or empty token response

Cause: The scope string is malformed or uses the wrong entity ID for the environment.

Solution:

  1. Confirm the format is exactly target-entity:<entity_id>:<comma-separated permissions> — one single scope value, not a list.
  2. Use 8ed17dce-9eca-4383-a9e1-54f82c362b6d for production and 79040b4d-3e2b-4480-a061-2e230eeb83b2 for the sandbox.
  3. Make sure each permission is one of employees-read, employee-demographics-read, performance-evaluations-read. The credential itself must also be allowed to mint tokens for those permissions.

403 Forbidden on a specific endpoint

Cause: The token doesn't carry the permission that endpoint requires.

Solution:

  1. Re-issue the integration with a scope string that includes the missing permission (for example, add employee-demographics-read to call List Employee Demographics).
  2. If your credential isn't authorized for that permission at all, ask an Account Owner to update it in Culture Amp Admin Settings.

429 Too Many Requests or 503 Service Unavailable

Cause: Client- or endpoint-level rate limit was exceeded; the API gateway has tripped a circuit breaker.

Solution:

  1. Back off and retry with exponential backoff.
  2. Switch from many Get Employee calls to List Employees plus client-side filtering when fan-out is the cause.
  3. For long-running syncs, prefer after_date so you only fetch what changed.

Trying to call /surveys and getting deprecation errors

Cause: The Culture Amp Surveys Public API was deprecated and is no longer available for new setups.

Solution: Use Culture Amp's Reporting API for survey data. This connector intentionally does not expose the deprecated /surveys/* endpoints.

Additional Resources