Connect ComplyCube to ChatGPT: Automate KYC and AML Risk Screening
Learn how to connect ComplyCube to ChatGPT using a managed MCP server. Automate KYC workflows, analyze AML risk profiles, and execute compliance checks.
If you need to automate KYC onboarding, execute AML checks, or audit identity verification logs, you need to connect ComplyCube to ChatGPT. You can either build and maintain custom integration infrastructure yourself, or use a managed platform like Truto to dynamically generate a Model Context Protocol (MCP) server. If your team uses Claude, check out our guide on connecting ComplyCube to Claude or explore our broader architectural overview on connecting ComplyCube to AI Agents.
Giving a Large Language Model (LLM) read and write access to a sprawling compliance and identity verification platform is a massive engineering undertaking. You are dealing with strict PII requirements, multi-step relational data models, and complex document handling endpoints. This guide breaks down exactly how to use Truto to generate a secure, managed MCP server for ComplyCube, connect it natively to ChatGPT, and execute complex risk screening workflows using natural language.
The Engineering Reality of the ComplyCube API
A custom MCP server is a self-hosted integration layer that translates an LLM's tool calls into REST API requests. While the MCP standard provides a predictable way for models to discover capabilities, implementing it against vendor APIs requires managing the entire integration lifecycle.
If you decide to build a custom MCP server for ComplyCube, you must handle the API's specific domain logic. You are not just writing standard CRUD wrappers; you are navigating a highly relational architecture designed around asynchronous identity checks.
Here are the specific engineering challenges that break standard integration assumptions when working with ComplyCube:
Relational Dependency Chains
An AI agent cannot simply "run a background check" in a single API call. The ComplyCube API enforces a strict relational hierarchy. First, you must create a Client. Then, you must attach a Document or a Live Photo to that Client. Only after the supporting artifacts exist can you create a Check against those specific resource IDs. If your MCP server does not expose these underlying schemas perfectly, the LLM will hallucinate the required IDs, attempt to run checks on non-existent documents, and fail.
Binary File Constraints and Multipart Uploads
Uploading passports or identity cards requires precise handling. The ComplyCube API demands that images are sent via multipart/form-data. The files must be strictly JPG, PNG, or PDF, and they must fall between 34 KB and 4 MB in size. If an LLM attempts to pass a base64 encoded string to a standard JSON body, the API will reject it. Your infrastructure must handle the translation between the LLM's text output and the multipart format expected by the upstream endpoints.
Destructive Redaction vs Standard Deletion
In compliance contexts, deleting a record is rarely as simple as an HTTP DELETE request. ComplyCube utilizes specialized redaction endpoints (e.g., comply_cube_checks_redact). This process removes the sensitive PII from the record while maintaining the underlying audit log for compliance purposes. Your MCP tools must differentiate between destructive deletes and compliant redactions, exposing the correct schemas for both.
Rate Limits and 429 Errors
ComplyCube rate limits API requests to protect system stability. If your AI agent gets caught in a loop querying hundreds of risk profiles, the API will return a 429 Too Many Requests error. Truto does not retry, throttle, or apply automatic backoff on rate limit errors. Instead, Truto normalizes upstream rate limit info into standardized headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset) per the IETF specification. When ComplyCube returns an HTTP 429, Truto passes that exact error back to ChatGPT. Your orchestration logic or the LLM itself is completely responsible for reading the reset window and executing the retry.
The Managed MCP Approach
Instead of forcing your engineering team to build, host, and maintain a custom Node.js or Python MCP server, Truto dynamically generates one for you, as part of our platform's ability to bring 100+ custom connectors to ChatGPT.
When you authenticate a ComplyCube account through Truto, the platform reads the integration's resource definitions and automatically derives the corresponding MCP tools. These tools are served over a secure JSON-RPC 2.0 endpoint that any MCP client can consume. There is no manual schema mapping, no token refresh logic to write, and no infrastructure to deploy.
Method 1: Creating the MCP Server via the Truto UI
The fastest way to generate an MCP server is through the dashboard.
- Navigate to the Integrated Accounts page for your connected ComplyCube instance.
- Click the MCP Servers tab.
- Click Create MCP Server.
- Select your desired configuration (name, allowed methods, tags, and expiry).
- Copy the generated MCP server URL. This URL contains the cryptographic token required for authentication.
Method 2: Creating the MCP Server via the API
For teams building automated onboarding or dynamic agent provisioning, you can generate MCP servers programmatically. Send a POST request to the /integrated-account/:id/mcp endpoint.
curl -X POST https://api.truto.one/integrated-account/YOUR_ACCOUNT_ID/mcp \
-H "Authorization: Bearer YOUR_TRUTO_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "ComplyCube Risk Analysis Agent",
"config": {
"methods": ["read", "custom"],
"tags": ["kyc", "reporting"]
},
"expires_at": "2026-12-31T23:59:59Z"
}'The API returns a database record containing the newly minted server URL. The token in this URL is cryptographically hashed via HMAC before being stored in a distributed key-value store, ensuring rapid reverse lookups without exposing raw credentials.
{
"id": "mcp_abc123",
"name": "ComplyCube Risk Analysis Agent",
"config": {
"methods": ["read", "custom"],
"tags": ["kyc", "reporting"]
},
"expires_at": "2026-12-31T23:59:59.000Z",
"url": "https://api.truto.one/mcp/tkn_789xyz..."
}Connecting the MCP Server to ChatGPT
Once you have your Truto MCP URL, you must connect it to your LLM interface.
Option A: Connecting via the ChatGPT UI
If you are using ChatGPT Enterprise, Pro, or Plus, you can connect the server directly in the browser.
- In ChatGPT, navigate to Settings > Apps > Advanced settings.
- Enable Developer mode.
- Under the custom connectors section, click to add a new server.
- Name: "ComplyCube Compliance Agent"
- Server URL: Paste the Truto MCP URL.
- Click Save.
ChatGPT will perform the MCP handshake, validate the JSON-RPC 2.0 endpoint, and ingest the tool descriptions and schemas. The tools are immediately available in your prompt context.
Option B: Connecting via Manual Configuration (Custom AI Apps)
If you are integrating this into a custom agentic framework or a local development environment, you can use the official @modelcontextprotocol/server-sse transport package. Since Truto exposes an SSE (Server-Sent Events) compliant endpoint, the configuration is straightforward.
{
"mcpServers": {
"complycube": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/server-sse",
"--url",
"https://api.truto.one/mcp/tkn_789xyz..."
]
}
}
}ComplyCube Hero Tools
When the LLM connects to the MCP server, Truto dynamically generates the tool definitions from the integration's documentation records. The query parameters and request bodies share a flat input namespace, which Truto intelligently routes to the upstream API.
Here are the highest-leverage tools available for your ComplyCube agent.
comply_cube_clients_get_risk_profile
Retrieves the comprehensive risk profile for a specific client, aggregating country risk, political exposure (PEP), and global watchlist data.
Usage note: This tool is essential for automated triage. Agents should call this immediately after an onboarding event to determine if manual review is required based on the overallRisk score.
"Fetch the risk profile for client ID 'c_555444'. If the politicalExposureRisk or watchlistRisk is flagged as high, draft a summary of the risk factors for the compliance team."
create_a_comply_cube_check
Initiates a new compliance check against a specific client. This can trigger standard identity verification, extensive screening, or document validation.
Usage note: You must pass the clientId and the specific type of check (e.g., standard_screening_check). The agent will receive a pending status and must query the check later to retrieve the final result.
"Initiate a standard screening check for the newly created client ID 'c_999888'. Let me know what the initial status of the check is."
comply_cube_checks_validate
Allows human-in-the-loop workflows or AI agents to explicitly validate and finalize the outcome of a pending or flagged check.
Usage note: Requires the check_id and the explicit outcome string. This is typically used when an automated check returns a "review" status, and the agent determines the flag was a false positive.
"Update the outcome of check ID 'chk_111222' to 'clear'. It was flagged for a minor address mismatch, but the utility bill matches the stated residence."
comply_cube_reports_generate_client_report
Generates a comprehensive PDF audit report for a specific client, containing all historical checks, documents, and risk profiles.
Usage note: The API returns the PDF as a base64-encoded string in the data parameter. The agent can decode this or pass it to downstream reporting systems.
"Generate a full client report for client ID 'c_333222'. Extract the base64 data and let me know when the report generation is complete."
comply_cube_documents_upload_image
Uploads an image attachment (front or back of an ID) to a specific document record within ComplyCube.
Usage note: Requires the document_id, the side (e.g., front or back), a fileName, and the binary data. The agent must ensure the file is under the 4 MB limit before attempting the upload.
"Attach the provided passport scan as the front image for document ID 'doc_777888'. Ensure the file name is 'passport_front.jpg'."
comply_cube_workflow_sessions_complete
Forces a workflow session to complete, instantly triggering all configured verification checks associated with that session template.
Usage note: Useful for bypass testing or forcing an immediate resolution on a session that is stuck in a 'started' state waiting for user input.
"The user has uploaded all required documents via the portal. Trigger completion on workflow session ID 'ws_444555' so the background checks begin running."
To view the complete inventory of available resources, schemas, and custom methods, visit the ComplyCube integration page.
Workflows in Action
Connecting ChatGPT to ComplyCube unlocks autonomous compliance operations. By chaining multiple tools together, the LLM can resolve complex investigations without human intervention. Here are two real-world scenarios.
Scenario 1: Automated KYC Alert Triage
When a high-volume onboarding pipeline flags a new user, compliance analysts waste hours manually reviewing standard false positives. An AI agent can automatically investigate the alert, retrieve the risk profile, and summarize the findings.
"A new user onboarding just flagged in the system. Get the risk profile for client ID 'c_909090'. If the risk is elevated due to a watchlist hit, fetch their most recent checks and summarize the exact reason for the failure. Do not validate the check; just prepare the brief."
sequenceDiagram
participant User as User Prompt
participant GPT as ChatGPT
participant Truto as Truto MCP
participant CC as ComplyCube API
User->>GPT: "Get risk profile for c_909090..."
GPT->>Truto: call tool: comply_cube_clients_get_risk_profile (c_909090)
Truto->>CC: GET /clients/c_909090/risk-profile
CC-->>Truto: { overallRisk: "high", watchlistRisk: "match" }
Truto-->>GPT: Return JSON profile
GPT->>Truto: call tool: list_all_comply_cube_checks (clientId: c_909090)
Truto->>CC: GET /clients/c_909090/checks
CC-->>Truto: [ { id: "chk_123", type: "standard", status: "failed" } ]
Truto-->>GPT: Return list of checks
GPT->>User: "The client is flagged as high risk due to a watchlist match. Check chk_123 failed against the PEP database..."What happens:
- The agent calls
comply_cube_clients_get_risk_profileto assess the overall threat level. - Upon seeing the
watchlistRiskflag, the agent callslist_all_comply_cube_checksfiltering by the client ID. - The agent reads the failure reason from the check results and synthesizes a concise, actionable brief for the compliance officer.
Scenario 2: Generating Audit Evidence for Corporate Clients
During a regulatory audit, compliance teams must rapidly produce evidence of KYC checks for hundreds of accounts. The AI agent can fully automate the extraction and report generation process.
"We have an audit request for Acme Corp. Search our company lookups for 'Acme Corp' in the UK. Find their associated client ID, generate a full PDF client report, and list out the active workflow sessions tied to that account."
sequenceDiagram
participant User as User Prompt
participant GPT as ChatGPT
participant Truto as Truto MCP
participant CC as ComplyCube API
User->>GPT: "Search company lookups for Acme Corp..."
GPT->>Truto: call tool: list_all_comply_cube_company_lookup (companyName: "Acme Corp", country: "GB")
Truto->>CC: GET /company-lookups?companyName=Acme+Corp&incorporationCountry=GB
CC-->>Truto: { id: "c_456456", name: "Acme Corp" }
Truto-->>GPT: Return company record
GPT->>Truto: call tool: comply_cube_reports_generate_client_report (clientId: c_456456)
Truto->>CC: POST /clients/c_456456/reports
CC-->>Truto: { data: "JVBERi0x...", contentType: "application/pdf" }
Truto-->>GPT: Return base64 PDF data
GPT->>User: "Found Acme Corp (c_456456). The client report has been generated. Here is the status of their active workflow sessions..."What happens:
- The agent searches for the entity using
list_all_comply_cube_company_lookupto resolve the string name into a concrete ID. - Using the resolved ID, the agent triggers
comply_cube_reports_generate_client_reportto create the immutable audit artifact. - The agent queries
list_all_comply_cube_workflow_sessionsto verify if any secondary onboarding steps are still pending, providing the user with a complete picture of the account's compliance state.
Security and Access Control
Exposing a compliance system to an LLM requires strict boundary enforcement. Truto provides four distinct layers of security at the MCP token level, which is essential when handling auth and tool sharing in multi-agent frameworks via MCP.
- Method Filtering: You can restrict a server to specific operations via
config.methods. Passing["read"]ensures the agent can only executeGETandLISTrequests, preventing it from accidentally creating new checks, updating client records, or deleting evidence. - Tag Filtering: Limit the surface area by specifying
config.tags. For example, settingtags: ["reporting"]restricts the LLM to only discovering tools related to report generation, completely hiding the underlying KYC verification endpoints. - API Token Authentication: By default, the MCP URL acts as a bearer token. For higher security environments, setting
require_api_token_auth: trueforces the client to also provide a valid Truto API token in theAuthorizationheader. This ensures that a leaked MCP URL cannot be exploited by unauthorized external actors. - Automated Expiration: For temporary audit tasks or contract worker access, set an
expires_attimestamp. Truto utilizes an automated expiry scheduler to completely destroy the token and its associated capabilities at the exact specified time, leaving no stale access vectors.
Orchestrating Compliance at Scale
Writing custom integration code to handle ComplyCube's multipart image uploads, relational dependencies, and continuous monitoring webhooks takes weeks of engineering effort. Maintaining those schemas as the API evolves is a perpetual tax on your development team.
By deploying a managed MCP server via Truto, you bypass the boilerplate entirely. Your AI agents gain immediate, schema-aware access to the ComplyCube API, complete with cursor pagination, standardized error handling, and robust access controls. You stop writing custom API wrappers and start shipping autonomous compliance workflows.
FAQ
- How do I handle rate limits when connecting ComplyCube to ChatGPT?
- Truto passes HTTP 429 Too Many Requests errors directly from ComplyCube to the caller, normalizing the upstream rate limit data into standard IETF headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset). The AI agent or orchestration layer is responsible for reading these headers and executing its own backoff and retry logic.
- Can I restrict the ChatGPT integration to read-only access?
- Yes. When generating the MCP server token via Truto, you can pass method filters like config: { methods: ["read"] }. This ensures the server only exposes GET and LIST operations, preventing the LLM from inadvertently creating or deleting clients.
- Does Truto store the PII or compliance documents passed through the MCP server?
- No. Truto operates as a stateless proxy for tool execution. API payloads, including sensitive identity documents and live photos, are passed directly to the ComplyCube API. Truto does not cache or retain the underlying PII.
- How do I connect the MCP server to ChatGPT Enterprise?
- In the ChatGPT interface, navigate to Settings > Apps > Advanced settings. Enable Developer mode, click Add a custom connector, and paste your generated Truto MCP URL. ChatGPT will automatically discover and register the ComplyCube tools.