How does Truto handle SpotDraft rate limits when connected to Claude?

Truto does not automatically retry or absorb rate limit errors. If SpotDraft returns an HTTP 429, Truto passes that error directly back to Claude, while normalizing the rate limit data into standard headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset). Your agent or client is responsible for implementing retry and backoff logic.

Can I restrict Claude to only reading SpotDraft contracts?

Yes. When generating the MCP server, you can apply method filtering to expose only read operations (like get and list). You can also use tag filtering to restrict access to specific resource groupings.

Do I need to manage SpotDraft OAuth tokens?

No. The managed MCP server leverages the existing authenticated SpotDraft connection in Truto. Claude authenticates to the MCP server via a secure, hashed token in the URL, while Truto handles the underlying SpotDraft OAuth token lifecycle.

Connect SpotDraft to Claude: Sync Contracts, Templates, and Entities

If you need to connect SpotDraft to Claude to automate contract drafting, template management, or entity synchronization, you need a Model Context Protocol (MCP) server. This server acts as the translation layer between Claude's tool calls and SpotDraft's REST API. You can either build and maintain this infrastructure yourself, or use a managed integration platform like Truto to dynamically generate a secure, authenticated MCP server URL. If your team uses ChatGPT, check out our guide on connecting SpotDraft to ChatGPT or explore our broader architectural overview on connecting SpotDraft to AI Agents.

Giving a Large Language Model (LLM) read and write access to a contract lifecycle management (CLM) platform like SpotDraft is a massive engineering challenge. You are not just dealing with simple CRUD operations. You have to handle OAuth 2.0 token lifecycles, parse deeply nested template schemas, map dynamic key pointers, and manage complex counterparty objects. Every time SpotDraft updates a contract flow or introduces a new approval state, you have to update your server code, redeploy, and test the integration.

This guide breaks down exactly how to use Truto to generate a secure, managed MCP server for SpotDraft, connect it natively to Claude, and execute complex legal operations using natural language.

The Engineering Reality of the SpotDraft API

A custom MCP server is a self-hosted integration layer. While the open MCP standard provides a predictable way for models to discover tools, the reality of implementing it against SpotDraft's API is painful.

If you decide to build a custom MCP server for SpotDraft, you own the entire API lifecycle. Here are the specific, localized challenges you will face when mapping SpotDraft to LLM tools:

Dynamic Key Pointers and Custom Metadata SpotDraft heavily utilizes "Key Pointers" - structured metadata attached to contracts that define specific terms (like governing law, payment terms, or renewal dates). These are not static fields on a REST resource. They are dynamic key-value pairs that vary wildly depending on the contract type and jurisdiction. If you expose these raw endpoints to Claude without explicit schema mapping, the LLM will hallucinate field types or fail to format dates correctly. A managed MCP server provides Claude with an exact JSON Schema definition derived directly from SpotDraft's live configuration, preventing formatting errors.

Deeply Nested Counterparty Architecture Creating a counterparty in SpotDraft is not a single flat request. The system distinguishes strictly between organizational and individual counterparties. Creating a single business entity requires orchestrating nested arrays for contacts, nested objects for primary_address (with strict ISO country codes), and specific custom fields like VAT or vendor IDs. Custom MCP servers require you to hand-write logic to flatten or explain this hierarchy to the model.

Strict Pagination and Rate Limiting SpotDraft enforces rate limits to protect infrastructure. If your AI agent gets stuck in a loop or attempts to summarize too many active contracts simultaneously, SpotDraft will return a 429 Too Many Requests error. Truto does not retry, throttle, or apply backoff on rate limit errors. Instead, when SpotDraft returns an HTTP 429, Truto passes that error directly to the caller. Crucially, Truto normalizes the upstream rate limit information into standardized headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset) per the IETF specification. This allows Claude to inspect the headers and accurately determine when to back off and retry the operation.

Instead of building this infrastructure from scratch, you can use Truto to auto-generate an MCP server that normalizes authentication, pagination, and error handling, exposing SpotDraft's endpoints as ready-to-use tools.

How to Configure the MCP Server for SpotDraft

Truto dynamically generates MCP tools based on the active SpotDraft integration's resources and documentation. There are no static tool packs to maintain. You can create a dedicated MCP server for Claude using either the Truto UI or the API.

Method 1: Via the Truto UI

For teams who want a zero-code setup, you can generate the server directly from the dashboard.

Log into your Truto account and navigate to the Integrated Accounts page.
Select the specific SpotDraft connection you want to expose to Claude.
Click the MCP Servers tab.
Click Create MCP Server.
Select your desired configuration. You can assign a human-readable name, filter by specific methods (e.g., read-only), and set an optional expiration date.
Click Save and copy the generated MCP server URL. It will look like https://api.truto.one/mcp/abc123def456....

Method 2: Via the Truto API

For platform engineers building multi-tenant AI products, you can dynamically provision MCP servers programmatically. This generates a secure token stored in edge infrastructure.

Endpoint: POST /integrated-account/:id/mcp

const response = await fetch('https://api.truto.one/integrated-account/YOUR_ACCOUNT_ID/mcp', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer YOUR_TRUTO_API_TOKEN',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    name: "SpotDraft Contract Management Engine",
    config: {
      methods: ["read", "write"], // Expose full CRUD capabilities
      tags: ["contracts", "templates", "counterparties"]
    }
  })
});
 
const mcpServer = await response.json();
console.log(mcpServer.url); 
// Output: https://api.truto.one/mcp/xyz789...

This API validates that the requested SpotDraft integration has properly documented AI tools, hashes a cryptographic token, and immediately returns a fully functioning JSON-RPC 2.0 endpoint.

How to Connect the MCP Server to Claude

Once you have your secure URL, you need to register it with Claude. This requires no additional backend proxying.

Method 1: Via the Claude UI

If you are using Claude's web interface or team workspaces:

Open Claude and navigate to Settings.
Select Integrations or Connectors (depending on your plan tier).
Click Add MCP Server.
Paste the Truto MCP URL into the connection field.
Click Add. Claude will instantly execute an initialize handshake and query the tools/list protocol method, populating its context with SpotDraft capabilities.

Method 2: Via Manual Configuration File (Claude Desktop)

For developers running Claude Desktop locally, you use a configuration file to proxy the SSE (Server-Sent Events) connection.

Open your claude_desktop_config.json file (located in your system's application data folder) and add the following block:

{
  "mcpServers": {
    "spotdraft-truto": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-sse",
        "https://api.truto.one/mcp/xyz789..."
      ]
    }
  }
}

Restart Claude Desktop. The model will automatically discover the SpotDraft tools.

SpotDraft Hero Tools

Truto handles the heavy lifting of parsing SpotDraft's API definitions into LLM-friendly JSON Schemas. When Claude calls a tool, Truto maps the flat argument object into the exact query parameters and request bodies SpotDraft demands.

Here are the highest-leverage SpotDraft tools you should deploy to your AI agents.

1. list_all_spot_draft_templates

Before an AI agent can draft a new agreement, it must know what templates are available and what contract_type_id to use. This tool returns the full inventory of published templates in the workspace.

Contextual usage: LLMs should use this as their first step in any document generation workflow to ensure they are referencing a valid template ID.

"I need to generate a new Mutual NDA. Check SpotDraft to find the correct template ID for standard NDAs, and list any associated tags."

2. create_a_spot_draft_contract

This is the core operational tool. It generates a new contract record based on a contract_template_id and a counter_party_details object.

Contextual usage: This tool requires a strictly formatted payload. The agent must provide accurate counterparty names, emails, and address structures. It returns the newly minted contract ID, name, and status.

"Create a new contract using the Standard MSA template (ID: 450). The counterparty is 'Globex Corporation'. Use the contact email 'legal@globex.test' and set their primary address to 100 Main St, Austin, TX, 78701, US."

3. list_all_spot_draft_contract_key_pointers

Key Pointers are SpotDraft's system for extracting and assigning critical terms. Because Key Pointers vary drastically between an NDA and an MSA, the agent must fetch the specific list of pointers associated with a contract ID before attempting an update.

Contextual usage: Truto explicitly informs the model of the data_type and format_option for each Key Pointer via the schema descriptions, preventing the LLM from passing a string where an ISO date is required.

"Fetch all the Key Pointers for contract T-10294. Tell me what the current 'Governing Law' and 'Termination Notice Period' values are."

4. update_a_spot_draft_contract_key_pointer_by_id

Once the agent has identified a Key Pointer's ID, it can use this tool to modify the value directly.

Contextual usage: Essential for bulk-updating legacy contracts or executing standardized amendments. The agent must pass the contract_id and the specific Key Pointer id.

"Update the 'Governing Law' Key Pointer for contract T-10294 to 'State of Delaware'. Then confirm the new value returned by the system."

5. create_a_spot_draft_counterparty

Counterparties are top-level entities in SpotDraft. Creating them requires specifying whether they are individuals or organizations, and providing nested contact arrays.

Contextual usage: Agents should use this tool when onboarding a new vendor or client before attaching them to a specific agreement.

"Create a new organizational counterparty for 'Initech LLC'. Their primary contact is Peter Gibbons at peter@initech.test. Their jurisdiction is US, and their primary address is 400 Office Park, Dallas, TX."

6. create_a_spot_draft_contract_approval

Automates the routing of contracts to specific stakeholders. This tool creates ad-hoc approval requests and assigns them to SpotDraft roles or specific user IDs.

Contextual usage: Used to enforce internal compliance. The agent can add notes to the approval request to give the human reviewer context generated by the LLM.

"Send contract H-5022 for ad-hoc approval. Assign it to the 'Legal Director' role and add a note stating: 'Non-standard liability cap requested by vendor, please review section 4.'"

To view the complete inventory of available SpotDraft tools, including clickwrap consents, webhooks, and recipient link generation, check out the SpotDraft integration page.

Workflows in Action

By chaining these tools together, Claude can execute complex, multi-step legal operations that traditionally required manual data entry across multiple SpotDraft screens.

Workflow 1: End-to-End Vendor NDA Generation

When a sales representative requests a standard NDA for a new prospect, Claude can handle the entire pipeline autonomously.

User Prompt: "We are talking to a new vendor named 'Vertex Logistics'. Their contact is Jane Doe (jane@vertex.test) based in Chicago, IL. Create a new counterparty for them, find our standard Mutual NDA template, draft the contract, and set the 'Expiration Date' key pointer to 12 months from today."

Agent Execution Path:

Claude calls create_a_spot_draft_counterparty passing Vertex Logistics' organizational data and contact info.
SpotDraft returns the new Counterparty Workspace ID.
Claude calls list_all_spot_draft_templates and filters the response to find the ID for the "Mutual NDA" template.
Claude calls create_a_spot_draft_contract using the discovered template ID and the new Counterparty details.
SpotDraft returns the new contract ID (e.g., T-9081).
Claude calculates the date 12 months in the future.
Claude calls list_all_spot_draft_contract_key_pointers for T-9081 to find the exact Key Pointer ID for "Expiration Date".
Claude calls update_a_spot_draft_contract_key_pointer_by_id to inject the calculated date.

Result: The user gets a confirmation that the counterparty was created, the NDA was drafted, and the expiry was properly tagged, saving minutes of manual administration.

Workflow 2: Bulk Auditing and Escalation

Agents can act as automated legal operations assistants, querying system state and escalating anomalies to human stakeholders.

User Prompt: "Find all active contracts belonging to 'Acme Corp'. Read their Key Pointers. If any contract has 'Payment Terms' set to 'Net 90', initiate an ad-hoc approval to the VP of Finance to review the terms."

Agent Execution Path:

Claude calls list_all_spot_draft_contracts filtering by the client name 'Acme Corp'.
For each returned contract ID, Claude calls list_all_spot_draft_contract_key_pointers.
Claude analyzes the returned key pointers. It identifies contract H-7742 as having 'Net 90' payment terms.
Claude calls list_all_spot_draft_roles to find the role ID corresponding to "VP of Finance".
Claude calls create_a_spot_draft_contract_approval for contract H-7742, assigning the VP of Finance role and adding a contextual note about the unauthorized Net 90 terms.

Result: Claude audits the entire Acme Corp portfolio and seamlessly enforces organizational policy by pulling a human-in-the-loop only when non-standard terms are detected.

Security and Access Control

When exposing highly sensitive legal platforms to AI agents, security is non-negotiable. Truto's MCP servers provide strict, granular access controls:

Method Filtering: You can restrict a server to specific operation types. Setting methods: ["read"] ensures the LLM can list templates and read key pointers, but cannot create contracts or alter counterparties.
Tag Filtering: Restrict access to specific functional areas. By filtering on tags, you can limit an agent to only accessing counterparties and users, preventing it from accessing core contracts data.
Require API Token Auth: By enabling require_api_token_auth: true, you force the connecting client to provide a valid Truto API token in the Authorization header. Possession of the MCP URL alone is no longer sufficient, adding a critical layer of defense-in-depth.
Expiration Controls: For temporary audits or contractor access, you can set an expires_at datetime. The underlying KV store and durable objects will automatically purge the credentials and destroy the server when the time expires.

Standardizing Legal Operations with AI

Connecting Claude to SpotDraft using custom scripts and manual API polling is a recipe for technical debt. You are forced to own token refreshes, manage HTTP 429 backoff strategies, and constantly map dynamic contract metadata to LLM-friendly schemas.

By leveraging Truto's managed MCP server, you turn SpotDraft into a native capability for your AI agents in minutes. Claude gains secure, structured, and rate-limit-aware access to your entire contract portfolio.