BambooHR

The BambooHR connector gives AI agents access to your HR data — employee records, departments, time-off requests, job openings, and custom reports. Authentication uses a BambooHR API key stored encrypted in MCPGate's vault, never exposed to the AI client.

Authentication#

BambooHR uses API key authentication. To connect:

  1. Sign in to BambooHR and click your profile icon in the top right
  2. Navigate to Account → API Keys
  3. Click Add New Key, give it a name, and copy the generated key
  4. Paste it into the API Key field in MCPGate's connector setup form

Note

The API key inherits the permissions of the user who generated it. Use an account with the minimum permissions required for your use case.

Tool reference#

The BambooHR connector exposes 10 tools: 7 read and 3 write. Use the MCP Apps page to enable or disable individual tools per app.

ToolCategoryDescription
bamboohr_list_employeesreadList all employees in BambooHR
bamboohr_get_employeereadGet a specific BambooHR employee by ID
bamboohr_list_time_offreadList time-off requests for employees
bamboohr_get_directoryreadGet the employee directory
bamboohr_list_departmentsreadList all departments in BambooHR
bamboohr_get_reportreadRun a BambooHR report by report ID
bamboohr_list_job_openingsreadList open job positions in BambooHR
bamboohr_create_employeewriteCreate a new employee record in BambooHR
bamboohr_update_employeewriteUpdate an existing employee record in BambooHR
bamboohr_request_time_offwriteSubmit a time-off request for an employee

Employee data is sensitive PII

BambooHR contains personally identifiable information (PII) including names, salaries, addresses, and employment history. Ensure the MCPGate app using this connector has appropriate access controls. Consider enabling the PII guardrail to prevent sensitive fields from being returned to the AI client.

Common guardrail recipes#

Read-only access#

Enable only the seven read tools and deny all write tools. Use this for reporting agents that answer headcount, department structure, or time-off balance questions without modifying any employee records.

HR manage preset#

Use the built-in hr_manage preset to allow reads plus bamboohr_update_employee and bamboohr_request_time_off, while keeping bamboohr_create_employee denied. Agents can manage existing employee records and handle time-off requests without the ability to onboard new hires.

Redact sensitive fields#

Apply the redact_fields guardrail template to bamboohr_list_employees and bamboohr_get_employee. Configure it to remove fields such as salary, ssn, and homeAddress from API responses before they reach the AI client.

Troubleshooting#

  • 403 Forbidden — The API key was generated by a user without sufficient BambooHR permissions. Ensure the user has at least Employee Read access. For write operations, the user needs the appropriate write-level permissions.
  • Employee not found — BambooHR employee IDs are integers. Verify you are passing the numeric ID (visible in the BambooHR URL when viewing an employee profile).
  • Report returns no databamboohr_get_report requires a valid report ID that exists in your BambooHR account. Check the report ID in BambooHR under Reports → Custom Reports.