---
title: "Connect Truuth to ChatGPT: Automate KYC and Fraud Risk Profiling"
slug: connect-truuth-to-chatgpt-automate-kyc-and-fraud-risk-profiling
date: 2026-07-08
author: Nachi Raman
categories: ["AI & Agents"]
excerpt: "Connect Truuth to ChatGPT to automate KYC workflows, biometric face matching, and fraud risk profiling using Truto’s managed MCP server infrastructure."
tldr: "A technical guide to connecting Truuth to ChatGPT using a managed MCP server. Learn how to automate KYC, biometric face matching, and fraud risk profiling without maintaining custom integration infrastructure."
canonical: https://truto.one/blog/connect-truuth-to-chatgpt-automate-kyc-and-fraud-risk-profiling/
---

# Connect Truuth to ChatGPT: Automate KYC and Fraud Risk Profiling


If you are engineering identity verification pipelines, connecting Truuth to ChatGPT allows your AI agents to trigger KYC workflows, analyze fraud risk, and automate biometric document verification via natural language. If your team uses Claude, check out our guide on [connecting Truuth to Claude](https://truto.one/connect-truuth-to-claude-verify-identity-and-document-validity/) or explore our broader architectural overview on [connecting Truuth to AI Agents](https://truto.one/connect-truuth-to-ai-agents-orchestrate-biometric-and-repeat-checks/).

Giving a Large Language Model (LLM) direct, programmatic access to a highly sensitive, compliance-heavy platform like Truuth requires a [Model Context Protocol (MCP) server](https://truto.one/what-is-mcp-and-mcp-servers-and-how-do-they-work). The MCP acts as the JSON-RPC translation layer, exposing Truuth's REST endpoints as well-documented, callable functions. You can either spend engineering cycles building, hosting, and maintaining this server in-house, or use a managed integration layer to dynamically generate a secure MCP server URL.

This guide details the specific engineering challenges of the Truuth API, how to generate a managed MCP server using Truto, and how to execute automated KYC and fraud-check workflows natively in ChatGPT.

## The Engineering Reality of the Truuth API

Building a custom MCP server is a commitment to maintaining integration infrastructure. While the MCP standard dictates how the LLM discovers tools, you are responsible for bridging the gap between the LLM's text-based output and Truuth's strict API requirements. 

Integrating Truuth presents specific architectural challenges that go beyond standard CRUD operations:

**Massive Image Payloads and Context Limits**
Unlike a CRM where a payload is a few kilobytes of JSON, Truuth heavily relies on biometric image processing. Endpoints like facial matching, document classification, and OCR data extraction require images to be passed as either base64-encoded strings or publicly accessible URLs. An LLM natively outputs text. If an AI agent attempts to blindly inject a 4MB base64 string into its own context window, it will rapidly exhaust token limits and crash. Your integration layer must be intelligent enough to handle pre-signed URL exchanges so the LLM only orchestrates the pointers, not the raw binary data.

**Asynchronous KYC Lifecycles**
Identity verification is not synchronous. You cannot request a KYC check and immediately parse the result in a single HTTP loop. When creating a verification invite in Truuth, the API returns a `verificationId` and an `inviteUrl`. The user must then complete the flow out-of-band. Your AI agent must be instructed to pause execution or periodically poll the `get_single_truuth_verification_by_id` endpoint to check the status. Furthermore, detailed outputs like Sanctions and PEP reports require secondary requests to fetch temporary pre-signed download URLs.

**Heavy Compute Rate Limits**
Biometric operations like liveness checks and document authenticity scoring require intensive downstream processing. If an AI agent enters a loop and submits dozens of documents for repeat-user fraud checks simultaneously, Truuth will enforce strict rate limits and return an HTTP 429 Too Many Requests response.

It is critical to understand that **Truto does not retry, throttle, or apply backoff on rate limit errors.** When the upstream Truuth API returns a 429, Truto passes that error directly back to the caller. Truto normalizes the upstream rate limit information into standardized IETF headers (`ratelimit-limit`, `ratelimit-remaining`, `ratelimit-reset`). Your LLM framework—whether it is ChatGPT's internal engine or a custom LangChain agent—is entirely responsible for detecting these errors and implementing exponential backoff.

## The Managed MCP Approach

Instead of building a custom Node.js or Python server to map Truuth's schemas to MCP tools, manage token lifecycles, and handle routing, you can use Truto to [bring custom connectors to ChatGPT](https://truto.one/bring-100-custom-connectors-to-chatgpt-with-superai-by-truto).

Truto dynamically derives MCP tools directly from the Truuth integration's resource definitions and documentation records. Every documented endpoint becomes a [strongly typed MCP tool automatically](https://truto.one/auto-generated-mcp-tools-for-ai-agents-a-2026-architecture-guide). If Truuth adds a new endpoint for deep-fake detection tomorrow, adding documentation in Truto instantly exposes it as an AI tool. 

When ChatGPT invokes a tool, the request hits a secure edge endpoint (`/mcp/:token`). Truto unpacks the JSON-RPC message, maps the arguments to the exact query and body parameters Truuth expects, authenticates the request using the integrated account's credentials, and proxies the call to Truuth in real-time. No customer PII or biometric data is stored at rest in the integration layer.

## How to Generate and Connect the Truuth MCP Server

Every MCP server in Truto is scoped to a single integrated account. This ensures strict tenant isolation—an agent operating on one Truuth instance cannot accidentally cross-pollinate data with another.

You can generate an MCP server via the Truto UI or programmatically via the API.

### Step 1: Create the MCP Server

**Via the Truto UI:**
1. Navigate to the integrated account page for your connected Truuth instance.
2. Click the **MCP Servers** tab.
3. Click **Create MCP Server**.
4. Select your desired configuration (name, allowed methods, tag filters).
5. Copy the generated MCP server URL (e.g., `https://api.truto.one/mcp/abc123def456...`).

**Via the API:**
If you are provisioning environments programmatically, issue a `POST` request to the token management endpoint:

```bash
curl -X POST https://api.truto.one/integrated-account/{integrated_account_id}/mcp \
  -H "Authorization: Bearer YOUR_TRUTO_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Truuth KYC Automation Server",
    "config": {
      "tags": ["kyc", "fraud"]
    }
  }'
```

The API provisions the secure token and returns the ready-to-use endpoint URL.

### Step 2: Connect the Server to ChatGPT

With the URL in hand, you connect it to your LLM client. 

**Via the ChatGPT UI:**
1. In ChatGPT, navigate to **Settings → Apps → Advanced settings**.
2. Enable **Developer mode**.
3. Under **MCP servers / Custom connectors**, click add.
4. Provide a label (e.g., "Truuth KYC Agent").
5. Paste the Truto MCP URL into the Server URL field and click **Add**.

**Via Manual Configuration (SSE):**
If you are using an agentic framework or a client that supports manual JSON configurations (like Claude Desktop or Cursor), define the server using the SSE transport:

```json
{
  "mcpServers": {
    "truuth_kyc": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-sse",
        "https://api.truto.one/mcp/abc123def456..."
      ]
    }
  }
}
```

ChatGPT will immediately ping the `initialize` endpoint, complete the handshake, and request the `tools/list`.

## Hero Tools for Truuth

Truto exposes the full surface area of the Truuth API, but certain operations provide massive leverage for AI automation. Below are the highest-impact tools your agent can use.

### create_a_truuth_verification_invite
Initiates the KYC identity verification journey. This tool generates an invitation email containing a secure URL, dispatching it to the customer. It returns critical tracking elements including the `verificationId` and `inviteUrl`.

**Usage Note:** Since all body fields are technically optional, ensure you prompt the LLM to pass the specific email or SMS coordinates needed to reach the end user.

> "Send a new Truuth verification invite to j.smith@example.com for our standard KYC onboarding flow, and return the verificationId so I can track it."

### get_single_truuth_verification_by_id
Retrieves the full lifecycle details of an ongoing or completed verification. The response contains deep metadata including the `status`, `completedAt` timestamp, `inviteeDetails`, and `results`.

**Usage Note:** The LLM should use this tool to check if a user has completed their biometric flow before attempting to fetch reports.

> "Check the status of Truuth verification ID 987654321. If the status is COMPLETED, summarize the final results array."

### create_a_truuth_document_fraud_check
Submits an identity document to the Truuth Document Fraud Checks Service. This tool initiates deep forensic analysis on the document to identify tampering, synthetic generation, or invalid MRZ zones.

**Usage Note:** Requires the `tenant_alias` and `document` payload. If the document is large, provide a publicly accessible URL to the LLM rather than asking it to encode a base64 string.

> "Submit the passport image located at https://internal.s3.bucket/passport_123.jpg to the Truuth document fraud check service for tenant 'acme_corp' and tell me the documentVerifyId."

### create_a_truuth_email_analyze
Analyzes a submitted email address for historical fraud risk. This powerful tool returns multifaceted data including `emailValidation` (status, domainType), `emailActivity` (velocity, popularity), and specific `risk` scoring (tumbling risk, domain risk, proxy types).

**Usage Note:** Highly effective for pre-screening users before incurring the cost of a full biometric KYC flow.

> "Analyze the email address fake.user123@protonmail.com using the Truuth email analyze tool. What is the tumblingRisk score and domainType?"

### create_a_truuth_face_match
Verifies whether the face on a provided photo ID document matches the face on a live selfie image. It returns the `similarity` score, `liveness` status, and the `transactionId`.

**Usage Note:** Requires two inputs (`photoId` and `face`). This is the core biometric primitive for preventing impersonation attacks.

> "Run a Truuth face match comparing the ID photo URL and the selfie URL provided in my previous message. Let me know if the similarity score is above 90%."

### create_a_truuth_repeat_user_fraud_check
Queries the Truuth repeat-user historical database. By submitting identity document and owner data, this tool checks if the same physical person has attempted to register multiple accounts using synthetic identities or stolen IDs.

**Usage Note:** Returns a `transactionId`. The LLM must then call `get_single_truuth_repeat_user_fraud_check_by_id` to retrieve the actual anomalous records.

> "Submit a repeat user fraud check for the identity details associated with John Doe. Give me the transactionId so we can monitor the results."

To view the complete inventory of available endpoints and their specific JSON schemas, visit the [Truuth integration page](https://truto.one/integrations/detail/truuth).

## Workflows in Action

Connecting Truuth to ChatGPT transforms manual compliance reviews into orchestrated, multi-step automated workflows. Here is how specific personas use this setup in production.

### Persona 1: The Compliance Officer Automating KYC Audits
Compliance officers waste hours manually checking dashboards to see if users have passed their KYC checks. An AI agent can poll the status, fetch the reports, and summarize the findings asynchronously.

> "Check the status of Truuth verification ID 555-888. If the KYC is complete, download the Sanctions and PEP report pre-signed URL, fetch the document, and tell me if they triggered any politically exposed person alerts."

**Execution Steps:**
1. The agent calls `get_single_truuth_verification_by_id` with the ID.
2. It observes the `status` is "COMPLETED".
3. The agent calls `list_all_truuth_verification_sanctions_pep_report` passing the verification ID.
4. Truuth returns a 15-minute temporary pre-signed URL.
5. The agent (or a secondary fetch tool) retrieves the report from the URL and summarizes the PEP findings.

```mermaid
sequenceDiagram
    participant User as "Compliance Officer"
    participant LLM as "ChatGPT"
    participant Truto as "Truto MCP Server"
    participant Truuth as "Truuth API"
    
    User->>LLM: "Check verification 555-888 and audit PEP status"
    LLM->>Truto: Call get_single_truuth_verification_by_id(555-888)
    Truto->>Truuth: GET /verifications/555-888
    Truuth-->>Truto: { "status": "COMPLETED" }
    Truto-->>LLM: JSON data
    LLM->>Truto: Call list_all_truuth_verification_sanctions_pep_report(555-888)
    Truto->>Truuth: GET /verifications/555-888/sanctions/report
    Truuth-->>Truto: { "content": "https://truuth-s3..." }
    Truto-->>LLM: Pre-signed URL
    Note over LLM: Agent analyzes report content
    LLM-->>User: "Verification complete. No PEP alerts found."
```

### Persona 2: The Fraud Analyst Investigating Synthetic Identities
When an analyst suspects an account takeover or synthetic identity attempt, they need deep forensic data on both the email footprint and the historical biometric record.

> "I am investigating a suspicious signup for email scammer@example.com. Run the Truuth email analyze tool. Then, initiate a repeat user fraud check using the identity payload I just provided to see if this person exists under another alias."

**Execution Steps:**
1. The agent calls `create_a_truuth_email_analyze` with the suspicious email.
2. The agent interprets the `domainActivity` and `risk` scores (e.g., noting high tumbling risk and a proxy IP).
3. The agent calls `create_a_truuth_repeat_user_fraud_check` with the provided JSON payload.
4. The agent returns the initial email risk report and provides the transaction ID for the pending repeat user analysis.

## Security and Access Control

Giving an LLM access to sensitive biometric and PII data requires rigorous security guardrails. Truto's MCP server implementation includes specific configuration options to lock down AI agent behavior:

*   **Method Filtering:** Enforce the principle of least privilege by setting `config.methods: ["read"]`. This restricts the MCP server to only `get` and `list` operations, ensuring the LLM can audit KYC reports but cannot create, modify, or delete repeat-image instances.
*   **Tag Filtering:** Limit the server's scope by assigning tags. If you only want the agent to handle email fraud checks, configure the server to only expose tools tagged with `fraud_analysis`.
*   **API Token Authentication:** By default, possessing the MCP URL grants access. For enterprise environments, setting `require_api_token_auth: true` forces the MCP client to also pass a valid Truto API token in the `Authorization` header, adding a strict secondary identity check.
*   **Automatic Expiry:** Generate ephemeral MCP servers by setting the `expires_at` field. Cloud storage TTL and internal alarm schedulers guarantee the server infrastructure and KV tokens self-destruct at the specified time, leaving zero stale credentials.

## Next Steps

Connecting Truuth to ChatGPT via MCP enables your team to move away from static dashboards and build conversational, agentic interfaces for identity verification and fraud prevention. By leveraging a managed infrastructure layer, you bypass the boilerplate of authentication lifecycles, schema management, and API proxy routing.

:::cta{buttonText="Talk to us" buttonUrl="https://cal.com/truto/partner-with-truto"} 
Ready to automate your compliance workflows? Get started with Truto's managed MCP servers today.
:::
