Does Truto automatically retry failed NinjaOne API requests?

No. Truto passes HTTP 429 Too Many Requests errors directly back to the caller. Truto normalizes the rate limit data into standard IETF headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset), but the LLM framework is responsible for implementing retry and backoff logic.

Can I restrict ChatGPT from making changes to my NinjaOne devices?

Yes. When creating the MCP server in Truto, you can set the method filter to ["read"]. This ensures the server only exposes GET and LIST operations, preventing the LLM from executing any write, update, or delete commands.

Can I use this MCP server with local AI agents like LangGraph or Claude Desktop?

Yes. You can connect local clients using the Server-Sent Events (SSE) transport by running the @modelcontextprotocol/server-sse package and passing your Truto MCP URL.

Connect NinjaOne to ChatGPT: Manage IT Assets & Support Tickets

If you need to connect NinjaOne to ChatGPT to automate fleet management, track missing software patches, or triage helpdesk tickets, you need a Model Context Protocol (MCP) server. This server translates an LLM's natural language tool calls into structured NinjaOne REST API requests. If your team uses Claude, check out our guide on connecting Ninjaone to Claude, or explore our broader architectural overview on connecting Ninjaone to AI Agents.

Giving a Large Language Model (LLM) read and write access to a sprawling Remote Monitoring and Management (RMM) ecosystem like NinjaOne is a serious engineering challenge. You must handle complex organizational hierarchies, map massive JSON schemas to MCP tool definitions, and deal with strict polling rate limits. Every time NinjaOne updates an endpoint or deprecates a field, you have to update your server code, redeploy, and test the integration.

This guide breaks down exactly how to use Truto to generate a secure, managed MCP server for NinjaOne, connect it natively to ChatGPT, and execute complex IT automation workflows using natural language.

The Engineering Reality of the NinjaOne API

A custom MCP server is a self-hosted integration layer. While the open MCP standard provides a predictable way for models to discover tools, implementing it against NinjaOne's specific architecture is painful. If you decide to build a custom MCP server for NinjaOne, you own the entire API lifecycle. Here are the specific integration challenges that break standard CRUD assumptions when working with NinjaOne:

The Organizational Hierarchy and Location Routing NinjaOne is heavily multi-tenant by design. You cannot simply create a device or pull an asset list without navigating the organizationId and locationId architecture. Devices, policies, and node approval modes are strictly tied to specific locations within an organization. If your MCP server does not explicitly enforce this hierarchy, an LLM will attempt to create devices in void spaces, resulting in persistent 400 Bad Request errors.

Dense Activity Logs and Opaque Identifiers When you pull the activity log for a device, the NinjaOne API returns highly dense telemetry. Fields like sourceConfigUid and seriesUid are opaque strings that require secondary lookups to translate into human-readable alerts or system states. If you expose raw activity logs to an LLM without clear schema descriptions, the model will hallucinate the meaning of these identifiers, misdiagnosing device health.

Device State and Polling Rate Limits NinjaOne categorizes devices by nodeClass (e.g., WINDOWS_WORKSTATION, MAC) and tracks real-time state via offline flags and lastContact timestamps. AI agents often enter aggressive polling loops when waiting for a device to come online after a patch reboot. NinjaOne enforces strict rate limits.

Factual note on rate limits: Truto does not retry, throttle, or apply backoff on rate limit errors. When the NinjaOne API returns an HTTP 429 Too Many Requests, Truto passes that error directly to the caller. Truto normalizes the upstream rate limit information into standardized headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset) per the IETF spec. The caller (your LLM agent framework) is responsible for reading these headers and executing its own retry or backoff logic.

Generating the NinjaOne MCP Server

Instead of writing and hosting a custom JSON-RPC server, you can use Truto to dynamically generate a secure MCP server URL for your connected NinjaOne instance. This auto-generated MCP tools architecture ensures the LLM only sees validated, well-described endpoints derived directly from the integration's documentation records.

You can create this MCP server in two ways: via the Truto UI for one-off configurations, or via the API for programmatic provisioning.

Method 1: Via the Truto UI

For internal IT teams setting up a dedicated ChatGPT workspace, the UI is the fastest path.

Log into your Truto dashboard and navigate to the Integrated Accounts page.
Select your connected NinjaOne integration.
Click the MCP Servers tab.
Click Create MCP Server.
Select your desired configuration. You can filter the server to only allow read methods (preventing the LLM from altering device states) or filter by specific tags like devices or tickets.
Click Save and copy the generated MCP server URL (e.g., https://api.truto.one/mcp/a1b2c3d4e5f6...).

Method 2: Via the Truto API

If you are building an IT automation platform and need to provision MCP servers for your own customers dynamically, use the REST API.

The API validates that the NinjaOne integration has active tools, generates a secure token, stores it in distributed KV storage for low-latency routing, and returns the endpoint.

curl -X POST https://api.truto.one/integrated-account/{integrated_account_id}/mcp \
  -H "Authorization: Bearer YOUR_TRUTO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "NinjaOne IT SecOps Agent",
    "config": {
      "methods": ["read", "update"],
      "tags": ["devices", "alerts", "software"]
    }
  }'

The response contains the cryptographic token URL required by the MCP client:

{
  "id": "mcp_8f7e6d5c",
  "name": "NinjaOne IT SecOps Agent",
  "config": { 
    "methods": ["read", "update"],
    "tags": ["devices", "alerts", "software"]
  },
  "expires_at": null,
  "url": "https://api.truto.one/mcp/a1b2c3d4e5f6..."
}

Connecting the MCP Server to ChatGPT

Once you have the Truto MCP server URL, you must connect it to your LLM client. All communication happens over HTTP POST using JSON-RPC 2.0 messages. The MCP server handles the handshake, tool listing, and tool execution.

Method A: Via the ChatGPT UI

If you are using ChatGPT directly, you can connect the remote server as a custom connector.

Open ChatGPT and navigate to Settings -> Apps -> Advanced settings.
Toggle Developer mode on (MCP support requires this feature flag).
Under MCP servers / Custom connectors, click Add new server.
Enter a descriptive name, such as "NinjaOne Fleet Manager".
Paste the Truto MCP URL into the Server URL field.
Click Save.

ChatGPT will immediately send an initialize request to the server, followed by a tools/list request. The model is now ready to manage your RMM environment.

Method B: Via Manual Config File (SSE Transport)

If you are running a local agent framework, Cursor, or Claude Desktop, you can connect via a configuration file using the Server-Sent Events (SSE) transport proxy.

Create or update your MCP configuration JSON file (e.g., mcp-config.json or claude_desktop_config.json):

{
  "mcpServers": {
    "ninjaone_rmm": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-sse",
        "https://api.truto.one/mcp/a1b2c3d4e5f6..."
      ]
    }
  }
}

This executes a lightweight Node.js wrapper that translates local standard I/O into HTTP POST requests against the Truto unified endpoint.

Hero Tools for NinjaOne Automation

Truto exposes the NinjaOne integration as a set of descriptive, snake_case tools. Query schemas and body schemas are automatically derived from the integration's documentation records. Here are the highest-leverage tools available for your AI agent.

list_all_ninjaone_devices

Retrieves the core inventory of all tracked assets. The LLM uses this to search for machines by name, location, or status. The response includes approvalStatus, offline status, dnsName, and nested references containing policy mapping.

"Pull a list of all devices currently marked as offline in the London office organization."

get_single_ninjaone_device_by_id

Provides a deep dive into specific machine telemetry. Once the LLM has a device_id, it calls this tool to retrieve hardware specs, ipAddresses, macAddresses, publicIP, notes, and maintenance status.

"Get the full hardware specs and public IP address for device ID 4892 so I can log it in the incident report."

list_all_ninjaone_device_software_patch_history

A critical tool for compliance and security auditing. Requires a device_id. It returns an array of installed patches, including productIdentifier, title, impact, status, and the installedAt timestamp.

"Check the software patch history for the CEO's MacBook and confirm if the latest zero-day OS patch was installed successfully."

list_all_ninjaone_alerts

Reads the active monitoring queue across the entire fleet. The LLM can use this to identify failing hard drives, offline servers, or high CPU utilization. Returns the alert uid, deviceId, message, createTime, and psaTicketId.

"List all active alerts with critical severity generated in the last 4 hours."

list_all_ninjaone_tickets

Executes a query against a specific ticket board in NinjaOne. Requires a board_id. It returns ticket data arrays and metadata, allowing the LLM to triage the IT helpdesk queue natively.

"Read the unassigned tickets on the Tier 1 Support board and summarize the top three issues."

update_a_ninjaone_device_by_id

Allows the LLM to execute remediation workflows. Using a device_id, the model can alter the displayName, change the policyId, reassign the organizationId, or update userData custom fields.

"Update the device named 'WIN-DESK-09' to assign it to the 'Strict Quarantine' policy ID 84."

For the complete inventory of available endpoints, pagination logic, and strict JSON schemas, view the NinjaOne integration page.

Workflows in Action

Exposing these tools to ChatGPT enables complex, multi-step IT operations. Here is how specific personas use the NinjaOne MCP server in production.

Scenario 1: Security Patch Auditing

Security engineers spend hours manually verifying if critical CVE patches have been deployed across the fleet. You can ask ChatGPT to audit this automatically.

"Audit our server infrastructure. Find all Windows servers, check their patch history for the past 30 days, and list any machines that are missing critical severity updates."

Step-by-step execution:

list_all_ninjaone_devices: The agent fetches the device list, filtering for nodeClass equals Windows Server.
list_all_ninjaone_device_software_patch_history: The agent iterates through the returned id array, calling the patch history tool for each server.
Data Synthesis: The LLM parses the impact and status fields, identifying any server where critical patches failed or are absent.

Result: The engineer receives a clean markdown table listing vulnerable servers by name, IP address, and missing patch identifiers.

Scenario 2: Helpdesk Alert Triage

IT Support analysts face alert fatigue. When a monitoring alert fires, the context is often buried across multiple screens. You can instruct ChatGPT to enrich the alert data.

"Look at the most recent active alerts. For any alert related to disk space or memory, pull the specific device details and draft a summary note for the ticket."

Step-by-step execution:

list_all_ninjaone_alerts: The agent pulls active alerts and filters the results for storage or memory-related messages.
get_single_ninjaone_device_by_id: For the flagged alerts, the agent extracts the deviceId and fetches the full hardware profile, including systemName and lastContact.
list_all_ninjaone_device_disks: If it is a storage issue, the agent calls the disk tool to get size, partitionCount, and smartCapable status.

Result: The LLM outputs a highly detailed diagnostic summary, combining the raw alert with the exact hardware limits of the machine, ready to be pasted into Jira or Zendesk.

Security and Access Control

Giving an LLM access to your RMM platform requires strict security boundaries. Truto MCP servers provide four layers of access control configured at creation:

Method Filtering (config.methods): Restrict the AI agent to specific operation types. Setting this to ["read"] ensures the LLM can only execute get and list operations, physically preventing it from updating policies or deleting assets.
Tag Filtering (config.tags): Scope the server to specific functional domains. If you only want the LLM to read helpdesk data, configure the tags to ["tickets"], filtering out all device and organization management tools.
API Token Authentication (require_api_token_auth): By default, the MCP URL contains a hashed token. Enabling this flag forces the client to also pass a valid Truto API token in the Authorization header, enforcing strict identity checks.
Automatic Expiration (expires_at): Schedule the MCP server to self-destruct. Setting an ISO datetime ensures temporary contractors or automated audit scripts lose access to the integration exactly when required, triggering a cleanup alarm that wipes the token from KV storage.

Rethinking IT Automation with LLMs

The traditional approach to IT automation required writing rigid Python scripts, maintaining brittle API wrappers, and constantly fixing broken pagination loops. By connecting NinjaOne to ChatGPT via a managed MCP server, you abstract away the REST API boilerplate entirely.

Your engineers stop writing API polling logic and start writing natural language prompts. The LLM dynamically selects the right tools, parses the organizational hierarchy, and executes the RMM workflow precisely as instructed.