Connect OpenAI to ChatGPT: Manage Projects, Users, and Vector Stores

If your team uses Claude, check out our guide on connecting OpenAI to Claude or explore our broader architectural overview on connecting OpenAI to AI Agents.

Managing an enterprise OpenAI organization at scale requires constant oversight. DevOps teams and IT administrators are frequently bombarded with requests to provision new projects, issue service account keys, audit usage costs across isolated teams, and spin up isolated vector stores. Giving a Large Language Model (LLM) read and write access to your OpenAI administration layer allows you to automate these Ops workflows entirely through natural language.

To connect OpenAI to ChatGPT, you need a Model Context Protocol (MCP) server. This server acts as the translation layer between ChatGPT's tool calls and OpenAI's underlying REST APIs. You can either build, host, and maintain this infrastructure yourself, or use a managed integration platform like Truto to dynamically generate a secure, authenticated MCP server URL.

This guide breaks down exactly how to use Truto to generate a secure, managed MCP server for OpenAI, connect it natively to ChatGPT, and execute complex administrative workflows using natural language.

The Engineering Reality of the OpenAI API

A custom MCP server is a self-hosted integration layer. While Anthropic's open MCP standard provides a predictable way for models to discover tools, the reality of implementing it against vendor APIs is painful. If you decide to build a custom MCP server for OpenAI, you own the entire API lifecycle.

Here are the specific integration challenges that break standard CRUD assumptions when working with the OpenAI API:

Hierarchical RBAC and Isolated Projects

OpenAI organizations are partitioned into Projects. Almost every operational resource - service accounts, API keys, rate limits, vector stores, and fine-tuning jobs - is scoped tightly to a specific project_id. If an LLM attempts to rotate an API key or adjust a rate limit, it cannot just call a global endpoint. It must first query the project directory, extract the target project_id, and inject it into the subsequent API calls. Your custom server needs to enforce this strict relational dependency in its tool schemas.

Granular Time-Bucketed Usage Data

The OpenAI usage and cost APIs do not return simple aggregations. If an LLM needs to audit spending, it must interact with endpoints like /organization/costs or /organization/usage/completions, which require strict start_time and end_time parameters. The API returns the data in time-bucketed objects. Parsing these buckets, correlating them with specific project_id or api_key_id fields, and feeding that back to the LLM in a digestible format requires significant schema engineering.

Strict Rate Limits and 429 Pass-Through

OpenAI enforces rate limits aggressively, capping requests per minute (RPM) and tokens per minute (TPM) at the project level. When you hit these limits, OpenAI returns a 429 Too Many Requests error.

It is critical to understand that Truto does not retry, throttle, or apply backoff on rate limit errors. When the upstream OpenAI API returns a 429, Truto passes that error directly to the caller (the LLM). However, Truto does normalize the upstream rate limit information into standardized headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset) per the IETF specification. It is strictly the responsibility of the calling agent or LLM to read these standardized headers and execute its own exponential backoff or retry logic.

Pagination and Cursor Ingestion

When an LLM requests a list of audit logs or chat completions, it cannot ingest 10,000 records at once. You have to write the logic to handle pagination cursors natively. You must explicitly instruct the LLM to pass cursor values back unchanged to fetch the next set of records. Without this explicit prompt engineering injected into your JSON schemas, the LLM will hallucinate cursor values and break the pagination chain.

The Managed MCP Approach

Instead of forcing your engineering team to build a custom Express server, map OpenAI's complex schemas to JSON-RPC 2.0 manually, and handle the OAuth or API key authorization flows, Truto provides a managed infrastructure layer.

Truto's approach to MCP is dynamic and documentation-driven. Rather than hand-coding tool definitions, Truto generates them on the fly from the integration's underlying resource definitions and API documentation. A tool only appears in the MCP server if it has a corresponding documentation entry - ensuring only high-quality, curated endpoints are exposed to the LLM.

Each server is scoped to a single integrated account and is secured via a cryptographic token in the URL. This token dictates exactly which OpenAI environment the LLM can access, what specific tools it is allowed to call, and when the server expires.

Step 1: Generating the OpenAI MCP Server

Truto allows you to generate a secure MCP server URL for your OpenAI connection via the user interface or programmatically via the API.

Method A: Via the Truto UI

1. Navigate to the Integrated Accounts page in your Truto dashboard and select your connected OpenAI account.
2. Click the MCP Servers tab.
3. Click Create MCP Server.
4. Configure the server parameters (name, allowed methods, allowed tags, and expiration date).
5. Click Save and copy the generated MCP server URL (e.g., https://api.truto.one/mcp/a1b2c3d4...).

Method B: Via the API

If you are provisioning OpenAI access for internal tools dynamically, you can generate the MCP server programmatically. The API validates that the integration has tools available, generates a secure token, provisions the edge infrastructure, and returns a ready-to-use URL.

curl -X POST https://api.truto.one/integrated-account/{integrated_account_id}/mcp \
  -H "Authorization: Bearer YOUR_TRUTO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "OpenAI-Ops-Server",
    "config": {
      "methods": ["read", "write"],
      "tags": ["admin", "billing", "vector_stores"]
    },
    "expires_at": "2026-12-31T23:59:59Z"
  }'

This will return a JSON response containing the server ID, configuration, and the secure url needed for the next step.

Step 2: Connecting the MCP Server to ChatGPT

Once you have your Truto MCP server URL, connecting it requires zero code.

Method A: Via the ChatGPT UI

1. Open ChatGPT and navigate to Settings -> Apps -> Advanced settings.
2. Toggle on Developer mode (MCP support requires this feature flag).
3. Under the MCP servers / Custom connectors section, click to add a new server.
4. Enter a descriptive name (e.g., "OpenAI Admin Ops").
5. Paste the Truto MCP Server URL into the configuration field.
6. Save the configuration. ChatGPT will instantly perform a handshake, run the tools/list protocol, and expose the OpenAI management tools to your chat interface.

Method B: Via Manual Config File (For Custom Agents/Desktop)

If you are integrating this into a custom LLM framework, Claude Desktop, Cursor, or an enterprise agent built on LangChain, you can configure the MCP connection using the standard JSON configuration pattern relying on Server-Sent Events (SSE).

{
  "mcpServers": {
    "openai_admin": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-sse",
        "--url",
        "https://api.truto.one/mcp/a1b2c3d4..."
      ]
    }
  }
}

Hero Tools for OpenAI Administration

Truto exposes over 100 endpoints for OpenAI, transforming them into strict JSON Schema tools. Here are six of the most powerful tools for automating OpenAI operations.

1. list_all_open_ai_projects

Lists all projects within the OpenAI organization. This is the foundational tool for almost all administrative tasks, as it allows the LLM to map human-readable project names to the internal project_id required for downstream operations.

Contextual usage notes: The LLM will use this to audit project status, identify active versus archived workspaces, and retrieve the IDs needed to provision service accounts or manage rate limits.

"Get a list of all active projects in our OpenAI organization and table their creation dates and current statuses."

2. create_a_open_ai_project_service_account

Generates a new service account and issues a raw, unredacted API key for a specific project.

Contextual usage notes: This tool requires a project_id and a name. It is the only time the unredacted api_key.value is exposed. The LLM must be instructed to handle this key securely, typically passing it directly into a secrets manager or returning it to the authenticated admin.

"Create a new service account named 'Prod-Vector-Pipeline' in the 'Data-Science' project. Provide me with the unredacted API key once it is generated."

3. update_a_open_ai_project_rate_limit_by_id

Modifies the operational constraints for a specific project.

Contextual usage notes: Requires both the project_id and the id of the rate limit object. The LLM can adjust max_requests_per_1_minute, max_tokens_per_1_minute, and max_images_per_1_minute for specific models. This is highly useful for dynamically adjusting quotas during traffic spikes.

"Increase the rate limit for the gpt-4o model in the 'Customer-Support-Bot' project to 10,000 requests per minute and 2 million tokens per minute."

4. list_all_open_ai_audit_logs

Retrieves a chronological ledger of administrative events within the organization.

Contextual usage notes: Returns the actor details (user ID and email), the event type (e.g., api_key.updated, project.archived), and the effective timestamp. The LLM uses this to perform security audits or track down who deleted a production vector store.

"Pull the audit logs for the last 24 hours and identify who deleted the service account in the 'Marketing-Gen' project."

5. list_all_open_ai_costs

Retrieves time-bucketed cost metrics for the entire organization.

Contextual usage notes: Requires a start_time. Returns an array of buckets containing amount, line_item, and project_id. The LLM is highly effective at ingesting this complex array, summarizing the costs per project, and alerting on anomalies.

"Fetch the billing costs for the entire organization since the 1st of the month. Break down the total spend by project and highlight the top three most expensive line items."

6. list_all_open_ai_vector_stores

Lists the status and file composition of all vector stores used for the Assistants API.

Contextual usage notes: Returns byte size, creation dates, and detailed file_counts (in_progress, completed, failed, cancelled). The LLM can use this to monitor the health of RAG pipelines and identify vector stores with failing file ingestions.

"List all our vector stores. Are there any stores currently showing files in a 'failed' state?"

For the complete tool inventory, request body schemas, and parameter constraints, visit the Truto OpenAI integration page.

Workflows in Action

By chaining these tools together, ChatGPT transforms from a conversational interface into an autonomous IT operations agent. Here are two real-world workflows.

Workflow 1: FinOps and Project Auditing

As organizations scale their AI usage, tracking down runaway costs is a daily chore. An IT administrator can use ChatGPT to instantly correlate spend to specific business units.

"Audit our OpenAI usage for this month. Find the three projects with the highest costs, and list the names of the users who have access to the most expensive project."

Execution Steps:

1. The agent calls list_all_open_ai_projects to map all project names to their respective project_ids.
2. The agent calls list_all_open_ai_costs with the first of the month as the start_time, extracting the bucketed usage metrics.
3. The agent maps the cost objects to the project directory, calculating the totals and identifying the highest spender.
4. The agent extracts the project_id of the top spender and calls list_all_open_ai_project_users to retrieve the directory of users with access.

The Result: The IT admin receives a clean markdown table showing the top three projects by cost, along with a bulleted list of emails and roles for the personnel attached to the highest-spending workspace.

Workflow 2: Automated Developer Onboarding

When a new engineering team needs a dedicated environment to test a RAG application, DevOps usually has to click through the OpenAI dashboard manually. ChatGPT can orchestrate the entire lifecycle.

"We have a new engineering squad. Create a new OpenAI project called 'Alpha-RAG-Testing'. Once it is created, generate a service account named 'Alpha-CI-CD' and restrict the project's rate limits to 500 requests per minute to prevent accidental billing spikes."

Execution Steps:

1. The agent calls create_a_open_ai_project passing name: "Alpha-RAG-Testing" and extracts the newly generated project_id.
2. The agent calls create_a_open_ai_project_service_account using that project_id and the name "Alpha-CI-CD", storing the unredacted API key in its context.
3. The agent calls list_all_open_ai_project_rate_limits to discover the internal IDs for the rate limit objects associated with the new project.
4. The agent calls update_a_open_ai_project_rate_limit_by_id targeting the specific model (e.g., gpt-4o) and sets max_requests_per_1_minute: 500.

The Result: The DevOps engineer gets confirmation that the isolated environment is ready, the quota is capped to protect the budget, and is handed the raw API key to inject into the CI/CD pipeline.

Security and Access Control

Giving an LLM administrative access to your OpenAI infrastructure requires zero-trust security guardrails. Truto's MCP servers enforce security at the architectural level, ensuring the LLM cannot exceed its authorized scope.

• Method Filtering: You can restrict the MCP server to read-only operations. By setting "methods": ["read"] during server creation, Truto will physically exclude any create, update, or delete tools from the generated LLM schema. The LLM simply won't know those actions exist.
• Tag Filtering: Truto allows you to isolate tools by functional area. By passing "tags": ["billing"], you can provision a specialized server that only allows the LLM to access cost and usage endpoints, keeping it entirely isolated from API keys or vector stores.
• Secondary API Authentication: By enabling the require_api_token_auth flag, possession of the MCP URL is no longer sufficient. The connecting client must also pass a valid Truto session cookie or Bearer token, adding an essential layer of enterprise identity verification.
• Ephemeral Access: MCP servers can be given a strict Time-To-Live. By passing an ISO datetime to the expires_at property, the underlying token and its scheduled cleanup alarms will automatically revoke access at the exact specified moment, making it perfect for temporary contractor access or time-bound automation scripts.

Final Thoughts

Managing OpenAI administration through ChatGPT bridges the gap between complex infrastructure operations and natural language intent. Building this integration yourself means committing engineering resources to maintain pagination cursors, handle strict hierarchical object schemas, and deal with complex 429 backoff logic.

Truto removes the boilerplate. By pointing a managed MCP server at your OpenAI instance, you instantly equip your AI agents with over 100 strictly typed, secure, and fully documented tools. Your DevOps and IT teams can stop clicking through dashboards and start automating infrastructure management via chat.