Gainsight MCP | OAuth 2.0 Gainsight connector for AI agents

CALL ANY TOOL

OAuth-scoped per CSM. Every health score query and activity log attributed to the authorizing user.

gainsight_accounts_health_get

Get account health

Retrieve health scores, health measures, and trend data for accounts in the authorizing CSM's portfolio.

Parameters

Name

Type

Required

Description

account_id

string

Optional

Gainsight account ID (omit to list all in portfolio)

min_score

integer

Optional

Filter accounts below this health score

gainsight_activities_list

List activities

gainsight_success_plans_get

Get success plans

gainsight_ctas_list

List CTAs

gainsight_timeline_create

Create timeline activity

Build your Agent

Drop the toolkit in, point it at the authorized CSM, and your agent can query health scores and customer timelines from the first run.

Copied

import { ScalekitClient } from "@scalekit-sdk/node";
import { DynamicStructuredTool } from "@langchain/core/tools";
import { createReactAgent } from "@langchain/langgraph/prebuilt";
import { z } from "zod";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["gainsightmcp"], toolNames: ["gainsight_health_score_get", "gainsight_timeline_log", "gainsight_tasks_list"] },
  pageSize: 100,
});

const lcTools = tools.map((t) => new DynamicStructuredTool({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  schema: z.object({}).passthrough(),
  func: async (args) => {
    const { data } = await sk.tools.executeTool({
      toolName: t.tool.definition.name,
      identifier: "user_123",
      params: args,
    });
    return JSON.stringify(data);
  },
}));

const agent = createReactAgent({ llm, tools: lcTools });

Copied

import { ScalekitClient } from "@scalekit-sdk/node";
import OpenAI from "openai";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["gainsightmcp"], toolNames: ["gainsight_health_score_get", "gainsight_timeline_log", "gainsight_tasks_list"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  type: "function",
  function: {
    name: t.tool.definition.name,
    description: t.tool.definition.description,
    parameters: t.tool.definition.input_schema,
  },
}));

const resp = await openai.responses.create({
  model: "gpt-4o", input: prompt, tools: llmTools,
});

import { ScalekitClient } from "@scalekit-sdk/node";
import Anthropic from "@anthropic-ai/sdk";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["gainsightmcp"], toolNames: ["gainsight_health_score_get", "gainsight_timeline_log", "gainsight_tasks_list"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  input_schema: t.tool.definition.input_schema,
}));

const msg = await anthropic.messages.create({
  model: "claude-sonnet-4-6", max_tokens: 1024,
  tools: llmTools,
  messages: [{ role: "user", content: prompt }],
});

Copied

import { Agent } from "@google/adk/agents";
import {
  MCPToolset, StreamableHTTPConnectionParams,
} from "@google/adk/tools/mcp";

const toolset = new MCPToolset({
  connectionParams: new StreamableHTTPConnectionParams({
    url: "https://mcp.scalekit.com/gainsightmcp",
    headers: { Authorization: `Bearer ${userScopedToken}` },
  }),
});

const agent = new Agent({
  name: "agent", model: "gemini-2.0-flash",
  tools: await toolset.getTools(),
});

Try these prompts

Paste any prompt into your CS agent to start pulling health scores and customer data from Gainsight.

Search & recall

Copy the prompt

Copied

Show health score trends for all accounts in the enterprise segment this quarter.

Copy the prompt

Copied

List all open CTAs for accounts at risk of churn in the next 60 days.

Copy the prompt

Copied

Get the latest timeline entries for [account name].

Action & updates

Copy the prompt

Copied

Log a success plan update for [account] with milestone: [milestone].

Copy the prompt

Copied

Create a CTA for [account] to schedule an EBR before renewal.

Copy the prompt

Copied

Update health score for [account] based on latest NPS and product usage data.

SEE HOW AUTH WORKS

CSMs authorize Gainsight once. Their OAuth token stays vaulted, every call is scoped to their permissions, and every action is logged.

1

Authorize

Your user connects

Gainsight

once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access

Who:

user ‘A’

when:

Once per user

access:

Limited to user

2

Store

Their

Gainsight

token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection

vault:

encrypted

scope:

per-user

tokens:

auto-refreshed

3

Resolve

When your agent calls a

Gainsight

tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs

speed:

~40ms

check:

before every call

seen by:

nobody

4

Audit

Every

Gainsight

tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it

history:

90 days

export:

SIEM-ready

logged:

every call

Test other agents

Same per-user auth pattern across other customer success and CRM connectors.

No items found.

Why Scalekit

Secure your agent's access. Connectors ship in minutes

One auth pattern for every CS tool. Gainsight today, Salesforce and Intercom tomorrow.

01.

Shared tokens break per-user analytics

A shared token looks fine in a demo. In production every call looks like a service account. Scalekit resolves the real user credential so attribution, audit, and scope stay accurate.

// shared token
 audit → bot_service_account
 user_filter → broken

 // scalekit
 audit → user_abc
 scope → enforced ✓

02.

Authentication is not authorization

03.

Multi-tenancy is architectural

04.

Gainsight today. Others tomorrow.

“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”

Venu Madhav Kattagoni

Head of Engineering / Von

FAQs

Frequently Asked Questions

Does the agent access Gainsight as the CSM or a shared service account?

As the CSM. Each customer success manager authorizes once via OAuth and Scalekit resolves their credential at request time. Activities logged by the agent appear under that CSM's identity in Gainsight, not a bot account.

Where is the Gainsight OAuth token stored?

In Scalekit's AES-256 token vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM context.

Can I restrict the agent to read-only Gainsight access?

Yes. Pass a tool name filter to listScopedTools to allow health score reads and CTA queries but block timeline writes or success plan updates for specific users.

What happens when a CSM revokes Gainsight access?

The connection is invalidated on the next tool call for that user. Subsequent requests fail closed with a clear error. Other CSMs in the tenant remain unaffected. The event is logged.

Can the CS agent combine Gainsight data with Salesforce or Slack in one workflow?

Yes. A single agent can pull health scores from Gainsight and push a Slack alert or Salesforce activity in the same workflow. Each connector resolves under the same user identity with its own vaulted credential.

Gainsight

Tools your CS agent reaches for on Gainsight, scoped per CSM.