Managing API Tokens
API tokens let AI assistants authenticate with FeedbackPulse on behalf of a user. Admins manage which users have access and can revoke tokens at any time.
When to use OAuth vs API tokens
Section titled “When to use OAuth vs API tokens”| Connection type | What to use |
|---|---|
| Claude Desktop or Claude.ai | OAuth (no manual token needed) |
| Claude Code, Cursor, or custom scripts | Personal API token |
Step 1 — Enable MCP for your organisation
Section titled “Step 1 — Enable MCP for your organisation”- Go to Settings > Features
- Find AI Integrations (MCP) and toggle it on
- Click Save
This makes the Settings > Integrations page visible to Admins.
Step 2 — Grant access to users
Section titled “Step 2 — Grant access to users”- Go to Settings > Integrations
- Find the user in the list and toggle MCP Access on for them
- Repeat for each user who needs access
Users without MCP access enabled will receive a “Your account does not have MCP access” error if they try to connect.
Step 3 — Create an API token
Section titled “Step 3 — Create an API token”Tokens are required for clients that don’t support OAuth (such as Claude Code, Cursor, or custom scripts). For Claude Desktop and Claude.ai, tokens are managed automatically through OAuth — you don’t need to create one manually.
- Go to Settings > Integrations
- Click Create Token next to the relevant user (or yourself)
- Enter a descriptive name (e.g. “Claude Code – MacBook”)
- Choose a scope (see below)
- Click Create
- Copy the token — it is shown only once
The page will also display a ready-to-use configuration snippet you can paste directly into your AI client.
Token scopes
Section titled “Token scopes”| Scope | What it allows | Who can use it |
|---|---|---|
mcp:use | Read access to surveys, review cycles, peer reviews, recognitions, and employee data | All users with MCP access |
mcp:write | Everything in mcp:use, plus creating and updating survey templates | Admins only |
Select mcp:use for most connections. Only select mcp:write if you need your AI assistant to create or edit survey templates. OAuth connections (Claude Desktop, Claude.ai) always use mcp:use — the write scope is only available via personal access tokens.
Revoking a token
Section titled “Revoking a token”- Go to Settings > Integrations
- Find the token in the list and click Revoke
- Confirm the action
The token stops working immediately. Any connected AI clients using that token will receive an authentication error on their next request.
Token behaviour
Section titled “Token behaviour”| Situation | What happens |
|---|---|
| User account is deactivated | All their tokens are revoked automatically |
| Token is not used for 90 days | Token remains active (does not auto-expire) |
| Admin revokes a token | Stops working immediately |
| OAuth access token expires | Client uses the refresh token to get a new one automatically (1-hour access tokens, 30-day refresh tokens) |
Rules and constraints
Section titled “Rules and constraints”- Only Admins can toggle MCP access on or off for other users.
- Users can only see and manage their own tokens (unless they are an Admin).
- There is no limit on the number of tokens per user, but each token should have a unique name for easy identification.