Gusto

The Gusto connector lets AI agents read payroll data, employee and contractor records, benefits, departments, and work locations through the Gusto API using OAuth 2.0. Your credentials are stored encrypted in MCPGate's vault and are never exposed to the AI client.

Required scopes#

MCPGate requests the following OAuth scopes when you connect Gusto. All scopes are requested up front to cover read and write operations.

Scope	Purpose
public	Read company, employee, and payroll data
employees:write	Create and update employee records

Tool reference#

The Gusto connector exposes 10 tools: 8 read and 2 write. Use the MCP Apps page to enable or disable individual tools per app.

Tool	Category	Description
gusto_list_employees	read	List all employees for a Gusto company
gusto_get_employee	read	Get a specific Gusto employee by ID
gusto_list_payrolls	read	List payrolls for a Gusto company
gusto_get_payroll	read	Get a specific Gusto payroll by ID
gusto_list_benefits	read	List company benefits in Gusto
gusto_list_departments	read	List departments in a Gusto company
gusto_list_locations	read	List work locations for a Gusto company
gusto_list_contractors	read	List contractors for a Gusto company
gusto_create_employee	write	Create a new employee in Gusto
gusto_update_employee	write	Update an existing employee in Gusto

Payroll data is highly sensitive

Gusto payroll data includes employee compensation, tax information, and bank details. Ensure the MCPGate app using this connector is scoped tightly and that only trusted AI clients have access. Consider enabling the PII guardrail to prevent sensitive fields from being passed back to the AI.

Common guardrail recipes#

Read-only access#

Enable only the eight read tools and deny gusto_create_employee and gusto_update_employee. Use this for HR reporting agents that answer headcount, payroll cost, or benefits questions without modifying the employee database.

HR manage preset#

Use the built-in hr_manage preset to allow reads plus gusto_update_employee, while keeping gusto_create_employee denied. Agents can update existing records — such as department transfers or location changes — without the ability to onboard new employees.

Restrict payroll access#

If agents only need headcount and organisational data, deny gusto_list_payrolls and gusto_get_payroll explicitly. This prevents the AI from accessing compensation details even when the read preset is active.

Troubleshooting#

Company ID required — Most Gusto tools require a company_id parameter. This is the UUID of your Gusto company, available in the Gusto API or in the URL when logged into the Gusto dashboard.
Token expired — Gusto OAuth access tokens expire. MCPGate automatically refreshes tokens; if refresh fails, disconnect and reconnect the Gusto connector.
Demo vs. production environment — Gusto has separate demo and production API environments. Ensure you connect the correct environment by using credentials from the appropriate Gusto Developer application.