Can I restrict Claude to read-only access in LoanPro?

Yes. When creating the MCP server via Truto, you can use Method Filtering by setting `methods: ["read"]`. This ensures Claude can only access `get` and `list` tools, physically blocking any writes or deletions.

How do I connect the Truto MCP server to Claude Desktop?

You can connect via the Claude UI (Settings -> Integrations -> Add MCP Server) by pasting the Truto URL, or by editing the `claude_desktop_config.json` file using the `@modelcontextprotocol/server-sse` transport wrapper.

Connect LoanPro to Claude: Access and Audit Detailed Agent Directories

If your team uses ChatGPT, check out our guide on connecting LoanPro to ChatGPT or explore our broader architectural overview on connecting LoanPro to AI Agents.

Lending core platforms hold the most sensitive financial data in a company. When configuring an AI agent to manage or audit users inside LoanPro, security, structure, and predictability are paramount. Giving a Large Language Model (LLM) read and write access to a sprawling financial ecosystem requires a robust Model Context Protocol (MCP) server. This server acts as the translation layer between Claude's tool calls and LoanPro's REST APIs.

You can either build and maintain this infrastructure yourself - writing schemas, handling token lifecycles, and managing pagination - or you can use a managed integration platform like Truto to dynamically generate a secure, authenticated MCP server URL.

This guide breaks down exactly how to use Truto to generate a secure, managed MCP server for LoanPro, connect it natively to Claude Desktop, and execute complex compliance, auditing, and directory workflows using natural language.

The Engineering Reality of the LoanPro API

A custom MCP server is a self-hosted integration layer. While the open MCP standard provides a predictable way for models to discover tools, the reality of implementing it against LoanPro's APIs requires significant engineering overhead. You are integrating a strict financial core with specific design patterns and error formats.

If you decide to build a custom MCP server for LoanPro, you own the entire API lifecycle. Here are the specific challenges you will face when mapping LoanPro to Claude:

Fragmented Identity and Role Structures

LoanPro does not use a flat permission model. Agent user profiles contain deeply nested role structures, including tenantAccessRoleDescription, tenantActiveStatus, wizardGroup, and searchRestrictionGroup. Explaining this hierarchical authorization model to an LLM from scratch requires massive OpenAPI specification dumps that bloat Claude's context window. Truto handles this by transforming LoanPro's resources into standardized JSON Schemas using documentation-driven tool generation. This provides Claude with exact, deterministic instructions on which fields are required and how they map to the system.

Strict Rate Limiting (And Why You Own The Retries)

Financial APIs aggressively throttle traffic to protect core lending infrastructure. LoanPro enforces strict API quotas. If your AI agent gets stuck in a loop or attempts to dump an entire directory of thousands of users at once, LoanPro will return an HTTP 429 Too Many Requests error.

It is critical to understand how Truto handles this: Truto does not retry, throttle, or apply backoff on rate limit errors. When LoanPro returns an HTTP 429, Truto passes that exact error back to the caller (your MCP client). Truto normalizes the upstream rate limit information into standardized headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset) according to the IETF specification. The caller - meaning your custom agent script or Claude framework - is entirely responsible for implementing the retry and exponential backoff logic.

Multi-Factor Authentication and Contract States

Auditing users in LoanPro requires querying boolean flags like isEnrolledInMFA, tenantAccessActive, and timestamp fields like lastContractSigned. If you expose raw API parameters directly, LLMs frequently hallucinate timestamp formats or attempt to pass strings instead of booleans. A managed MCP server translates these requirements into strictly typed tools, ensuring Claude formats the payload correctly before the API call is ever made.

How to Generate a LoanPro MCP Server with Truto

Truto dynamically generates MCP tools based on the connected integrated account. Rather than hand-coding tool definitions, Truto derives them from LoanPro's resource definitions and curates them based on documentation.

You can generate your LoanPro MCP server using either the Truto UI or the API.

Method 1: Generating via the Truto UI

If you are configuring access for internal operations, the UI is the fastest path.

Navigate to the Integrated Accounts page in your Truto dashboard and select your connected LoanPro instance.
Click the MCP Servers tab.
Click the Create MCP Server button.
Select your desired configuration. You can name the server, filter allowed methods (e.g., read-only), specify tags, and optionally set an expiration date.
Click Create and copy the generated MCP server URL. This URL contains a cryptographic token that securely identifies the connection.

Method 2: Generating via the API

If you are dynamically provisioning AI agents for your own end-users, you can create MCP servers programmatically. The API validates that the integration has tools available, generates a secure token, and returns a ready-to-use URL.

// POST /integrated-account/:id/mcp
const response = await fetch('https://api.truto.one/integrated-account/YOUR_LOANPRO_ACCOUNT_ID/mcp', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer YOUR_TRUTO_API_KEY`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    name: "LoanPro Compliance Auditor MCP",
    config: {
      methods: ["read", "write"],
      tags: ["directory", "audit"]
    },
    expires_at: "2026-12-31T23:59:59Z"
  })
});
 
const mcpServer = await response.json();
console.log(mcpServer.url); 
// Returns: https://api.truto.one/mcp/a1b2c3d4e5f6...

How to Connect the LoanPro MCP Server to Claude

Once you have your Truto MCP URL, connecting it to Claude requires zero additional code. You can integrate it via the UI or a configuration file.

Method A: Connecting via the Claude UI

If you are using Claude Desktop or ChatGPT's web interface, you can add the server directly.

Open Claude Desktop.
Navigate to Settings -> Integrations -> Add MCP Server.
Paste the Truto MCP URL into the Server URL field.
Click Add.

Claude will immediately ping the server, complete the JSON-RPC 2.0 handshake, and populate its context window with the available LoanPro tools.

Method B: Connecting via Manual Configuration File

If you are running headless agents or prefer configuring Claude Desktop via the file system, you can use the claude_desktop_config.json file. Truto provides an SSE (Server-Sent Events) transport wrapper that makes remote MCP URLs compatible with Claude's local configuration.

Locate your configuration file:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json

Add the following JSON block:

{
  "mcpServers": {
    "loanpro-directory": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-sse",
        "https://api.truto.one/mcp/YOUR_TRUTO_MCP_TOKEN"
      ]
    }
  }
}

Restart Claude Desktop. The tools will now be natively available in your chat interface.

LoanPro Hero Tools for Claude

When the MCP client calls tools/list, Truto dynamically generates the definitions. To prevent context window bloat, you should restrict your agents to the highest-leverage tools. Here are the 5 hero tools for managing LoanPro agent directories and performing compliance audits.

1. list_all_loan_pro_users

This is the primary tool for auditing and discovery. It allows Claude to search users in LoanPro by query filters. It handles pagination through standard limit and next_cursor parameters, explicitly instructing Claude to pass cursor values back unchanged.

Key returns: id, firstName, lastName, userName, tenantAccessRoleDescription, tenantActiveStatus, isEnrolledInMFA, and globalRole.

"I need to run a compliance check. List all LoanPro users in the system and return a table of anyone who has isEnrolledInMFA set to false."

2. get_single_loan_pro_user_by_id

When Claude identifies a user from a list or an external ticket, it uses this tool to retrieve the complete, detailed agent user profile.

Key returns: Deep profile data including recoveryEmail, phone, jobTitle, active, gender, roleId, validated, and lastContractSigned.

"Fetch the complete profile for the LoanPro user with ID 987654. I need to know their exact tenantAccessRoleDescription and when their last contract was signed."

3. create_a_loan_pro_user

This tool allows Claude to automate the IT onboarding process. It accepts a strict JSON schema for the body parameters, ensuring that required fields like userName, firstName, lastName, and roleId are present before attempting the upstream API call.

"We have a new support agent named Sarah Connor. Create a new LoanPro user profile for her. Use sarah.connor@company.com as the username and assign her the standard support role ID."

4. update_a_loan_pro_user_by_id

Used for continuous IAM (Identity and Access Management) synchronization. Claude can use this tool to append new roles, update job titles, or modify recovery contact information for existing agents.

"Update the LoanPro user with ID 456123. Change their job title to 'Senior Underwriter' and update their tenantAccessRole to match the new position."

5. delete_a_loan_pro_user_by_id

Critical for automated offboarding and zero-trust security workflows. When an employee departs, Claude can immediately revoke their access by deleting the active session or profile mapping.

"The contractor with LoanPro user ID 112233 has finished their engagement. Delete their LoanPro user profile immediately to revoke access."

For the complete tool inventory, including endpoints for tenant configuration, loans, and custom fields, view the complete schema details on the LoanPro integration page.

Workflows in Action

Giving Claude access to these tools transforms it from a chatbot into an active IT and compliance operator. Here are two real-world workflows demonstrating how Claude orchestrates these tools.

Workflow 1: The Automated MFA Compliance Audit

Security teams frequently need to ensure all active users are enrolled in Multi-Factor Authentication. Instead of exporting CSVs from LoanPro, an IT admin can simply ask Claude.

"Run an MFA compliance audit on our LoanPro instance. Find all active users who are not enrolled in MFA and output their names, emails, and job titles in a markdown table."

Execution Steps:

Claude calls list_all_loan_pro_users passing limit: 100.
Claude processes the returned array, isolating objects where active: true and isEnrolledInMFA: false.
If the response contains a next_cursor, Claude autonomously calls list_all_loan_pro_users again, passing the exact cursor string back to fetch the next page of results.
Once all pages are consumed, Claude formats the extracted data (firstName, lastName, userName, jobTitle) into the requested markdown table.

Workflow 2: Zero-Touch Employee Offboarding

When a Jira or ServiceNow ticket triggers an offboarding event, the AI agent needs to locate the user across multiple SaaS tools and revoke access.

"We are offboarding John Doe (jdoe@company.com). Find his profile in LoanPro, verify his current role, and then delete his user record to revoke access."

Execution Steps:

Claude calls list_all_loan_pro_users using a query filter for the username jdoe@company.com.
Claude extracts the id (e.g., 778899) from the search result.
Claude calls get_single_loan_pro_user_by_id using ID 778899 to log his current tenantAccessRoleDescription for the audit trail.
Claude calls delete_a_loan_pro_user_by_id with ID 778899.
Claude responds to the user confirming the successful deletion and logs the previous role state.

Security and Access Control

Exposing an enterprise core like LoanPro to an AI agent requires strict guardrails. Truto's MCP tokens enforce security at the infrastructure layer, ensuring the LLM cannot hallucinate its way around your access policies.

Method Filtering: When generating the server, you can restrict it to specific operation types. Setting methods: ["read"] ensures the agent can only execute get and list operations, physically preventing it from creating or deleting users regardless of the prompt.
Tag Filtering: You can restrict the MCP server to only expose tools relevant to the agent's persona. Setting tags: ["directory"] hides all loan-processing and financial reporting endpoints, shrinking the attack surface and saving context window space.
Extra Authentication (require_api_token_auth): By default, possessing the MCP URL grants access. By setting require_api_token_auth: true, the MCP client must also pass a valid Truto API token in the Authorization header. This double-gates the integration for high-security environments.
Automatic Expiration (expires_at): For temporary auditing tasks, you can provision an MCP server with a strict Time-to-Live (TTL). Once the expires_at timestamp is reached, the server is purged from edge storage and all subsequent tool calls fail immediately.

Streamlining Financial API Access

Connecting Claude to LoanPro using a custom-built solution means dedicating engineering cycles to OAuth flows, JSON schema mapping, and edge-case pagination logic. Every time LoanPro updates an endpoint, your custom MCP server breaks.

By leveraging Truto's managed MCP infrastructure, you abstract away the API boilerplate. You get instant, documentation-driven tools with normalized rate limiting headers and secure, ephemeral access controls. This allows your engineering team to focus on building agentic workflows rather than maintaining integration plumbing.