Connect Ironclad to ChatGPT: Automate Workflows and Manage Access

If you need to connect Ironclad to ChatGPT to automate contract generation, audit legal compliance, or manage user access, you need a Model Context Protocol (MCP) server. This server acts as the translation layer between ChatGPT's tool calls and Ironclad's REST APIs. If your team uses Claude instead, check out our guide on connecting Ironclad to Claude or explore our broader architectural overview on connecting Ironclad to AI Agents.

Giving a Large Language Model (LLM) read and write access to your legal source of truth is a significant engineering challenge. You either spend weeks building, hosting, and maintaining a custom MCP server to handle OAuth flows and schema validation, or you use a managed infrastructure layer that handles the boilerplate for you. This guide breaks down exactly how to use Truto to generate a secure, managed MCP server for Ironclad, connect it natively to ChatGPT, and execute complex legal operations using natural language.

The Engineering Reality of the Ironclad API

A custom MCP server is a self-hosted integration layer. While the open MCP standard provides a predictable way for models to discover tools, implementing it against enterprise vendor APIs is rarely straightforward. If you decide to build a custom MCP server for Ironclad, you own the entire API lifecycle. Here are the specific integration challenges that break standard CRUD assumptions when working with Ironclad:

Dynamic Workflow Schemas Unlike a standard CRM where a "Contact" has fixed fields, Ironclad workflows are generated from highly customizable templates. You cannot hardcode a single JSON schema for an NDA and expect it to work for a Master Services Agreement. Before an LLM can create a contract, it must first query the Ironclad API to fetch the specific launch form schema for that template, parse the required custom fields, and dynamically construct the submission payload. If your MCP server cannot map dynamic schemas into tool definitions in real time, the LLM will hallucinate field names and the API request will fail.

Asynchronous Workflow Execution When you launch an Ironclad workflow via the API, the system does not immediately return a finalized contract. The create operation is asynchronous. The API responds with a workflow ID and an initial state. Your AI agent needs specific instructions to understand that the workflow is pending, and it must subsequently poll the workflow ID to track status changes. If your server treats the 202 Accepted response as a final completion state, the agent will incorrectly inform the user that the contract is fully processed.

Strict Rate Limits and Backoff Engineering Enterprise platforms enforce rigorous rate limiting, and Ironclad is no exception. A critical architectural detail to understand when using Truto is that Truto does not absorb, retry, or apply exponential backoff on rate limit errors. When the upstream Ironclad API returns an HTTP 429 Too Many Requests, Truto passes that error directly to the caller. Truto normalizes the upstream rate limit information into standardized IETF headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset). The caller - whether that is ChatGPT or a custom agent framework - is strictly responsible for inspecting these headers and executing the retry logic.

Generating the Managed Ironclad MCP Server

Instead of writing and deploying middleware, Truto allows you to generate a secure, self-contained MCP server derived directly from the active Ironclad connection. Truto dynamically constructs the available tools based on the API's documentation and schema definitions.

You can generate the MCP server in two ways.

Method 1: Via the Truto UI

For teams that prefer a visual interface, you can provision an MCP server directly from the dashboard.

1. Navigate to the Integrated Accounts page and select your active Ironclad connection.
2. Click the MCP Servers tab.
3. Click Create MCP Server.
4. Configure the server constraints (e.g., set the server to "Read Only" or apply specific tags like "SCIM").
5. Click Save and copy the generated MCP server URL. This URL contains a cryptographic token that securely maps to this specific Ironclad tenant.

Method 2: Via the API

For platform teams embedding AI capabilities into their own applications, you can provision MCP servers programmatically.

Send an authenticated POST request to the Truto API. This validates that the integration has tools available, generates a secure token, provisions the necessary infrastructure state, and returns a ready-to-use URL.

curl -X POST https://api.truto.one/integrated-account/{integrated_account_id}/mcp \
  -H "Authorization: Bearer YOUR_TRUTO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Ironclad Legal Ops Agent",
    "config": {
      "methods": ["read", "write"],
      "tags": ["workflows", "users"]
    },
    "expires_at": "2026-12-31T23:59:59Z"
  }'

The response will contain the url required by the MCP client:

{
  "id": "mcp_8a9b0c1d2e",
  "name": "Ironclad Legal Ops Agent",
  "config": { "methods": ["read", "write"], "tags": ["workflows", "users"] },
  "expires_at": "2026-12-31T23:59:59Z",
  "url": "https://api.truto.one/mcp/xyz789securetoken..."
}

Connecting the MCP Server to ChatGPT

Once you have the Truto MCP URL, you can connect it to your LLM framework of choice. Because the MCP server is fully self-contained, the URL alone is enough to authenticate and serve tools, with no additional configuration needed.

Method A: Via the ChatGPT UI

If you are using ChatGPT Enterprise, Pro, or Team tiers, you can add the server directly into the interface.

1. Open ChatGPT and navigate to Settings -> Apps -> Advanced settings.
2. Enable Developer Mode (MCP support is currently governed by this toggle).
3. Under MCP servers / Custom connectors, click Add new server.
4. Enter a descriptive name like "Ironclad (Truto)".
5. Paste the Truto MCP URL into the Server URL field and click Save.

ChatGPT will perform a protocol handshake, pull down the available capabilities, and immediately register the Ironclad API operations as callable tools.

Method B: Via Manual Configuration File

If you are building custom agents using frameworks like LangChain, AutoGen, or the Claude Desktop app, you can connect via a configuration file using Server-Sent Events (SSE).

Create or update your mcp-config.json file:

{
  "mcpServers": {
    "ironclad-truto": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-sse",
        "--url",
        "https://api.truto.one/mcp/xyz789securetoken..."
      ]
    }
  }
}

This instructs the framework to proxy the JSON-RPC commands securely to Truto's managed endpoints.

Hero Tools for Ironclad Automation

Truto exposes the entirety of the Ironclad API as tools, but certain operations are particularly powerful for AI-driven automation. Here are the core hero tools your agent will rely on.

list_all_ironclad_workflow_schemas

Before launching a contract, the LLM must understand what fields the specific template requires. This tool returns the schema definition for the launch form.

"Fetch the workflow schema for the 'Standard Mutual NDA' template so I know exactly what fields I need to provide to launch it."

create_a_ironclad_async_workflow

Executes the creation of a new workflow asynchronously. Because this method operates in a non-blocking capacity, it is ideal for workflows requiring file attachments or complex external system lookups.

"Using the schema we just fetched, launch an asynchronous workflow for the Standard Mutual NDA. Set the counterparty name to 'Acme Corp' and the effective date to today."

list_all_ironclad_workflows

Retrieves a filtered list of workflows in the account. This includes deep object data containing the id, title, associated template, current step, and creator information. The response also embeds the structured schema values submitted during the form launch.

"Show me all pending workflows associated with the 'Acme Corp' account that have been stuck in the 'Review' step for more than 3 days."

get_single_ironclad_workflow_by_id

Retrieves the complete data payload for a specific workflow. Because contract states change frequently, the LLM uses this tool to poll for updates after an asynchronous launch.

"Check the status of workflow ID 88a9c0-1234-5678. Has the legal team approved the redlines yet?"

ironclad_workflows_cancel

Cancels a specific workflow in Ironclad. The tool requires a comment object in the request body to ensure proper audit logging of why the contract was terminated.

"Cancel the workflow ID 88a9c0-1234-5678. Add a comment stating 'Contract terms negotiated on an alternative master agreement. Closing this draft.'"

list_all_ironclad_users

Retrieves all users belonging to the organization via SCIM. Essential for auditing who has access to the legal system and verifying user roles.

"Pull a list of all active Ironclad users in the system so I can audit who has administrative privileges."

delete_a_ironclad_user_by_id

Deletes a single user from the Ironclad account. A critical aspect of this API is that successful deletion automatically reassigns all active workflows associated with the deleted user to the default admin group.

"We are offboarding John Doe. Delete his user account from Ironclad using his user ID. The system should automatically reassign his pending NDAs to the admin queue."

For the complete list of endpoints and schema definitions, check out the Ironclad integration page.

Workflows in Action

Access to individual API endpoints is just the foundation. The real value of an MCP server is enabling the LLM to string these tools together into autonomous, multi-step workflows.

Use Case 1: Automated Contract Generation and Status Tracking

Sales representatives frequently need standard contracts executed quickly without leaving their primary chat interface.

"I need to generate a new Vendor Agreement for TechLogix. Find out what fields are required, launch the contract, and let me know when it is ready."

Execution Steps:

1. The agent calls list_all_ironclad_workflow_schemas using "Vendor Agreement" as a search parameter to discover the required JSON payload structure.
2. The agent formats the data (inferring the company name "TechLogix") and calls create_a_ironclad_async_workflow to initialize the contract process.
3. The agent receives a 202 Accepted state with a new workflow ID.
4. The agent waits, then calls get_single_ironclad_workflow_by_id to verify the initial processing is complete, reporting back to the user with a direct link to the newly minted Ironclad draft.

Use Case 2: IT Offboarding and Workflow Reassignment

When employees depart, IT teams must ensure legal access is revoked and no pending contracts stall in the departed employee's queue.

"Sarah Jenkins left the company today. Remove her access from Ironclad and confirm her pending contracts are reassigned."

Execution Steps:

1. The agent calls list_all_ironclad_users and searches for "Sarah Jenkins" to locate her specific SCIM user ID.
2. The agent calls delete_a_ironclad_user_by_id passing the extracted ID.
3. The API executes the deletion and handles the complex business logic of reassigning her pending workflows to the default admin group.
4. The agent reads the success response and informs the IT administrator that the offboarding is complete and legal continuity is preserved.

Security and Access Control

Exposing an enterprise contract management system to an AI model requires strict governance. Truto provides multiple layers of control on the generated MCP server to ensure agents only access what they strictly require.

• Method Filtering: Limit the LLM's blast radius. By passing methods: ["read"] during server creation, you strip out create, update, and delete tools. The LLM simply won't know those endpoints exist, making accidental contract deletion impossible.
• Tag Filtering: Group operations by business function. By restricting the server to tags: ["scim"], the AI can only execute user management tasks, preventing it from reading sensitive workflow data.
• Time-to-Live Expiration: For temporary contractor access or limited-scope AI tasks, set an expires_at timestamp. The server state and authentication tokens are systematically wiped from the infrastructure the moment the timestamp is reached.
• Secondary Authentication: For highly regulated environments, enabling require_api_token_auth mandates that the client passing the JSON-RPC request must also supply a valid Truto API token in the Authorization header. The generated MCP URL alone is no longer sufficient to execute tools.

Deploying Reliable AI Agent Infrastructure

Building AI agents that interact with Ironclad requires more than just formatting prompt instructions. You need infrastructure that translates complex asynchronous API behavior into deterministic tool definitions, enforces strict access control policies, and accurately passes rate limit telemetry back to your orchestrators.

Managed MCP servers bridge the gap between AI frameworks and enterprise APIs without requiring your engineering team to maintain endless API boilerplate.