Obtain OAuth 2.0 client credentials and a tenant-specific API key from your UKG Pro account; both are required for authentication.
Acquire a Bearer token via the OAuth 2.0 client credentials flow against the UKG token endpoint.
Include both Authorization: Bearer <token> and US-API-Key: <api_key> headers on every API request — both headers are required simultaneously.
Call GET /personnel/v1/employee-ids to retrieve a list of internal employee UUIDs for the tenant.
For each employee UUID, call GET /personnel/v1/employees/{employeeId} to retrieve the full employee profile; use additional Personnel endpoints such as /compensation-details and /person-details for supplementary data.
Known gotchas
Both the Bearer token and the US-API-Key header must be present on every request — omitting either one results in authentication failure even if the other is valid.
The Personnel API returns UUIDs from the employee-ids endpoint, not directly usable employee numbers; a second call per employee is necessary to retrieve profile data.
UKG Pro API v1 was announced for deprecation — check the developer portal for the current supported version and migrate before the deprecation date to avoid service interruption.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp