---
title: "Connect SafetyCulture to Claude: Track Assets and Custom Fields"
slug: connect-safetyculture-to-claude-track-assets-and-custom-fields
date: 2026-07-16
author: Yuvraj Muley
categories: ["AI & Agents"]
excerpt: "Learn how to generate a secure MCP server with Truto to connect Claude to SafetyCulture. Automate asset tracking, custom fields, and maintenance actions."
tldr: "Connect SafetyCulture to Claude using a Truto-managed MCP server. This guide covers bypassing API complexities, executing multi-step workflows, and locking down security access for enterprise AI agents."
canonical: https://truto.one/blog/connect-safetyculture-to-claude-track-assets-and-custom-fields/
---

# Connect SafetyCulture to Claude: Track Assets and Custom Fields


If you are reading this, you are likely trying to give Claude read and write access to your SafetyCulture (iAuditor) environment to automate asset tracking, maintenance workflows, or custom field updates. To do this reliably, you need a [Model Context Protocol (MCP)](https://truto.one/what-is-mcp-model-context-protocol-the-2026-guide-for-saas-pms/) server that acts as a secure translation layer between Claude's LLM function calls and SafetyCulture's REST API. If your team uses ChatGPT, check out our guide on [connecting SafetyCulture to ChatGPT](https://truto.one/connect-safetyculture-to-chatgpt-manage-actions-and-maintenance/) or explore our broader architectural breakdown on [connecting SafetyCulture to AI Agents](https://truto.one/connect-safetyculture-to-ai-agents-automate-workflows-and-status/).

Giving a Large Language Model (LLM) agentic access to an operational platform like SafetyCulture is fundamentally different from querying a static database. SafetyCulture is a highly structured, deeply nested system of records. Assets have polymorphic custom fields. Actions are decoupled from the assets they reference. If you hand an LLM raw API credentials, it will hallucinate payloads, fail to map custom fields correctly, and crash against rate limits.

This guide breaks down the engineering realities of the SafetyCulture API and shows you exactly how to use Truto to generate a secure, authenticated MCP server. You will learn how to configure the server, connect it natively to Claude, and execute complex asset and action workflows using natural language.

## The Engineering Reality of the SafetyCulture API

Building a custom MCP server means you own the entire integration lifecycle. The MCP specification dictates how Claude discovers tools, but it does nothing to help you navigate the quirks of the underlying vendor API. If you build this yourself, here are the SafetyCulture - specific challenges you will have to engineer around.

**Polymorphic Asset Schemas and Custom Fields**
In SafetyCulture, an asset is not a flat JSON object. The data that actually matters - serial numbers, compliance statuses, custom identifiers - lives inside dynamically mapped custom fields. To update an asset, you cannot simply `PATCH /assets/:id` with `{"status": "broken"}`. You have to call the `set_field_values` endpoint, mapping specific UUIDs for the field definitions to their corresponding values. LLMs struggle to infer these relationships. A managed MCP server exposes these operations as distinct, strongly - typed tools with predefined JSON Schemas, drastically reducing schema hallucination.

**Decoupled Actions and Status Groups**
SafetyCulture relies on Actions (tasks or issues) to drive operational workflows. However, Actions are entirely decoupled from Assets. If a user tells Claude, "Flag the HVAC unit on the roof as broken," the agent must first search for the asset, extract its ID, look up the appropriate Action Type (and its required `type_attributes`), and then create the action. Furthermore, updating an action's state requires navigating Status Groups. An LLM needs explicit, discrete tools for each step of this relational chain to succeed.

**Unforgiving Rate Limits and the 429 Reality**
SafetyCulture enforces strict rate limiting to protect its infrastructure. When you hit a limit, the API returns a `429 Too Many Requests` status. It is critical to note that Truto does not swallow these errors or apply magical background retries. Truto normalizes the upstream rate limit information into standard IETF headers (`ratelimit-limit`, `ratelimit-remaining`, `ratelimit-reset`) and passes the 429 error directly back to the caller. Your AI agent framework (or the Claude client) is responsible for reading these headers and implementing exponential backoff. Exposing raw API endpoints without this normalized header structure causes LLMs to fail silently and loop indefinitely.

## How to Generate a SafetyCulture MCP Server with Truto

Truto [dynamically generates MCP tools](https://truto.one/auto-generated-mcp-tools-for-ai-agents-a-2026-architecture-guide/) based on the available documentation and schema records for the SafetyCulture API. Instead of hand - coding tool definitions, you authenticate a tenant connection, and Truto generates an MCP server URL that contains a cryptographic token defining exactly what tools are exposed.

You can generate this MCP server using the Truto UI for manual testing, or programmatically via the API for automated provisioning.

### Method 1: Generating the MCP Server via the Truto UI

If you are setting up an internal tool or testing workflows locally with Claude Desktop, the UI is the fastest path.

1. Log into your Truto dashboard and navigate to your connected SafetyCulture environment under **Integrated Accounts**.
2. Click on the **MCP Servers** tab.
3. Click **Create MCP Server**.
4. Define your configuration. You can filter by methods (e.g., restricting the server to `read` operations to prevent Claude from modifying production assets) or filter by tags (e.g., only exposing `assets` and `actions`).
5. Copy the generated MCP Server URL (it will look like `https://api.truto.one/mcp/a1b2c3d4e5f6...`). Keep this URL secure; it acts as the authentication layer for your MCP client.

### Method 2: Generating the MCP Server via the API

If you are deploying AI agents for multiple tenants or customers, you should generate MCP servers programmatically. Make a `POST` request to the Truto API to provision a scoped server.

```bash
curl -X POST https://api.truto.one/integrated-account/{integrated_account_id}/mcp \
  -H "Authorization: Bearer YOUR_TRUTO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "SafetyCulture Operations Agent",
    "config": {
      "methods": ["read", "write"],
      "tags": ["assets", "actions", "maintenance"]
    },
    "expires_at": "2025-12-31T23:59:59Z"
  }'
```

The Truto API verifies that the SafetyCulture integration is active and has documented endpoints, stores a hashed version of the token in Cloudflare KV for sub - millisecond latency, and returns the ready - to - use URL.

```json
{
  "id": "mcp_abc123",
  "name": "SafetyCulture Operations Agent",
  "url": "https://api.truto.one/mcp/a1b2c3d4e5f6..."
}
```

## How to Connect the MCP Server to Claude

Once you have your Truto MCP Server URL, you must register it with Claude. Because the Truto MCP Server is fully self - contained, it requires no SDKs or complex middleware, providing [full SaaS API access without security headaches](https://truto.one/managed-mcp-for-claude-full-saas-api-access-without-security-headaches/). 

### Method A: Via the Claude UI (Web / Enterprise)

If you are using a managed Claude environment that supports Custom Connectors via URL:

1. Open your Claude instance and navigate to **Settings -> Integrations** (or **Connectors** depending on your plan tier).
2. Click **Add MCP Server** or **Add Custom Connector**.
3. Paste the Truto MCP URL into the connection field.
4. Click **Add**. Claude will immediately execute an `initialize` handshake, discover the tools, and make them available in the context window.

### Method B: Via the Manual Configuration File (Claude Desktop)

If you are running Claude Desktop locally for development, you configure the connection using the `claude_desktop_config.json` file. Because Truto serves MCP over SSE (Server - Sent Events) via standard HTTP, you will use the official `@modelcontextprotocol/server-sse` transport.

Locate your configuration file:
- **macOS**: `~/Library/Application Support/Claude/claude_desktop_config.json`
- **Windows**: `%APPDATA%\Claude\claude_desktop_config.json`

Add the Truto MCP server to the `mcpServers` object:

```json
{
  "mcpServers": {
    "safetyculture-ops": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-sse",
        "https://api.truto.one/mcp/a1b2c3d4e5f6..."
      ]
    }
  }
}
```

Save the file and restart Claude Desktop. When you start a new conversation, you will see a tool icon indicating that the SafetyCulture tools are active.

## SafetyCulture Hero Tools for Claude

By leveraging the Truto MCP server, Claude gains access to dozens of SafetyCulture operations. Below are the 6 highest - leverage tools for automating operations and maintenance workflows. 

### List All Assets
**Tool Name:** `list_all_safety_culture_assets`

This tool allows Claude to search and retrieve a paginated list of assets from your organization. It returns the core attributes of each asset, including its ID, code, state, and site location. This is almost always the first tool Claude calls in a workflow to discover the `asset_id` needed for subsequent mutations.

> "Find all assets located at the 'Downtown Datacenter' site that are currently marked as 'active'."

### Set Asset Custom Field Values
**Tool Name:** `safety_culture_assets_set_field_values`

Because SafetyCulture relies on polymorphic custom fields, updating an asset's critical data requires this specific tool. It allows Claude to pass the `asset_id` and an array of field objects to update metadata like "Next Inspection Date" or "Compliance Tier."

> "Update the custom field values for asset ID 'ast_8899' to set the 'Maintenance Status' field to 'Pending Inspection'."

### Add Asset Last Service
**Tool Name:** `safety_culture_maintenance_add_asset_last_service`

For fleet management and heavy machinery, tracking maintenance is mandatory. This tool appends a service event to an asset's history. Claude can process unstructured service reports, extract the relevant dates and metrics, and structure them into this tool call.

> "Log a new service event for asset ID 'ast_5544'. The service was completed today, and the notes should say 'Replaced hydraulic filters and checked fluid levels'."

### Create an Action
**Tool Name:** `create_a_safety_culture_action`

Actions are tasks or issues assigned to team members. This tool generates a new action, requiring a title and optional descriptions or assignee data. It returns the newly created `task_id`.

> "Create a new high-priority action titled 'Fix leaking valve on Boiler 3' and assign it to the maintenance team."

### Update Action Status
**Tool Name:** `safety_culture_actions_update_status`

As work is completed, AI agents can monitor communication channels (like Slack or email) and update the corresponding SafetyCulture Action to reflect the new state. This tool takes the `task_id` and the new `status_id`.

> "Update the status of action task 'tsk_9900' to 'Completed'."

### List Action Custom Fields Mapped for Type
**Tool Name:** `safety_culture_action_custom_fields_list_mapped_for_type`

Before Claude can confidently populate complex action data, it needs to know what fields are expected for a specific Action Type. This tool allows Claude to query the schema of an Action Type and retrieve the mapped custom fields and their data requirements.

> "What custom fields are required for the action type 'Incident Report' (type ID: 'typ_1122')?"

To view the complete inventory of available SafetyCulture tools, including schedule generation, webhook management, and asset type configurations, review the [SafetyCulture integration page](https://truto.one/integrations/detail/safetyculture).

## Workflows in Action

Connecting tools to an LLM is only useful if the agent can orchestrate multi - step operations. Here is how Claude handles complex, real - world SafetyCulture scenarios.

### Workflow 1: Automated Equipment Triage and Action Creation

Imagine a site manager messaging Claude with a vague report of broken equipment. Claude must locate the exact asset, update its state, and ensure an action item is logged for the maintenance crew.

> "The main forklift at the Chicago warehouse has a flat tire and cannot be used. Log an issue for this and update its status."

**Step-by-Step Execution:**
1. **`list_all_safety_culture_assets`**: Claude queries the asset registry using the site "Chicago" and the keyword "forklift" to extract the specific `asset_id`.
2. **`safety_culture_assets_set_field_values`**: Claude updates the custom field for "Operational Status" to "Out of Service" for that specific `asset_id`.
3. **`create_a_safety_culture_action`**: Claude generates a new action titled "Repair flat tire on main forklift" with a high priority.
4. **`safety_culture_actions_update_asset`**: Claude links the newly created `task_id` directly to the `asset_id` so the maintenance team has the full context.

Claude responds to the user: *"I found the 'Chicago Main Forklift' (Asset ID: ast_773). I have updated its status to 'Out of Service' and created a high-priority action ticket (Task ID: tsk_884) linked to the asset for the maintenance team."*

```mermaid
sequenceDiagram
    participant User as Site Manager
    participant Claude as Claude Desktop
    participant MCP as Truto MCP Server
    participant SC as SafetyCulture API

    User->>Claude: "The main forklift at Chicago has a flat tire..."
    Claude->>MCP: Call list_all_safety_culture_assets
    MCP->>SC: GET /assets?site=Chicago&search=forklift
    SC-->>MCP: Returns asset_id
    MCP-->>Claude: JSON Array of assets
    Claude->>MCP: Call safety_culture_assets_set_field_values
    MCP->>SC: POST /assets/{id}/field_values
    SC-->>MCP: 200 OK
    MCP-->>Claude: Success
    Claude->>MCP: Call create_a_safety_culture_action
    MCP->>SC: POST /tasks
    SC-->>MCP: Returns task_id
    MCP-->>Claude: Success (Task ID)
    Claude->>User: "Status updated and action created."
```

### Workflow 2: Fleet Maintenance Auditing and Logging

Maintenance audits often involve cross - referencing compliance requirements with recent service history. Claude can audit an asset and append missing service data based on unstructured input.

> "I just reviewed the maintenance logs for Generator Alpha. Add a service record for today indicating we flushed the coolant, and then check what custom fields we need to fill out for a 'Compliance Audit' action type."

**Step-by-Step Execution:**
1. **`list_all_safety_culture_search_assets`**: Claude finds the ID for "Generator Alpha".
2. **`safety_culture_maintenance_add_asset_last_service`**: Claude posts a new service event payload to the asset, setting the date to the current timestamp and adding the coolant flush notes.
3. **`list_all_safety_culture_action_types`**: Claude looks up the UUID for the "Compliance Audit" action type.
4. **`safety_culture_action_custom_fields_list_mapped_for_type`**: Claude retrieves the schema for the Compliance Audit to inform the user what data is missing.

Claude responds: *"The service record for Generator Alpha has been logged. For the upcoming Compliance Audit, the required custom fields are 'Inspector ID', 'Ambient Temperature', and 'Emissions Reading'. Please provide those so I can create the audit action."*

## Security and Access Control

Giving an AI agent write access to your compliance and operations data requires strict security boundaries. Truto provides several mechanisms to lock down your MCP servers:

*   **Method Filtering**: You can configure the MCP token with `methods: ["read"]`. This drops all `create`, `update`, and `delete` tools from the generated payload, ensuring the LLM can only query data, never mutate it.
*   **Tag Filtering**: Using `tags: ["assets"]`, you can restrict the server to only expose asset-related tools, preventing the AI from accessing user directories or global account settings.
*   **Expiration (TTL)**: By setting an `expires_at` timestamp during server creation, Truto will automatically revoke the token and clean up the underlying KV storage when the time expires - perfect for temporary agent sessions.
*   **Enforced API Token Authentication**: Setting `require_api_token_auth: true` forces the client to pass a valid Truto API token in the `Authorization` header alongside the MCP URL token. This prevents unauthorized execution even if the MCP URL leaks in application logs.

## Rethinking Agentic Integration Architecture

Connecting Claude to SafetyCulture is not about writing a few API wrappers; it is about taming the structural complexity of an enterprise operations platform. When comparing [Truto vs Merge or custom agent handlers](https://truto.one/truto-vs-merge-agent-handler-the-2026-ai-tool-calling-architecture-guide/), you see the advantage of abstracting the protocol boilerplate.

By leveraging Truto's dynamic MCP server generation, you handle the pagination normalization, header mapping, and token lifecycle, exposing a clean, strongly - typed JSON-RPC interface to your LLMs. You get to focus on what matters: designing AI workflows that keep your operations running safely and efficiently.

> Stop writing point-to-point connector code for your AI agents. Let Truto handle the integration layer.
>
> [Talk to us](https://cal.com/truto/partner-with-truto)
