Connect Truuth to ChatGPT: Automate KYC and Fraud Risk Profiling
Connect Truuth to ChatGPT to automate KYC workflows, biometric face matching, and fraud risk profiling using Truto’s managed MCP server infrastructure.
If you are engineering identity verification pipelines, connecting Truuth to ChatGPT allows your AI agents to trigger KYC workflows, analyze fraud risk, and automate biometric document verification via natural language. If your team uses Claude, check out our guide on connecting Truuth to Claude or explore our broader architectural overview on connecting Truuth to AI Agents.
Giving a Large Language Model (LLM) direct, programmatic access to a highly sensitive, compliance-heavy platform like Truuth requires a Model Context Protocol (MCP) server. The MCP acts as the JSON-RPC translation layer, exposing Truuth's REST endpoints as well-documented, callable functions. You can either spend engineering cycles building, hosting, and maintaining this server in-house, or use a managed integration layer to dynamically generate a secure MCP server URL.
This guide details the specific engineering challenges of the Truuth API, how to generate a managed MCP server using Truto, and how to execute automated KYC and fraud-check workflows natively in ChatGPT.
The Engineering Reality of the Truuth API
Building a custom MCP server is a commitment to maintaining integration infrastructure. While the MCP standard dictates how the LLM discovers tools, you are responsible for bridging the gap between the LLM's text-based output and Truuth's strict API requirements.
Integrating Truuth presents specific architectural challenges that go beyond standard CRUD operations:
Massive Image Payloads and Context Limits Unlike a CRM where a payload is a few kilobytes of JSON, Truuth heavily relies on biometric image processing. Endpoints like facial matching, document classification, and OCR data extraction require images to be passed as either base64-encoded strings or publicly accessible URLs. An LLM natively outputs text. If an AI agent attempts to blindly inject a 4MB base64 string into its own context window, it will rapidly exhaust token limits and crash. Your integration layer must be intelligent enough to handle pre-signed URL exchanges so the LLM only orchestrates the pointers, not the raw binary data.
Asynchronous KYC Lifecycles
Identity verification is not synchronous. You cannot request a KYC check and immediately parse the result in a single HTTP loop. When creating a verification invite in Truuth, the API returns a verificationId and an inviteUrl. The user must then complete the flow out-of-band. Your AI agent must be instructed to pause execution or periodically poll the get_single_truuth_verification_by_id endpoint to check the status. Furthermore, detailed outputs like Sanctions and PEP reports require secondary requests to fetch temporary pre-signed download URLs.
Heavy Compute Rate Limits Biometric operations like liveness checks and document authenticity scoring require intensive downstream processing. If an AI agent enters a loop and submits dozens of documents for repeat-user fraud checks simultaneously, Truuth will enforce strict rate limits and return an HTTP 429 Too Many Requests response.
It is critical to understand that Truto does not retry, throttle, or apply backoff on rate limit errors. When the upstream Truuth API returns a 429, Truto passes that error directly back to the caller. Truto normalizes the upstream rate limit information into standardized IETF headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset). Your LLM framework—whether it is ChatGPT's internal engine or a custom LangChain agent—is entirely responsible for detecting these errors and implementing exponential backoff.
The Managed MCP Approach
Instead of building a custom Node.js or Python server to map Truuth's schemas to MCP tools, manage token lifecycles, and handle routing, you can use Truto to bring custom connectors to ChatGPT.
Truto dynamically derives MCP tools directly from the Truuth integration's resource definitions and documentation records. Every documented endpoint becomes a strongly typed MCP tool automatically. If Truuth adds a new endpoint for deep-fake detection tomorrow, adding documentation in Truto instantly exposes it as an AI tool.
When ChatGPT invokes a tool, the request hits a secure edge endpoint (/mcp/:token). Truto unpacks the JSON-RPC message, maps the arguments to the exact query and body parameters Truuth expects, authenticates the request using the integrated account's credentials, and proxies the call to Truuth in real-time. No customer PII or biometric data is stored at rest in the integration layer.
How to Generate and Connect the Truuth MCP Server
Every MCP server in Truto is scoped to a single integrated account. This ensures strict tenant isolation—an agent operating on one Truuth instance cannot accidentally cross-pollinate data with another.
You can generate an MCP server via the Truto UI or programmatically via the API.
Step 1: Create the MCP Server
Via the Truto UI:
- Navigate to the integrated account page for your connected Truuth instance.
- Click the MCP Servers tab.
- Click Create MCP Server.
- Select your desired configuration (name, allowed methods, tag filters).
- Copy the generated MCP server URL (e.g.,
https://api.truto.one/mcp/abc123def456...).
Via the API:
If you are provisioning environments programmatically, issue a POST request to the token management endpoint:
curl -X POST https://api.truto.one/integrated-account/{integrated_account_id}/mcp \
-H "Authorization: Bearer YOUR_TRUTO_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Truuth KYC Automation Server",
"config": {
"tags": ["kyc", "fraud"]
}
}'The API provisions the secure token and returns the ready-to-use endpoint URL.
Step 2: Connect the Server to ChatGPT
With the URL in hand, you connect it to your LLM client.
Via the ChatGPT UI:
- In ChatGPT, navigate to Settings → Apps → Advanced settings.
- Enable Developer mode.
- Under MCP servers / Custom connectors, click add.
- Provide a label (e.g., "Truuth KYC Agent").
- Paste the Truto MCP URL into the Server URL field and click Add.
Via Manual Configuration (SSE): If you are using an agentic framework or a client that supports manual JSON configurations (like Claude Desktop or Cursor), define the server using the SSE transport:
{
"mcpServers": {
"truuth_kyc": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/server-sse",
"https://api.truto.one/mcp/abc123def456..."
]
}
}
}ChatGPT will immediately ping the initialize endpoint, complete the handshake, and request the tools/list.
Hero Tools for Truuth
Truto exposes the full surface area of the Truuth API, but certain operations provide massive leverage for AI automation. Below are the highest-impact tools your agent can use.
create_a_truuth_verification_invite
Initiates the KYC identity verification journey. This tool generates an invitation email containing a secure URL, dispatching it to the customer. It returns critical tracking elements including the verificationId and inviteUrl.
Usage Note: Since all body fields are technically optional, ensure you prompt the LLM to pass the specific email or SMS coordinates needed to reach the end user.
"Send a new Truuth verification invite to j.smith@example.com for our standard KYC onboarding flow, and return the verificationId so I can track it."
get_single_truuth_verification_by_id
Retrieves the full lifecycle details of an ongoing or completed verification. The response contains deep metadata including the status, completedAt timestamp, inviteeDetails, and results.
Usage Note: The LLM should use this tool to check if a user has completed their biometric flow before attempting to fetch reports.
"Check the status of Truuth verification ID 987654321. If the status is COMPLETED, summarize the final results array."
create_a_truuth_document_fraud_check
Submits an identity document to the Truuth Document Fraud Checks Service. This tool initiates deep forensic analysis on the document to identify tampering, synthetic generation, or invalid MRZ zones.
Usage Note: Requires the tenant_alias and document payload. If the document is large, provide a publicly accessible URL to the LLM rather than asking it to encode a base64 string.
"Submit the passport image located at https://internal.s3.bucket/passport_123.jpg to the Truuth document fraud check service for tenant 'acme_corp' and tell me the documentVerifyId."
create_a_truuth_email_analyze
Analyzes a submitted email address for historical fraud risk. This powerful tool returns multifaceted data including emailValidation (status, domainType), emailActivity (velocity, popularity), and specific risk scoring (tumbling risk, domain risk, proxy types).
Usage Note: Highly effective for pre-screening users before incurring the cost of a full biometric KYC flow.
"Analyze the email address fake.user123@protonmail.com using the Truuth email analyze tool. What is the tumblingRisk score and domainType?"
create_a_truuth_face_match
Verifies whether the face on a provided photo ID document matches the face on a live selfie image. It returns the similarity score, liveness status, and the transactionId.
Usage Note: Requires two inputs (photoId and face). This is the core biometric primitive for preventing impersonation attacks.
"Run a Truuth face match comparing the ID photo URL and the selfie URL provided in my previous message. Let me know if the similarity score is above 90%."
create_a_truuth_repeat_user_fraud_check
Queries the Truuth repeat-user historical database. By submitting identity document and owner data, this tool checks if the same physical person has attempted to register multiple accounts using synthetic identities or stolen IDs.
Usage Note: Returns a transactionId. The LLM must then call get_single_truuth_repeat_user_fraud_check_by_id to retrieve the actual anomalous records.
"Submit a repeat user fraud check for the identity details associated with John Doe. Give me the transactionId so we can monitor the results."
To view the complete inventory of available endpoints and their specific JSON schemas, visit the Truuth integration page.
Workflows in Action
Connecting Truuth to ChatGPT transforms manual compliance reviews into orchestrated, multi-step automated workflows. Here is how specific personas use this setup in production.
Persona 1: The Compliance Officer Automating KYC Audits
Compliance officers waste hours manually checking dashboards to see if users have passed their KYC checks. An AI agent can poll the status, fetch the reports, and summarize the findings asynchronously.
"Check the status of Truuth verification ID 555-888. If the KYC is complete, download the Sanctions and PEP report pre-signed URL, fetch the document, and tell me if they triggered any politically exposed person alerts."
Execution Steps:
- The agent calls
get_single_truuth_verification_by_idwith the ID. - It observes the
statusis "COMPLETED". - The agent calls
list_all_truuth_verification_sanctions_pep_reportpassing the verification ID. - Truuth returns a 15-minute temporary pre-signed URL.
- The agent (or a secondary fetch tool) retrieves the report from the URL and summarizes the PEP findings.
sequenceDiagram
participant User as "Compliance Officer"
participant LLM as "ChatGPT"
participant Truto as "Truto MCP Server"
participant Truuth as "Truuth API"
User->>LLM: "Check verification 555-888 and audit PEP status"
LLM->>Truto: Call get_single_truuth_verification_by_id(555-888)
Truto->>Truuth: GET /verifications/555-888
Truuth-->>Truto: { "status": "COMPLETED" }
Truto-->>LLM: JSON data
LLM->>Truto: Call list_all_truuth_verification_sanctions_pep_report(555-888)
Truto->>Truuth: GET /verifications/555-888/sanctions/report
Truuth-->>Truto: { "content": "https://truuth-s3..." }
Truto-->>LLM: Pre-signed URL
Note over LLM: Agent analyzes report content
LLM-->>User: "Verification complete. No PEP alerts found."Persona 2: The Fraud Analyst Investigating Synthetic Identities
When an analyst suspects an account takeover or synthetic identity attempt, they need deep forensic data on both the email footprint and the historical biometric record.
"I am investigating a suspicious signup for email scammer@example.com. Run the Truuth email analyze tool. Then, initiate a repeat user fraud check using the identity payload I just provided to see if this person exists under another alias."
Execution Steps:
- The agent calls
create_a_truuth_email_analyzewith the suspicious email. - The agent interprets the
domainActivityandriskscores (e.g., noting high tumbling risk and a proxy IP). - The agent calls
create_a_truuth_repeat_user_fraud_checkwith the provided JSON payload. - The agent returns the initial email risk report and provides the transaction ID for the pending repeat user analysis.
Security and Access Control
Giving an LLM access to sensitive biometric and PII data requires rigorous security guardrails. Truto's MCP server implementation includes specific configuration options to lock down AI agent behavior:
- Method Filtering: Enforce the principle of least privilege by setting
config.methods: ["read"]. This restricts the MCP server to onlygetandlistoperations, ensuring the LLM can audit KYC reports but cannot create, modify, or delete repeat-image instances. - Tag Filtering: Limit the server's scope by assigning tags. If you only want the agent to handle email fraud checks, configure the server to only expose tools tagged with
fraud_analysis. - API Token Authentication: By default, possessing the MCP URL grants access. For enterprise environments, setting
require_api_token_auth: trueforces the MCP client to also pass a valid Truto API token in theAuthorizationheader, adding a strict secondary identity check. - Automatic Expiry: Generate ephemeral MCP servers by setting the
expires_atfield. Cloud storage TTL and internal alarm schedulers guarantee the server infrastructure and KV tokens self-destruct at the specified time, leaving zero stale credentials.
Next Steps
Connecting Truuth to ChatGPT via MCP enables your team to move away from static dashboards and build conversational, agentic interfaces for identity verification and fraud prevention. By leveraging a managed infrastructure layer, you bypass the boilerplate of authentication lifecycles, schema management, and API proxy routing.
FAQ
- How does Truto handle Truuth's API rate limits?
- Truto does not retry, throttle, or absorb rate limit errors. When Truuth returns an HTTP 429, Truto passes the error directly to the caller and normalizes the rate limit data into standard IETF headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset). Your LLM framework must handle the exponential backoff.
- Can I filter which Truuth tools ChatGPT can access?
- Yes. When creating the MCP server in Truto, you can use method filtering (e.g., read-only operations) and tag filtering to restrict access to specific toolsets, such as only exposing verification checks while blocking destructive actions.
- How are biometric images handled in the Truuth MCP integration?
- Truuth tools accept and return images via base64 encoded payloads or pre-signed URLs. When using ChatGPT, it is highly recommended to design prompts that instruct the LLM to process pre-signed URLs rather than large base64 strings to avoid blowing up the context window.
- Does the Truto MCP server store Truuth customer data?
- No. Truto's proxy API architecture passes requests directly to Truuth in real-time. Responses are returned to the LLM immediately without caching the underlying PII, KYC, or biometric data.