How does Truto handle Strapi's dynamic content types?

Truto requires tools that interact with content types to accept a `plural_api_id` parameter. This allows the LLM to target any dynamic collection within Strapi without needing hard-coded endpoint paths for every custom schema.

Can the AI agent upload images to Strapi?

Yes. Using the `create_a_strapi_upload` tool, the AI agent can upload multipart/form-data to the Media Library. It can also supply reference IDs to immediately link the uploaded file to a specific article or document.

How are rate limits handled during high-volume tool execution?

Truto passes upstream 429 Too Many Requests errors directly back to the caller, alongside standardized IETF rate limit headers. Your LLM framework or client application must implement its own exponential backoff and retry logic.

Is it safe to give ChatGPT write access to Strapi?

You can strictly control access by configuring the MCP server with method filters (e.g., allowing only `read` operations) or tag filters. You can also enforce secondary authentication and set expiration timestamps for temporary access.

Connect Strapi to ChatGPT: Manage Media, Content, and User Accounts

If you need to connect Strapi to ChatGPT to automate headless CMS workflows, manage media assets, or orchestrate user accounts, you need a Model Context Protocol (MCP) server. This server acts as the translation layer between ChatGPT's tool calls and Strapi's REST APIs. You can either build and maintain this infrastructure yourself, or use a managed integration platform like Truto to dynamically generate a secure, authenticated MCP server URL.

If your team uses Claude, check out our guide on connecting Strapi to Claude or explore our broader architectural overview on connecting Strapi to AI Agents.

Giving a Large Language Model (LLM) read and write access to a flexible headless CMS like Strapi is a massive engineering challenge. You have to handle complex relational data payloads, map dynamic content types to MCP tool definitions, and deal with polymorphic media uploads. Every time a developer adds a new content type or updates a schema in Strapi, your custom server code must be updated, redeployed, and tested.

This guide breaks down exactly how to use Truto to generate a secure, managed MCP server for Strapi, connect it natively to ChatGPT, and execute complex workflows using natural language.

Stop writing boilerplate API integration code. Let Truto generate secure, managed MCP servers for your AI agents in seconds. :::

The Engineering Reality of the Strapi API

A custom MCP server is a self-hosted integration layer. While the open MCP standard provides a predictable way for models to discover tools, implementing it against Strapi's highly dynamic API is exceptionally painful.

If you decide to build a custom MCP server for Strapi, you own the entire API lifecycle. Here are the specific integration challenges that break standard CRUD assumptions when working with Strapi:

Dynamic Content Types and Plural API IDs

Unlike SaaS platforms with static endpoints (e.g., /users or /tickets), a Strapi API surface is entirely defined by the user's custom content types. The endpoints dynamically generate based on the plural_api_id. If an LLM needs to query a custom CaseStudy collection, your MCP server must somehow know that the endpoint is /api/case-studies. Building static MCP schemas for a dynamic CMS means writing a schema parser that reads the user's Strapi configuration and dynamically generates the JSON-RPC tool definitions. If you skip this, your LLM will hallucinate endpoint paths.

The "Populate" Complexity for Relational Data

When an LLM asks "Get me the article and its author," a standard GET /api/articles/1 in Strapi will often return empty relation fields. Strapi requires clients to explicitly request relational data using the populate query parameter (e.g., ?populate=author or ?populate=*). Your MCP server's tool definitions must explicitly instruct the LLM on how to construct these nested query parameters, or the LLM will complain that the data is missing and fail the task.

Polymorphic Media Uploads

Uploading an image to Strapi's Media Library is an entirely different workflow than creating a standard document. It requires multipart/form-data. Worse, if an LLM wants to upload a cover image and link it to an article, it has to pass specific refId, ref, and field parameters in the upload payload to link the file to the target entity. If your MCP server cannot handle multipart translation or schema validation for these references, your AI agents cannot manage media.

Handling Rate Limits and 429 Errors

When interacting with high-volume Strapi endpoints, rate limits are a reality. Factual note on rate limits: Truto does not retry, throttle, or apply backoff on rate limit errors. When an upstream API returns HTTP 429, Truto passes that error to the caller. Truto normalizes upstream rate limit info into standardized headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset) per the IETF spec. The caller (your LLM framework or custom agent) is entirely responsible for implementing retry and exponential backoff logic.

The Managed MCP Approach

Instead of forcing your engineering team to build and maintain a massive Node.js or Python application to translate MCP JSON-RPC requests into Strapi REST calls, Truto handles this at the infrastructure level.

Truto's MCP server turns any connected integration into an MCP-compatible tool server dynamically. The key design insight is that tool generation is documentation-driven. Rather than hand-coding tool definitions, Truto derives them from the integration's resources and documentation records, providing accurate JSON schemas (query and body) to the LLM upon connection.

Step 1: Generate the Strapi MCP Server

Each MCP server is scoped to a single connected Strapi instance. The server URL contains a cryptographic token that encodes the account, what tools are exposed, and when the server expires. You can create this server in two ways.

Method A: Via the Truto UI

If you prefer a no-code approach, you can generate the server directly from the dashboard.

Navigate to the Integrated Accounts page in your Truto dashboard and select your connected Strapi instance.
Click the MCP Servers tab.
Click Create MCP Server.
Configure your desired method filters, tag groupings, and expiration datetime.
Copy the generated MCP server URL (e.g., https://api.truto.one/mcp/a1b2c3d4e5f6...).

Method B: Via the API

For automated deployments, you can provision MCP servers programmatically using the Truto REST API. The API validates that the integration has tools available, generates a secure hashed token in key-value storage, and returns a ready-to-use URL.

curl -X POST https://api.truto.one/integrated-account/{integrated_account_id}/mcp \
  -H "Authorization: Bearer YOUR_TRUTO_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Strapi Content AI Agent",
    "config": {
      "methods": ["read", "write", "custom"]
    },
    "expires_at": "2026-12-31T23:59:59Z"
  }'

The response will provide the secure connection URL:

{
  "id": "mcp-7890-xyz",
  "name": "Strapi Content AI Agent",
  "config": { "methods": ["read", "write", "custom"] },
  "expires_at": "2026-12-31T23:59:59.000Z",
  "url": "https://api.truto.one/mcp/a1b2c3d4e5f6..."
}

Step 2: Connect the MCP Server to ChatGPT

Once you have your Truto MCP URL, you simply pass it to your LLM client. This is the fastest way to bring custom connectors to ChatGPT.

Method A: Via the ChatGPT UI

If you are using ChatGPT Enterprise, Plus, or Pro with Developer Mode enabled, you can connect the remote server directly:

Open ChatGPT and go to Settings -> Apps -> Advanced settings.
Toggle Developer mode on.
Under MCP servers / Custom connectors, click Add.
Name your connection (e.g., "Strapi CMS").
Paste the Truto MCP URL into the Server URL field and click Save.

ChatGPT will perform the JSON-RPC initialization handshake and immediately index all available Strapi tools.

Method B: Via Manual Config File (SSE Bridge)

Many desktop LLM clients (like Claude Desktop, Cursor, or custom agent frameworks) require local execution of an MCP bridge using Server-Sent Events (SSE). You can easily connect the Truto remote server using the official MCP SSE transport utility.

Create or update your MCP configuration JSON file (often located at mcp.json or claude_desktop_config.json depending on your client):

{
  "mcpServers": {
    "strapi-cms": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-sse",
        "--url",
        "https://api.truto.one/mcp/a1b2c3d4e5f6..."
      ]
    }
  }
}

When your LLM client boots, it executes the npx command, establishing a secure connection to Truto's edge routers, fetching the Strapi schemas, and registering the tools.

Hero Tools for Strapi

When you connect Truto's Strapi MCP server to an LLM, the model dynamically discovers the available endpoints. The input arguments are flattened, allowing the model to focus on intent rather than HTTP semantics. Here are the highest-leverage tools available for Strapi.

1. `list_all_strapi_documents`

Retrieves an array of document records for a specified content type. Crucial for auditing existing content or finding specific entries. It requires the plural_api_id parameter to know which collection to target.

"Get the latest 5 entries from the 'articles' collection. Make sure to populate the 'author' relation so I can see who wrote them."

2. `create_a_strapi_document`

Generates a new document within a target content type. The LLM must pass the plural_api_id and a data body containing the fields defined by your specific Strapi schema.

"Draft a new blog post titled '2026 AI Trends' in the 'posts' collection. Set the publish status to draft and tag it under the 'technology' category."

3. `create_a_strapi_upload`

Uploads raw files into Strapi's Media Library. The true power of this tool is its ability to link the uploaded file directly to a content entity using the ref, refId, and field parameters.

"Upload this provided PDF report to the Strapi Media Library, and link it as the 'attachment' field to the document in the 'reports' collection with ID 42."

4. `update_a_strapi_document_by_id`

Modifies an existing content entry. Perfect for editorial workflows where an AI reviews a draft, suggests edits, and updates the text directly in the CMS.

"Find the article in the 'newsletters' collection with ID 104. Update its SEO meta description field to be more engaging and under 160 characters."

5. `list_all_strapi_users`

Retrieves user objects from the users-permissions plugin. This tool allows the AI to audit registered accounts, check confirmation statuses, and verify roles.

"List all Strapi users who currently have the 'blocked' status set to true, and output their email addresses for my review."

6. `create_a_strapi_auth_register`

Automates user onboarding by registering a new local user. The LLM supplies a username, email, and password, returning the newly created user object and their initial JWT.

"Register a new user in Strapi with the email 'contractor@example.com'. Generate a secure temporary password and return the user ID."

For the complete inventory of Strapi tools, including role management, password resets, and user counts, visit the Strapi integration page.

Workflows in Action

Individual tools are useful, but the real value of MCP lies in giving an AI agent the ability to chain multiple operations together to complete complex, multi-step tasks without human intervention.

Scenario 1: Headless Content Generation and Media Linking

Marketing teams often struggle with the manual steps of writing content, sourcing cover images, and properly formatting them in the CMS. An AI agent can automate the entire publishing pipeline.

"I need to publish a new case study about our recent enterprise integration. First, check the 'case-studies' collection to ensure we don't already have one for 'Acme Corp'. If not, draft a 500-word case study document. Then, take the logo image file provided in our chat, upload it to Strapi, and link it to the new case study as the 'coverImage'."

Tool Execution Sequence:

list_all_strapi_documents (Filters the case-studies collection for "Acme Corp").
create_a_strapi_document (Passes the generated text into the data payload to create the entry and extracts the resulting id).
create_a_strapi_upload (Uploads the file and passes ref: "api::case-study.case-study", refId: <new_id>, and field: "coverImage").

Result: The user receives a confirmation that the case study is live in the CMS, fully formatted, with the media asset correctly mapped in the relational database.

Scenario 2: User Access Audits and Onboarding

IT administrators spend hours managing CMS access for contractors. You can instruct ChatGPT to handle the provisioning and reporting.

"Audit our Strapi instance and list any registered users who are currently 'unconfirmed'. Then, register a new user account for our new freelance editor at 'freelance@agency.com', using a strong password, and let me know their new user ID."

Tool Execution Sequence:

list_all_strapi_users (Fetches the user list and filters for confirmed: false).
create_a_strapi_auth_register (Submits the username, email, and generated password to the authentication endpoint).

Result: The admin receives a quick report of dangling unconfirmed accounts, followed by the successful ID and credentials for the newly provisioned editor.

Security and Access Control

Giving an AI model direct read and write access to your production CMS requires strict security controls. Truto provides infrastructure-level constraints that are enforced before a tool call ever reaches the proxy handlers.

Method Filtering: When creating the MCP server, you can restrict the config.methods array. Passing ["read"] ensures the server only exposes get and list tools. The LLM physically cannot "hallucinate" a delete operation because the route will not exist in the schema.
Tag Filtering: You can isolate access by resource domain. Using config.tags allows you to restrict an MCP server to specific functional areas (e.g., exposing only content tags while hiding auth or users tags).
Require API Token Auth: By default, anyone with the MCP server URL can connect. For enterprise deployments, setting require_api_token_auth: true forces the connecting LLM client to provide a valid Truto API token in the Authorization header, adding a required secondary layer of authentication.
Expiration TTLs: Using the expires_at property creates short-lived MCP servers. Backed by Durable Object alarms and Key-Value TTLs, the server automatically destroys itself at the specified timestamp, ensuring temporary agent access never becomes a lingering backdoor.

Stop Hand-Coding CMS Connectors

Building AI agents that interact with Strapi should focus on prompt engineering and business logic, not wrestling with polymorphic media references, nested populate arrays, and JSON Schema definitions.

By utilizing an architecture that auto-generates tools based on dynamic documentation, you eliminate the maintenance burden. When your CMS team adds a new content type to Strapi, you don't rewrite code - you simply let the model discover the updated schema through the MCP server. This is the difference between an AI feature that gets stuck in staging and an agent that ships to production.