Best MCP Server for Attio in 2026

If you need to connect Claude, ChatGPT, or a custom agent to Attio CRM over MCP (Model Context Protocol), the honest answer in 2026 splits three ways—just as we've seen when evaluating the best MCP servers for Slack and Fathom. Use Attio's own hosted MCP if you want the shortest path to a single workspace in Claude or ChatGPT. Use kesslerio/attio-mcp-server if you want full self-hosted control and you're comfortable owning Cloudflare Workers, OAuth, and secret storage. Use Truto if you're shipping a production B2B product where Attio is one integration among many and you need scoped tools, managed auth, and fewer integration fires to fight.

At a glance:

• Best for production B2B SaaS: Truto — managed auth, scoped MCP servers, 250+ integrations
• Best for single-workspace power users: kesslerio/attio-mcp (open source) — full Attio surface coverage, 14 universal tools
• Best for quick personal use: Attio's hosted MCP — zero infrastructure, direct OAuth, maintained by Attio

Why Attio and MCP Pair Well in 2026

Attio is no longer a niche CRM somebody installed because they were tired of Salesforce. In its August 2025 Series B announcement, Attio disclosed $52 million in new funding led by GV (Google Ventures), with 5,000 paying customers including AI-native companies like Lovable, Granola, Modal, and Replicate. Third-party trackers list total funding as high as $141 million depending on how they count rounds and prior financing. Either way, the signal is clear: Attio is important enough that teams want real agent access, not toy demos.

What makes Attio interesting for AI agents isn't just the funding trajectory. Unlike traditional CRMs designed for manual workflows and later retrofitted with AI, Attio's data model is composable from the ground up. Instead of locking you into pre-defined objects like "Contacts," "Companies," and "Deals," Attio provides a flexible foundation where you define your own data structures and the relationships between them. A VC firm might have a "Fund Entity" object, while an agency has a "Brand Campaign" object.

That flexibility is exactly what makes CRM-to-agent integration tricky. Custom objects, user-defined attributes, and many-to-many relationships mean you can't just hard-code a list of endpoints and call it done. The MCP server you choose needs to handle Attio's dynamic schema, not just its standard objects.

And the API itself has teeth. Attio rate limits at 100 read requests per second and 25 write requests per second, with additional score-based limits on list queries. None of that is unusual. All of it becomes your problem the moment an agent fans out searches, retries writes, or guesses the wrong identifier shape.

The Open-Source Route: kesslerio/attio-mcp

The most popular open-source option is kesslerio/attio-mcp-server on GitHub. It's well-maintained, actively developed, and has genuine production ambitions.

What it gets right:

The server achieves a 68% tool reduction by consolidating 40+ resource-specific tools into 14 universal operations. In total, it exposes 35 tools by default (21 universal, 11 list, and 3 workspace member tools), covering Deals, Tasks, Lists, People, Companies, Records, and Notes — the full Attio surface area. Every tool publishes MCP safety annotations (readOnlyHint, destructiveHint) so clients like OpenAI's Developer Mode can auto-approve reads and request confirmation for writes. That's a thoughtful security detail many community MCP servers skip.

Attio's architecture relies heavily on custom objects rather than fixed standard objects. The open-source server handles this by dynamically querying the workspace schema, which is technically impressive but adds complexity to the LLM's context window.

Local setup is straightforward:

{
  "mcpServers": {
    "attio": {
      "command": "npx",
      "args": ["attio-mcp"],
      "env": {
        "ATTIO_API_KEY": "your_api_key_here"
      }
    }
  }
}

Where it gets painful:

The local npx setup works for Claude Desktop and Cursor on your laptop. The moment you need remote access — ChatGPT, a web-based agent, a multi-user team — you're looking at a different project entirely.

For remote access, you need to deploy the server on Cloudflare Workers with full OAuth 2.1 support. That means setting up KV namespaces, configuring Wrangler secrets for ATTIO_CLIENT_ID, ATTIO_CLIENT_SECRET, and TOKEN_ENCRYPTION_KEY, then deploying and managing the Worker yourself. For a solo developer, that's an afternoon. For a B2B product serving multiple tenants, each with their own Attio workspace, it becomes a full infrastructure project.

The raw API key model also has limits. In a multi-tenant scenario, you'd need to manage one API key per customer workspace, handle rotation, and build your own auth layer on top. Nobody ships production software with raw API keys in environment variables.

You also own uptime, rate limit handling (Attio throws HTTP 429 errors when you exceed thresholds), schema updates when Attio changes its API, and enough memory and timeout allowance for multi-step schema lookups before returning data to the LLM. The repo itself notes that parts of the universal-tool documentation are still being updated to match the implementation. That's normal open-source reality, but it isn't where you want to be discovering edge cases during a customer demo.

Attio's Own Hosted MCP Server

Attio recently launched their own hosted MCP server at mcp.attio.com. It gives AI tools secure access to your Attio workspace and works with popular assistants like Claude, ChatGPT, and Cursor. Setup is straightforward: OAuth authentication, natural language CRM management, and full workspace access where AI tools can search, read, create, and update records. Read operations are auto-approved while write operations request confirmation — a sane default for human-in-the-loop assistant use.

The upside: zero infrastructure, direct OAuth, and it's maintained by Attio themselves. The downside: it only covers Attio. If your product also needs to talk to Salesforce, HubSpot, Jira, or Slack — and most B2B products eventually do — you're managing separate MCP servers for each vendor. That's a different kind of sprawl.

The Managed Route: Truto's Attio MCP Server

Production AI features require infrastructure that scales without constant babysitting. Truto supports over 250 integrations, including Attio, and exposes them as fully managed MCP servers. No Cloudflare Workers to deploy, no Node.js servers to monitor, no raw API keys to juggle.

Here's the architecture: Truto models every integration (Attio included) as a set of resources and methods. Each resource maps to an API endpoint. Each method (list, get, create, update, delete, or custom) gets a human-readable description and a JSON Schema definition. When you create an MCP server for a connected Attio account (in the Truto UI or via the API), Truto dynamically generates tools from those resource definitions. A tool only appears if it has documentation — that's a deliberate quality gate. And because the proxy layer is a 1-to-1 mapping of the Attio API, your agent retains Attio-specific fields and operations instead of being flattened into a lowest-common-denominator CRM model.

graph TD
    A[AI Agent / Claude / ChatGPT] -->|JSON-RPC 2.0| B(Truto Managed MCP Server)
    B -->|Validates Token & Filters| C{Proxy API Layer}
    C -->|Handles Pagination & OAuth| D[Attio REST API]
    
    classDef truto fill:#f9f9f9,stroke:#333,stroke-width:2px;
    class B,C truto;

What this actually buys you:

Built-in Auth & Token Management. Truto completely abstracts the Attio OAuth lifecycle. When you create a managed MCP server (in the UI or via the API), it's cryptographically scoped to a specific integrated account. The server URL contains a hashed token that authenticates the request and automatically applies the correct, freshly-refreshed Attio OAuth credentials. If a token expires, Truto refreshes it in the background. Your MCP client never sees raw Attio credentials.

Dynamic Tool Filtering for Security. Giving an LLM unrestricted write access to a CRM is a massive security risk. Truto lets you apply dynamic tool filtering when creating the MCP server (in the UI or via the API). You can restrict the server to specific methods (e.g., methods: ["read"]) or filter by tags. For example, if you tag Attio's notes and tasks resources with ["productivity"] and companies with ["crm"], you can spin up an MCP server specifically for a productivity-focused agent by passing tags: ["productivity"]. The server simply omits any tools that don't match. That's one line of config, not a custom middleware layer. Read more about understanding MCP server security risks.

Conditional API Token Auth. By default, an MCP server URL acts as a bearer token. For enterprise deployments, Truto supports conditional API token authentication (require_api_token_auth: true). When enabled, the MCP client must pass a valid Truto API token in the Authorization header alongside the URL. If the URL leaks in a log file, it's completely useless without the secondary API token.

Time-Limited Servers. Need to give a contractor Attio access for a week? Create an MCP server (in the UI or via the API) with expires_at set to a future date. It auto-cleans up when the time runs out — at the KV level, not just a soft flag.

Automatic Pagination Handling. LLMs are notoriously bad at managing complex pagination cursors. When Truto generates a list tool for Attio, it automatically injects limit and next_cursor properties into the JSON schema. The description explicitly instructs the LLM to pass the exact cursor value back unchanged on subsequent calls, while Truto's Proxy API handles the actual cursor translation with Attio's native endpoints.

How to Connect Attio to Claude and ChatGPT via Truto

Implementing a managed MCP server for Claude or ChatGPT takes minutes, not days. The safest default is a read-only Attio MCP server first. Add write tools only after you inspect real traces.

Step 1: Connect the Attio Account

Route your user through Truto's hosted authentication link. They log in to Attio and authorize your OAuth application. Attio themselves recommend OAuth 2.0 for multi-workspace apps and reserve API keys for single-workspace access. Once complete, Truto stores the credentials and generates an integrated_account_id.

Step 2: Generate the MCP Server URL

You can create the MCP server in the Truto UI (open the connected Attio account and use the create-MCP-server option) or from your backend with a single API call. Either way, this is where you enforce your security boundaries (method filters, tags, expiration).

// POST https://api.truto.one/integrated-account/{integrated_account_id}/mcp
const response = await fetch(`https://api.truto.one/integrated-account/${accountId}/mcp`, {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${TRUTO_API_KEY}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    name: "Attio Read-Only Assistant",
    config: {
      methods: ["read"], // Restrict to GET and LIST operations
      tags: ["crm"]
    },
    expires_at: "2026-12-31T23:59:59Z" // Optional TTL
  })
});
 
const mcpServer = await response.json();
console.log(mcpServer.url); // https://api.truto.one/mcp/a1b2c3d4e5f6...

The returned URL (from the UI or the API response) is fully self-contained. It points directly to the hosted JSON-RPC endpoint. Start with methods: ["read"] — you can always widen later.

Step 3: Connect to the LLM Client

For Claude:

1. Open Claude Settings → Connectors → Add custom connector.
2. Paste the Truto MCP URL (from the dashboard or API) and click Add.
3. Claude discovers the filtered Attio tools automatically via the MCP protocol. No JSON config files, no npx, no local processes.

Remote MCP connectors are available on Claude and Claude Desktop for Pro, Max, Team, and Enterprise plans.

For ChatGPT:

1. Open Settings → Apps → Advanced settings.
2. Enable Developer mode.
3. Under Custom connectors, add a new server. Name it "Attio CRM" and paste the Truto URL.
4. Read our full guide to bringing custom connectors to ChatGPT for a longer walkthrough.

ChatGPT Developer Mode on web supports remote MCP apps over SSE or streaming HTTP. Availability spans Pro, Plus, Business, Enterprise, and Education plans, though admin controls vary by workspace.

See it in action. The walkthrough below shows creating both Fathom and Attio MCP servers in the Truto dashboard, connecting them to Claude, and syncing meeting summaries and action items into Attio as CRM updates — all without leaving the UI.

Plugging Attio into Custom Agentic Frameworks

If you're building a custom AI agent using frameworks like LangChain, LangGraph, or the Vercel AI SDK, you have two paths. If your framework supports remote MCP natively, hand it the Truto MCP URL and let the host manage tool discovery. If you want explicit control over tool registration and orchestration, Truto exposes the same tool definitions via a REST endpoint:

GET https://api.truto.one/integrated-account/{id}/tools?methods[0]=read
Authorization: Bearer <TRUTO_API_KEY>

The response provides an array of ready-to-use proxy APIs formatted as LLM tools. Each tool includes a generated snake_case name (e.g., list_all_attio_companies), a human-readable description, and strictly typed JSON schemas for both query parameters and request bodies.

{
  name: "list_all_attio_contacts",
  description: "List all contacts in Attio. Returns contact records with...",
  query_schema: {
    type: "object",
    properties: {
      limit: { type: "string", description: "The number of records to fetch" },
      next_cursor: { type: "string", description: "Cursor for pagination" }
    }
  },
  body_schema: {},
  method: "list",
  resource: "contacts",
  tags: ["crm"]
}

The Truto LangChain.js toolset SDK consumes this endpoint and registers tools directly in your LangChain agent.

Truto extracts required: true flags from the integration's documentation records and formats them into a standard JSON Schema required array. This ensures the LLM knows exactly which fields are mandatory (e.g., an Attio company name) before attempting a POST request, drastically reducing API validation errors.

Because these tools execute through Truto's Proxy API layer, they benefit from the exact same infrastructure as the MCP server: automatic token refreshes, rate limit handling, and unified error parsing. If Attio returns an HTTP 429 Too Many Requests error, Truto catches it and formats it cleanly for the LLM to understand and retry.

Tool descriptions and schemas update in real-time when you edit them in the Truto integration UI. No redeployment needed. You write your agent's tool-calling logic once against Truto's tool format, and it works for Attio today, HubSpot tomorrow, and Salesforce next week. The tool interface stays the same — the underlying API translation is Truto's problem.

Head-to-Head Comparison

Stop Babysitting CRM Integrations

Here's the blunt version. The best MCP server for Attio depends on the size of your problem.

If you want the shortest path to one Attio workspace in Claude or ChatGPT, use Attio's own hosted MCP. If you want inspectable code and full self-hosted control, use kesslerio's server — it's genuinely well-engineered, covers Attio's full API surface, and is actively maintained. Accept the Cloudflare Worker, OAuth, and secret-management tax that comes with it.

If you're building a product — something that connects to your customers' Attio workspaces, or needs Attio alongside other CRMs, ticketing systems, or communication tools — the self-hosted path turns into a permanent side project. You'll be managing Cloudflare Workers, rotating API keys, building OAuth consent flows, and debugging rate limits instead of building your actual product.

Truto's managed MCP gives you a single URL per connected account, dynamic tool generation, method-level access control, expiring servers for temporary access, and a second auth layer for enterprise security. And when your next customer asks for HubSpot or Salesforce, you don't start from scratch — you connect another account and get another URL.

The mistake I see teams make is spending weeks arguing about MCP protocol details while ignoring the operational mess around them. The protocol is the easy part. The headaches are auth lifecycles, rate limits, customer tenancy, write safety, and the fact that vendor docs never cover the weird path your biggest customer takes on day two.

Pick the option that matches the blast radius. The integration layer should be invisible. If yours isn't, something's wrong.