Connect LoanPro to ChatGPT: Manage and Search Agent User Profiles

If you need to connect LoanPro to ChatGPT to automate user directory audits, search agent profiles, or manage role-based access control, you need a Model Context Protocol (MCP) server. This server acts as the translation layer between ChatGPT's JSON-RPC tool calls and LoanPro's complex REST APIs. You can either spend engineering cycles building and maintaining this infrastructure yourself, or use a managed integration platform like Truto to dynamically generate a secure, authenticated MCP server URL.

If your team uses Claude, check out our guide on connecting LoanPro to Claude or explore our broader architectural overview on connecting LoanPro to AI Agents.

Giving a Large Language Model (LLM) read and write access to a sprawling financial ecosystem like LoanPro is a significant engineering challenge. You have to handle strict OAuth credential management, map massive JSON schemas to MCP tool definitions, and deal with LoanPro's specific nested entity constraints. Every time an endpoint changes, you have to update your server code, redeploy, and test the integration. This guide breaks down exactly how to use Truto to generate a secure, managed MCP server for LoanPro, connect it natively to ChatGPT, and execute complex agent administration workflows using natural language.

The Engineering Reality of Custom LoanPro Connectors

A custom MCP server is a self-hosted integration layer. While the open MCP standard provides a predictable way for models to discover tools, the reality of implementing it against vendor APIs is painful. If you decide to build a custom MCP server for LoanPro, you are responsible for the entire API lifecycle.

Here are the specific integration challenges that break standard CRUD assumptions when working with LoanPro:

Complex Nested Entity Relationships In LoanPro, a user profile is not a flat object. An agent user has nested arrays for tenantAccessRole, searchRestrictionGroup, and wizardGroup. If an LLM wants to update an agent's access, it cannot just pass a single role string. It must understand the deeply nested JSON structure required by LoanPro's payload definitions. If your MCP server does not accurately map these schemas and provide explicit descriptions, the LLM will hallucinate flat key-value pairs, and the API will reject the request.

Strict API Rate Limiting and 429 Errors LoanPro enforces strict operational rate limits on their endpoints to protect core lending infrastructure. When connecting an autonomous agent to an API, the agent can easily hit a loop and exhaust these limits. It is a common misconception that integration gateways should automatically absorb these limits. Truto does not retry, throttle, or apply backoff on rate limit errors. When the LoanPro API returns an HTTP 429 Too Many Requests, Truto passes that error directly to the caller. Truto normalizes the upstream rate limit data into standardized headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset) per the IETF spec. The caller - your AI framework or custom agent logic - is fully responsible for reading these headers and executing exponential retry and backoff logic. Hiding 429s from the LLM leads to stalled state; passing them explicitly allows the model to understand the delay.

Heavy Pagination and Cursor Management When an LLM requests a list of all active users to perform an audit, LoanPro will return a paginated response. LLMs cannot ingest 10,000 records at once without blowing up the context window. Your MCP server must explicitly instruct the LLM to pass cursor values back unchanged to fetch the next set of records, and manage the limit parameters dynamically.

The Managed MCP Approach

Instead of forcing your engineering team to build custom API wrappers, handle authentication refreshes, and manually write JSON Schema definitions for every LoanPro resource, Truto provides a managed infrastructure layer.

Truto's MCP servers turn any connected LoanPro account into an MCP-compatible tool server dynamically. Rather than hand-coding tool definitions, Truto derives them from two data sources: the integration's defined endpoints and the underlying documentation records that provide human-readable descriptions and JSON Schema definitions.

When ChatGPT connects to the Truto MCP endpoint, Truto parses the request, executes the call against the LoanPro proxy API, handles the authentication layer automatically, and returns the result in an MCP-compliant JSON-RPC format. You get a fully functional LLM toolkit without writing a single line of integration code.

How to Generate a LoanPro MCP Server

Each MCP server is scoped to a single integrated account (a connected instance of LoanPro for a specific tenant). The server URL contains a cryptographic token that encodes which account to use and what tools to expose.

You can create this server either via the Truto dashboard or programmatically via the API.

Method 1: Via the Truto UI

If you are an administrator setting this up for internal workflows, the UI is the fastest path.

1. Navigate to the Integrated Accounts page in your Truto dashboard and select your connected LoanPro instance.
2. Click the MCP Servers tab.
3. Click Create MCP Server.
4. Configure the server parameters. You can filter by methods (e.g., restricting the server to read only) or by specific tags.
5. Click Save, and immediately copy the generated MCP server URL. (e.g., https://api.truto.one/mcp/a1b2c3d4...)

Method 2: Via the API

If you are building a product that deploys AI agents for your own customers, you must generate these servers programmatically.

Make a POST request to /integrated-account/:id/mcp. The API validates that the integration has tools available, generates a secure hashed token in Cloudflare KV, and returns the URL.

curl -X POST https://api.truto.one/integrated-account/YOUR_ACCOUNT_ID/mcp \
  -H "Authorization: Bearer YOUR_TRUTO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "LoanPro Audit Agent",
    "config": {
      "methods": ["read", "update"]
    }
  }'

The response will return the database record plus the live endpoint:

{
  "id": "abc-123",
  "name": "LoanPro Audit Agent",
  "config": { "methods": ["read", "update"] },
  "expires_at": null,
  "url": "https://api.truto.one/mcp/a1b2c3d4e5f6..."
}

Connecting the MCP Server to ChatGPT

Once you have the generated URL, you simply pass it to your AI client. The URL alone contains the necessary token to authenticate the proxy requests.

Method A: Via the ChatGPT UI

If you are using ChatGPT Enterprise or an account with custom connectors enabled:

1. Open ChatGPT and click your profile picture, then navigate to Settings.
2. Go to Apps and find Advanced settings.
3. Enable Developer mode (MCP support requires this flag).
4. Under MCP servers / Custom connectors, click to add a new server.
5. Name the connector (e.g., "LoanPro Agent").
6. Paste the Truto MCP URL into the Server URL field.
7. Click Save. ChatGPT will immediately execute a tools/list handshake and populate the available LoanPro operations.

Method B: Via Manual Config File

If you are using a desktop client or an external runner that requires an MCP configuration file, you can map the Truto SSE transport directly in your JSON config:

{
  "mcpServers": {
    "loanpro": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-sse",
        "https://api.truto.one/mcp/a1b2c3d4e5f6..."
      ]
    }
  }
}

LoanPro AI Tool Inventory (Hero Tools)

Truto automatically generates MCP tools based on the resources available in the LoanPro proxy API. To ensure the LLM understands exactly how to use them, Truto injects specific descriptions and schema requirements.

Here are the hero tools available for managing LoanPro agent user profiles.

list_all_loan_pro_users

This tool allows the AI agent to retrieve and filter through the directory of LoanPro users. It returns comprehensive details including tenantAccessRoleDescription, tenantActiveStatus, isEnrolledInMFA, and contact information.

Usage notes: Because this endpoint can return massive directories, Truto injects limit and next_cursor properties into the query schema. The LLM is explicitly instructed to pass the cursor back unchanged for pagination.

"Retrieve the list of all LoanPro users. Find anyone who has a tenantActiveStatus of true but is not currently enrolled in MFA. If there are multiple pages, keep fetching until you have checked the entire directory."

get_single_loan_pro_user_by_id

This tool fetches a highly detailed specific agent user profile. It requires the internal LoanPro user id and returns deep properties like lastContractSigned, wizardGroup, tenantAccessActive, and standard identity fields.

Usage notes: The id property is automatically mapped as a required string in the JSON schema.

"Look up the specific user profile for the agent with ID 'usr-89241'. Tell me their exact tenantAccessRole and when they last signed a contract."

create_a_loan_pro_user

This tool allows the agent to provision a new user profile inside LoanPro. It accepts a complex nested body schema that maps directly to LoanPro's creation requirements, including role mapping.

Usage notes: The LLM will construct the JSON body payload. If required fields like userName or tenantAccessRole are missing, Truto's validation layer will return a clear error instructing the model to correct the payload.

"Create a new LoanPro user for Sarah Jenkins. Her username should be sjenkins@company.com, job title is Junior Loan Officer, and assign her the standard 'Support' tenant access role."

update_a_loan_pro_user_by_id

This tool enables the LLM to patch an existing user's profile. It is incredibly useful for automated onboarding flows, role promotions, or updating contact details.

Usage notes: The LLM requires the user id in the query space, and the modified fields in the body schema space.

"Update the LoanPro profile for ID 'usr-89241'. Change their jobTitle to 'Senior Loan Officer' and update their tenantAccessRole to 'Manager'. Leave all other fields exactly as they are."

delete_a_loan_pro_user_by_id

This tool disables or removes a user profile from the LoanPro tenant.

Usage notes: Because this is a destructive action, it is highly recommended to configure human-in-the-loop approvals within your agent framework before allowing the LLM to execute this tool unsupervised.

"We are offboarding the agent with ID 'usr-2210'. Please execute the deletion tool to remove their access from the LoanPro instance immediately."

For the complete tool inventory and the exact JSON schema mappings for all resources, visit the LoanPro integration page.

Workflows in Action

Connecting an LLM directly to your LoanPro instance unlocks powerful automation for IT and Support Operations. Here are practical examples of what an agent can achieve autonomously.

Scenario 1: IT Admin Auditing MFA Compliance

IT administrators frequently need to ensure that all active financial agents have Multi-Factor Authentication enabled. Normally, this requires exporting a CSV and running manual VLOOKUPs.

"Audit our LoanPro instance. Find all users who are currently active. Cross-reference their profiles and give me a list of any user who is active but has isEnrolledInMFA set to false. Format the output as a clean table with their ID, fullName, and jobTitle."

Execution Steps:

1. The agent calls list_all_loan_pro_users, passing { "limit": "100" }.
2. The agent evaluates the returned JSON, checking the tenantActiveStatus and isEnrolledInMFA booleans for each object.
3. If a next_cursor is present, the agent automatically calls list_all_loan_pro_users again with { "next_cursor": "<token>" } to retrieve the next page.
4. Once all pages are processed, the agent formats the isolated anomalous users into a markdown table for the admin.

Scenario 2: Support Ops Manager Onboarding a New Agent

When a new loan officer joins the team, their profile needs to be created with the exact correct nested role groups.

"We just hired John Doe as a compliance reviewer. Create his LoanPro profile. Username is jdoe@company.com, roleId should be 4, and ensure his tenantAccessActive flag is set to true. Once created, return his new system ID to me."

Execution Steps:

1. The agent maps the natural language request to the create_a_loan_pro_user JSON schema.
2. The agent executes the tool, passing the correctly formatted nested body parameters.
3. Truto routes the proxy request to LoanPro. LoanPro responds with the newly generated user object.
4. The agent reads the response, extracts the id, and replies to the manager confirming the successful creation.

Security and Access Control

Giving an LLM access to a financial platform requires strict guardrails. Truto's MCP architecture provides multiple layers of access control built directly into the token URL.

• Method Filtering: You can restrict a server to specific operation types by setting config.methods. Passing ["read"] ensures the LLM can only execute get and list operations, entirely preventing the model from hallucinating a destructive delete or update request.
• Tag Filtering: Integrations can be segmented by tags. You can configure an MCP server to only expose tools tagged with ["directory"], completely hiding core lending operations or financial record tools from the specific AI agent.
• require_api_token_auth: By default, the MCP token URL is sufficient for access. For enterprise deployments, setting require_api_token_auth: true forces the client to also pass a standard Truto Bearer token. This means if the URL leaks in a log file, it remains unusable without secondary authentication.
• expires_at: MCP servers can be given a strict Time-to-Live (TTL). Setting an ISO datetime ensures the server automatically self-destructs. The Cloudflare KV entry expires, and a Durable Object cleanup alarm permanently removes the server configuration from the database.

Connecting AI agents to B2B SaaS applications is no longer an API documentation problem; it is an infrastructure routing problem. By utilizing dynamic MCP server generation, your engineering team can stop manually maintaining brittle JSON schemas and reverse-engineering vendor pagination quirks. You abstract the integration layer entirely, allowing your AI applications to interact with live, strictly governed LoanPro data seamlessly.