Connect SafetyCulture to Claude: Track Assets and Custom Fields
Learn how to generate a secure MCP server with Truto to connect Claude to SafetyCulture. Automate asset tracking, custom fields, and maintenance actions.
If you are reading this, you are likely trying to give Claude read and write access to your SafetyCulture (iAuditor) environment to automate asset tracking, maintenance workflows, or custom field updates. To do this reliably, you need a Model Context Protocol (MCP) server that acts as a secure translation layer between Claude's LLM function calls and SafetyCulture's REST API. If your team uses ChatGPT, check out our guide on connecting SafetyCulture to ChatGPT or explore our broader architectural breakdown on connecting SafetyCulture to AI Agents.
Giving a Large Language Model (LLM) agentic access to an operational platform like SafetyCulture is fundamentally different from querying a static database. SafetyCulture is a highly structured, deeply nested system of records. Assets have polymorphic custom fields. Actions are decoupled from the assets they reference. If you hand an LLM raw API credentials, it will hallucinate payloads, fail to map custom fields correctly, and crash against rate limits.
This guide breaks down the engineering realities of the SafetyCulture API and shows you exactly how to use Truto to generate a secure, authenticated MCP server. You will learn how to configure the server, connect it natively to Claude, and execute complex asset and action workflows using natural language.
The Engineering Reality of the SafetyCulture API
Building a custom MCP server means you own the entire integration lifecycle. The MCP specification dictates how Claude discovers tools, but it does nothing to help you navigate the quirks of the underlying vendor API. If you build this yourself, here are the SafetyCulture - specific challenges you will have to engineer around.
Polymorphic Asset Schemas and Custom Fields
In SafetyCulture, an asset is not a flat JSON object. The data that actually matters - serial numbers, compliance statuses, custom identifiers - lives inside dynamically mapped custom fields. To update an asset, you cannot simply PATCH /assets/:id with {"status": "broken"}. You have to call the set_field_values endpoint, mapping specific UUIDs for the field definitions to their corresponding values. LLMs struggle to infer these relationships. A managed MCP server exposes these operations as distinct, strongly - typed tools with predefined JSON Schemas, drastically reducing schema hallucination.
Decoupled Actions and Status Groups
SafetyCulture relies on Actions (tasks or issues) to drive operational workflows. However, Actions are entirely decoupled from Assets. If a user tells Claude, "Flag the HVAC unit on the roof as broken," the agent must first search for the asset, extract its ID, look up the appropriate Action Type (and its required type_attributes), and then create the action. Furthermore, updating an action's state requires navigating Status Groups. An LLM needs explicit, discrete tools for each step of this relational chain to succeed.
Unforgiving Rate Limits and the 429 Reality
SafetyCulture enforces strict rate limiting to protect its infrastructure. When you hit a limit, the API returns a 429 Too Many Requests status. It is critical to note that Truto does not swallow these errors or apply magical background retries. Truto normalizes the upstream rate limit information into standard IETF headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset) and passes the 429 error directly back to the caller. Your AI agent framework (or the Claude client) is responsible for reading these headers and implementing exponential backoff. Exposing raw API endpoints without this normalized header structure causes LLMs to fail silently and loop indefinitely.
How to Generate a SafetyCulture MCP Server with Truto
Truto dynamically generates MCP tools based on the available documentation and schema records for the SafetyCulture API. Instead of hand - coding tool definitions, you authenticate a tenant connection, and Truto generates an MCP server URL that contains a cryptographic token defining exactly what tools are exposed.
You can generate this MCP server using the Truto UI for manual testing, or programmatically via the API for automated provisioning.
Method 1: Generating the MCP Server via the Truto UI
If you are setting up an internal tool or testing workflows locally with Claude Desktop, the UI is the fastest path.
- Log into your Truto dashboard and navigate to your connected SafetyCulture environment under Integrated Accounts.
- Click on the MCP Servers tab.
- Click Create MCP Server.
- Define your configuration. You can filter by methods (e.g., restricting the server to
readoperations to prevent Claude from modifying production assets) or filter by tags (e.g., only exposingassetsandactions). - Copy the generated MCP Server URL (it will look like
https://api.truto.one/mcp/a1b2c3d4e5f6...). Keep this URL secure; it acts as the authentication layer for your MCP client.
Method 2: Generating the MCP Server via the API
If you are deploying AI agents for multiple tenants or customers, you should generate MCP servers programmatically. Make a POST request to the Truto API to provision a scoped server.
curl -X POST https://api.truto.one/integrated-account/{integrated_account_id}/mcp \
-H "Authorization: Bearer YOUR_TRUTO_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "SafetyCulture Operations Agent",
"config": {
"methods": ["read", "write"],
"tags": ["assets", "actions", "maintenance"]
},
"expires_at": "2025-12-31T23:59:59Z"
}'The Truto API verifies that the SafetyCulture integration is active and has documented endpoints, stores a hashed version of the token in Cloudflare KV for sub - millisecond latency, and returns the ready - to - use URL.
{
"id": "mcp_abc123",
"name": "SafetyCulture Operations Agent",
"url": "https://api.truto.one/mcp/a1b2c3d4e5f6..."
}How to Connect the MCP Server to Claude
Once you have your Truto MCP Server URL, you must register it with Claude. Because the Truto MCP Server is fully self - contained, it requires no SDKs or complex middleware, providing full SaaS API access without security headaches.
Method A: Via the Claude UI (Web / Enterprise)
If you are using a managed Claude environment that supports Custom Connectors via URL:
- Open your Claude instance and navigate to Settings -> Integrations (or Connectors depending on your plan tier).
- Click Add MCP Server or Add Custom Connector.
- Paste the Truto MCP URL into the connection field.
- Click Add. Claude will immediately execute an
initializehandshake, discover the tools, and make them available in the context window.
Method B: Via the Manual Configuration File (Claude Desktop)
If you are running Claude Desktop locally for development, you configure the connection using the claude_desktop_config.json file. Because Truto serves MCP over SSE (Server - Sent Events) via standard HTTP, you will use the official @modelcontextprotocol/server-sse transport.
Locate your configuration file:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
Add the Truto MCP server to the mcpServers object:
{
"mcpServers": {
"safetyculture-ops": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/server-sse",
"https://api.truto.one/mcp/a1b2c3d4e5f6..."
]
}
}
}Save the file and restart Claude Desktop. When you start a new conversation, you will see a tool icon indicating that the SafetyCulture tools are active.
SafetyCulture Hero Tools for Claude
By leveraging the Truto MCP server, Claude gains access to dozens of SafetyCulture operations. Below are the 6 highest - leverage tools for automating operations and maintenance workflows.
List All Assets
Tool Name: list_all_safety_culture_assets
This tool allows Claude to search and retrieve a paginated list of assets from your organization. It returns the core attributes of each asset, including its ID, code, state, and site location. This is almost always the first tool Claude calls in a workflow to discover the asset_id needed for subsequent mutations.
"Find all assets located at the 'Downtown Datacenter' site that are currently marked as 'active'."
Set Asset Custom Field Values
Tool Name: safety_culture_assets_set_field_values
Because SafetyCulture relies on polymorphic custom fields, updating an asset's critical data requires this specific tool. It allows Claude to pass the asset_id and an array of field objects to update metadata like "Next Inspection Date" or "Compliance Tier."
"Update the custom field values for asset ID 'ast_8899' to set the 'Maintenance Status' field to 'Pending Inspection'."
Add Asset Last Service
Tool Name: safety_culture_maintenance_add_asset_last_service
For fleet management and heavy machinery, tracking maintenance is mandatory. This tool appends a service event to an asset's history. Claude can process unstructured service reports, extract the relevant dates and metrics, and structure them into this tool call.
"Log a new service event for asset ID 'ast_5544'. The service was completed today, and the notes should say 'Replaced hydraulic filters and checked fluid levels'."
Create an Action
Tool Name: create_a_safety_culture_action
Actions are tasks or issues assigned to team members. This tool generates a new action, requiring a title and optional descriptions or assignee data. It returns the newly created task_id.
"Create a new high-priority action titled 'Fix leaking valve on Boiler 3' and assign it to the maintenance team."
Update Action Status
Tool Name: safety_culture_actions_update_status
As work is completed, AI agents can monitor communication channels (like Slack or email) and update the corresponding SafetyCulture Action to reflect the new state. This tool takes the task_id and the new status_id.
"Update the status of action task 'tsk_9900' to 'Completed'."
List Action Custom Fields Mapped for Type
Tool Name: safety_culture_action_custom_fields_list_mapped_for_type
Before Claude can confidently populate complex action data, it needs to know what fields are expected for a specific Action Type. This tool allows Claude to query the schema of an Action Type and retrieve the mapped custom fields and their data requirements.
"What custom fields are required for the action type 'Incident Report' (type ID: 'typ_1122')?"
To view the complete inventory of available SafetyCulture tools, including schedule generation, webhook management, and asset type configurations, review the SafetyCulture integration page.
Workflows in Action
Connecting tools to an LLM is only useful if the agent can orchestrate multi - step operations. Here is how Claude handles complex, real - world SafetyCulture scenarios.
Workflow 1: Automated Equipment Triage and Action Creation
Imagine a site manager messaging Claude with a vague report of broken equipment. Claude must locate the exact asset, update its state, and ensure an action item is logged for the maintenance crew.
"The main forklift at the Chicago warehouse has a flat tire and cannot be used. Log an issue for this and update its status."
Step-by-Step Execution:
list_all_safety_culture_assets: Claude queries the asset registry using the site "Chicago" and the keyword "forklift" to extract the specificasset_id.safety_culture_assets_set_field_values: Claude updates the custom field for "Operational Status" to "Out of Service" for that specificasset_id.create_a_safety_culture_action: Claude generates a new action titled "Repair flat tire on main forklift" with a high priority.safety_culture_actions_update_asset: Claude links the newly createdtask_iddirectly to theasset_idso the maintenance team has the full context.
Claude responds to the user: "I found the 'Chicago Main Forklift' (Asset ID: ast_773). I have updated its status to 'Out of Service' and created a high-priority action ticket (Task ID: tsk_884) linked to the asset for the maintenance team."
sequenceDiagram
participant User as Site Manager
participant Claude as Claude Desktop
participant MCP as Truto MCP Server
participant SC as SafetyCulture API
User->>Claude: "The main forklift at Chicago has a flat tire..."
Claude->>MCP: Call list_all_safety_culture_assets
MCP->>SC: GET /assets?site=Chicago&search=forklift
SC-->>MCP: Returns asset_id
MCP-->>Claude: JSON Array of assets
Claude->>MCP: Call safety_culture_assets_set_field_values
MCP->>SC: POST /assets/{id}/field_values
SC-->>MCP: 200 OK
MCP-->>Claude: Success
Claude->>MCP: Call create_a_safety_culture_action
MCP->>SC: POST /tasks
SC-->>MCP: Returns task_id
MCP-->>Claude: Success (Task ID)
Claude->>User: "Status updated and action created."Workflow 2: Fleet Maintenance Auditing and Logging
Maintenance audits often involve cross - referencing compliance requirements with recent service history. Claude can audit an asset and append missing service data based on unstructured input.
"I just reviewed the maintenance logs for Generator Alpha. Add a service record for today indicating we flushed the coolant, and then check what custom fields we need to fill out for a 'Compliance Audit' action type."
Step-by-Step Execution:
list_all_safety_culture_search_assets: Claude finds the ID for "Generator Alpha".safety_culture_maintenance_add_asset_last_service: Claude posts a new service event payload to the asset, setting the date to the current timestamp and adding the coolant flush notes.list_all_safety_culture_action_types: Claude looks up the UUID for the "Compliance Audit" action type.safety_culture_action_custom_fields_list_mapped_for_type: Claude retrieves the schema for the Compliance Audit to inform the user what data is missing.
Claude responds: "The service record for Generator Alpha has been logged. For the upcoming Compliance Audit, the required custom fields are 'Inspector ID', 'Ambient Temperature', and 'Emissions Reading'. Please provide those so I can create the audit action."
Security and Access Control
Giving an AI agent write access to your compliance and operations data requires strict security boundaries. Truto provides several mechanisms to lock down your MCP servers:
- Method Filtering: You can configure the MCP token with
methods: ["read"]. This drops allcreate,update, anddeletetools from the generated payload, ensuring the LLM can only query data, never mutate it. - Tag Filtering: Using
tags: ["assets"], you can restrict the server to only expose asset-related tools, preventing the AI from accessing user directories or global account settings. - Expiration (TTL): By setting an
expires_attimestamp during server creation, Truto will automatically revoke the token and clean up the underlying KV storage when the time expires - perfect for temporary agent sessions. - Enforced API Token Authentication: Setting
require_api_token_auth: trueforces the client to pass a valid Truto API token in theAuthorizationheader alongside the MCP URL token. This prevents unauthorized execution even if the MCP URL leaks in application logs.
Rethinking Agentic Integration Architecture
Connecting Claude to SafetyCulture is not about writing a few API wrappers; it is about taming the structural complexity of an enterprise operations platform. When comparing Truto vs Merge or custom agent handlers, you see the advantage of abstracting the protocol boilerplate.
By leveraging Truto's dynamic MCP server generation, you handle the pagination normalization, header mapping, and token lifecycle, exposing a clean, strongly - typed JSON-RPC interface to your LLMs. You get to focus on what matters: designing AI workflows that keep your operations running safely and efficiently.
FAQ
- How does Truto handle SafetyCulture API rate limits?
- Truto does not silently retry or swallow rate limits. It passes the 429 Too Many Requests error directly to the caller, normalizing the upstream rate limit data into standard IETF headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset). The caller is responsible for implementing retry and backoff logic.
- Can I prevent Claude from deleting assets in SafetyCulture?
- Yes. When generating the MCP server via Truto, you can configure method filtering (e.g., methods: ["read"]). This prevents any write, update, or delete tools from being exposed to the LLM.
- How does the AI update custom fields on an asset?
- Truto exposes specific tools like safety_culture_assets_set_field_values. Claude uses this tool to pass the asset ID and the corresponding custom field UUIDs and values, avoiding the need to construct complex polymorphic JSON payloads manually.
- Do I need to manage authentication tokens for the MCP server?
- No. The MCP server URL generated by Truto contains a cryptographic token that maps directly to your connected SafetyCulture account. Truto handles the underlying API authentication automatically.