Skip to content

Connect Truuth to Claude: Verify Identity and Document Validity

A definitive engineering guide to connecting Truuth to Claude using Truto's SuperAI MCP server to automate KYC pipelines, face matching, and document fraud checks.

Sidharth Verma Sidharth Verma · · 9 min read
Connect Truuth to Claude: Verify Identity and Document Validity

If you need to connect Truuth to Claude to automate KYC pipelines, identity verification, document fraud checks, and biometric face matching, you need a Model Context Protocol (MCP) server. This server acts as the translation layer between Claude's tool calls and Truuth's identity REST APIs. You can either build and maintain this infrastructure yourself, or use a managed integration platform like Truto to dynamically generate a secure, authenticated MCP server URL. If your team uses ChatGPT, check out our guide on connecting Truuth to ChatGPT or explore our broader architectural overview on connecting Truuth to AI Agents.

Giving a Large Language Model (LLM) read and write access to a strict identity provider like Truuth is a significant engineering challenge. You have to handle complex nested JSON schemas for fraud reports, manage heavy biometric payloads, and deal with strict rate limits. Every time Truuth updates an endpoint or deprecates an identity check parameter, you have to update your server code, redeploy, and test the integration. This guide breaks down exactly how to use Truto to generate a secure, managed MCP server for Truuth, connect it natively to Claude, and execute complex compliance workflows using natural language.

The Engineering Reality of the Truuth API

A custom MCP server is a self-hosted integration layer. While the open MCP standard provides a predictable way for models to discover tools, the reality of implementing it against Truuth's specific identity APIs is painful. You are not just integrating a standard CRUD app - you are orchestrating asynchronous KYC journeys, document OCR, and fraud detection engines.

If you decide to build a custom MCP server for Truuth, you own the entire API lifecycle. Here are the specific challenges you will face:

Heavy Biometric and Document Payloads Unlike standard SaaS APIs that pass text and numbers, Truuth frequently requires Base64-encoded images for selfies, ID cards, and document pages. Passing multi-megabyte Base64 strings through an LLM context window is inefficient and often causes the model to hallucinate or truncate the string. You have to architect your MCP server to accept URLs or file references, fetch the asset, encode it securely, and then send it to Truuth. Truto normalizes this workflow by structuring tool schemas to clearly specify when a URL or base64 string is expected, allowing Claude to route external files correctly.

Asynchronous Verification States Identity verification is rarely synchronous. When you create a Truuth verification invite, the user goes through a journey, and the results are not immediately available. You have to constantly query the verification status or rely on complex polling logic. If you expose raw endpoints to Claude, the model might get stuck in a loop polling an incomplete verification. A managed MCP server exposes specific event timeline endpoints (list_all_truuth_verification_event) so the model can read the explicit state of the timeline without guessing.

Complex Nested Fraud Reports Truuth's fraud checks and document authenticity reports return deeply nested objects containing individual check results, confidence scores, and authenticity rules. Flattening these massive schemas into something an LLM can reliably parse without exceeding token limits is difficult. Truto handles the dynamic generation of these schemas directly from Truuth's API definitions, ensuring Claude understands exactly where to look for a liveness score or documentType without hand-coding the response parser.

Rate Limits and 429 Errors Identity systems enforce strict rate limits to prevent abuse. Factual note on rate limits: Truto does not retry, throttle, or apply backoff on rate limit errors. When Truuth returns an HTTP 429, Truto passes that error directly to the caller, normalizing the upstream rate limit info into standardized headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset) per the IETF spec. The Claude client or your custom orchestrator is responsible for implementing retry and backoff logic.

How to Generate a Truuth MCP Server with Truto

Truto dynamically generates MCP tools based on the actual endpoints and documentation available in your connected Truuth instance. You can generate a secure MCP server URL in seconds via the Truto UI or programmatically via the API.

Method 1: Generating the MCP Server via the Truto UI

The easiest way to get started is by generating the server URL directly from your Truto dashboard.

  1. Navigate to the Integrated Accounts page for your connected Truuth instance.
  2. Click the MCP Servers tab.
  3. Click Create MCP Server.
  4. Select your desired configuration (name, allowed methods, tags, and expiration).
  5. Copy the generated MCP server URL. This URL contains a secure, hashed token linked specifically to this Truuth environment.

Method 2: Generating the MCP Server via the Truto API

For teams building automated onboarding flows or provisioning MCP servers dynamically for customer environments, you can use the Truto API.

Make a POST request to /integrated-account/:id/mcp with your integrated account ID:

curl -X POST https://api.truto.one/integrated-account/YOUR_ACCOUNT_ID/mcp \
  -H "Authorization: Bearer YOUR_TRUTO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Truuth Compliance Server",
    "config": {
      "methods": ["read", "write", "custom"]
    }
  }'

The API validates that the Truuth integration has documented tools available and returns a ready-to-use JSON-RPC endpoint:

{
  "id": "mcp_abc123",
  "name": "Truuth Compliance Server",
  "config": { "methods": ["read", "write", "custom"] },
  "expires_at": null,
  "url": "https://api.truto.one/mcp/t_5f6e7d8c9b0a..."
}

How to Connect the Truuth MCP Server to Claude

Once you have your Truto MCP URL, you need to register it with Claude. You can do this either through Claude's UI or by modifying your system's Claude Desktop configuration file.

Method A: Via the Claude UI

If you are using the Claude Desktop app or an enterprise workspace that supports visual connector management:

  1. Open Claude and navigate to Settings.
  2. Click on Integrations (or Connectors) and select Add MCP Server.
  3. Paste the Truto MCP URL you generated in the previous step.
  4. Click Add. Claude will instantly execute a handshake, discover the available Truuth tools, and prepare them for use in your chat context.

Method B: Via Manual Config File

For developers managing their environments as code, you can define the MCP server in Claude's configuration file. Because the Truto MCP server is a remote HTTP endpoint (SSE), you use the official @modelcontextprotocol/server-sse proxy to connect Claude's standard IO interface to the remote URL.

Locate your claude_desktop_config.json file (typically in ~/Library/Application Support/Claude/ on macOS or %APPDATA%\\Claude\\ on Windows) and add the following configuration:

{
  "mcpServers": {
    "truuth_identity": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-sse",
        "https://api.truto.one/mcp/t_5f6e7d8c9b0a..."
      ]
    }
  }
}

Restart Claude Desktop. The application will launch the SSE proxy, connect to Truto, and pull the dynamically generated tool schemas for Truuth.

Hero Tools for Truuth

Truto exposes the entirety of the Truuth API as tools. Here are the most critical tools for orchestrating identity verification workflows with Claude.

create_a_truuth_verification_invite

Sends a verification invite to a customer, initiating the KYC identity verification journey by dispatching an email containing a secure KYC URL.

"Send a new KYC verification invite to the customer and give me the verification ID so we can track their progress."

get_single_truuth_verification_by_id

Retrieves full verification details from Truuth by ID, including the status, metadata, identity owner details, and the final results of the identity checks.

"Check the status of verification ID v-98765. Has the customer completed the process, and what is the final decision status?"

create_a_truuth_document_authenticity

Verifies the authenticity of a submitted ID document. Claude can supply an array of up to 2 document-page images (either Base64-encoded with a MIME type or an accessible URL) and Truuth will return an authenticity score and specific check outcomes.

"Run a document authenticity check on the passport image located at https://internal.storage/doc123.jpg. Let me know the authenticity score and if any fraud indicators were triggered."

create_a_truuth_face_match

Verifies whether the face on a photo ID document matches the face on a submitted selfie image. Returns similarity metrics, a liveness flag, and the transaction status.

"Compare the selfie photo and the ID card photo for this user. Tell me the similarity score and whether liveness was successfully detected."

create_a_truuth_email_analyze

Analyzes an email address for fraud risk, returning detailed metrics including domain popularity, velocity, tumbling risk, and hosting facility details.

"Analyze the risk profile for the email address provided by the user. Let me know if the domain is flagged or if there is a high tumbling risk score."

create_a_truuth_document_fraud_check

Submits a document to the Truuth Document Fraud Checks Service for deep forensic analysis. This is essential for detecting advanced counterfeits.

"Submit the provided driver's license to the deep document fraud check service for tenant alias 'us-prod' and return the documentVerifyId."

To view the complete schema definitions and additional endpoints - including repeat image checking, sanctions reporting, and event timeline tracking - refer to the Truuth integration page.

Workflows in Action

AI agents excel at orchestrating multi-step compliance workflows. Here are two examples of how Claude uses the Truuth MCP server to automate complex identity operations.

Workflow 1: End-to-End KYC Invitation and Follow-up

When a compliance officer needs to manually review a flagged customer, they can ask Claude to initiate a fresh KYC journey and monitor its status.

"Send a new verification invite for our latest flagged user. Once dispatched, give me the tracking ID. Then, check the current status of that tracking ID to see what data has been collected so far."

  1. Claude calls create_a_truuth_verification_invite to generate and dispatch the KYC email.
  2. Claude parses the returned verificationId from the response.
  3. Claude calls get_single_truuth_verification_by_id using the retrieved verificationId to fetch the current state of the onboarding journey.
  4. Claude synthesizes the data and tells the user that the invite is sent and the status is currently pending.
sequenceDiagram
    participant User as User
    participant Claude as Claude Desktop
    participant MCP as Truto MCP Server
    participant Truuth as Truuth API
    
    User->>Claude: "Send KYC invite and check status."
    Claude->>MCP: call create_a_truuth_verification_invite
    MCP->>Truuth: POST /verification/invite
    Truuth-->>MCP: { "verificationId": "v-1234" }
    MCP-->>Claude: Result: v-1234
    Claude->>MCP: call get_single_truuth_verification_by_id (id: "v-1234")
    MCP->>Truuth: GET /verification/v-1234
    Truuth-->>MCP: { "status": "pending" }
    MCP-->>Claude: Result: pending
    Claude-->>User: "Invite dispatched. Status is pending."

Workflow 2: Forensic Document and Email Analysis

When a support agent encounters a highly suspicious sign-up attempt, they can ask Claude to perform an instant forensic breakdown using uploaded evidence.

"I have a passport image URL and an email address for a suspicious user. Run a document authenticity check on the passport, and analyze the email for fraud risk."

  1. Claude calls create_a_truuth_document_authenticity, passing the passport image URL in the images array parameter.
  2. Claude receives the response containing the authenticityScore and specific check outcomes (e.g., hologram presence, font consistency).
  3. Claude calls create_a_truuth_email_analyze with the suspicious email address.
  4. Claude receives the domain risk score, tumbling risk, and IP routing data.
  5. Claude compiles a comprehensive summary report highlighting any security discrepancies across both the document and the email domain.

Security and Access Control

Exposing identity verification and fraud engines to AI models requires strict security boundaries. Truto provides several mechanisms to lock down your Truuth MCP server:

  • Method Filtering (config.methods): Restrict the MCP server to specific operations. By passing ["read"], you can prevent Claude from initiating new verifications, allowing it only to read reports and statuses.
  • Tag Filtering (config.tags): Group tools by functional area. You can restrict a server to only expose tools tagged with fraud_checks or document_analysis.
  • Additional Authentication (require_api_token_auth): When enabled, possessing the MCP URL is not enough. The client must also pass a valid Truto API token via the Authorization header, preventing unauthorized network access if the URL is leaked.
  • Automatic Expiration (expires_at): Generate ephemeral MCP servers for temporary investigations. Set an ISO timestamp, and Truto will automatically clean up the database record and KV storage when the time expires, instantly revoking AI access.

Automating Compliance with Truto

Connecting Truuth to Claude transforms your AI agent from a simple text generator into a powerful compliance engine. By utilizing Truto's dynamically generated MCP server, you eliminate the need to write custom Base64 image handlers, reverse-engineer nested fraud schemas, or manage complex OAuth infrastructure. Your agents can verify documents, detect liveness, analyze email risks, and manage the full KYC lifecycle directly from a chat interface.

FAQ

Can Claude process base64-encoded images for Truuth face matching?
Passing massive base64 strings through LLM contexts can cause token limits to blow up. Truto's MCP tool definitions allow Claude to pass URLs or references where supported by Truuth, abstracting away the raw byte handling.
How does Truto handle Truuth rate limits?
Truto does not retry or absorb rate limit errors. If Truuth returns an HTTP 429, Truto passes it directly to Claude along with standardized IETF ratelimit headers, leaving the retry and backoff logic to the caller.
Can I prevent Claude from creating new verification invites?
Yes. By using method filtering (e.g., config.methods = ['read']) when creating the MCP server, you can restrict Claude to only reading statuses and reports, disabling its ability to initiate new verifications.

More from our Blog