Connect Malomo to ChatGPT: Manage Orders, Customers & Events

If you need to connect Malomo to ChatGPT to automate post-purchase order tracking, customer queries, or webhook provisioning, you need a Model Context Protocol (MCP) server. This server acts as the translation layer between ChatGPT's JSON-RPC tool calls and Malomo's REST API. You can either build and maintain this infrastructure yourself, or use a managed integration platform like Truto to dynamically generate a secure, authenticated MCP server URL.

If your team uses Claude, check out our guide on connecting Malomo to Claude or explore our broader architectural overview on connecting Malomo to AI Agents.

Giving a Large Language Model (LLM) read and write access to a specialized post-purchase platform like Malomo is an engineering challenge. You have to handle API authentication, map nested JSON tracking schemas to MCP tool definitions, and deal with strict pagination behaviors. Every time the upstream API changes, you have to update your server code, redeploy, and test the integration. This guide breaks down exactly how to use Truto to generate a secure, managed MCP server for Malomo, connect it natively to ChatGPT, and execute complex workflows using natural language.

The Engineering Reality of the Malomo API

A custom MCP server is a self-hosted integration layer. While the open MCP standard provides a predictable way for models to discover tools, implementing it against vendor-specific APIs is painful. If you decide to build a custom MCP server for Malomo, you own the entire API lifecycle. Here are the specific integration challenges that break standard CRUD assumptions when working with Malomo's data models.

The Shipment Array Replacement Trap

Updating an order in Malomo is not a partial patch operation. The shipments array is treated as an authoritative state. When you call the update method, the shipments field must be a complete list. Any existing carrier and tracking code pairs not included in the payload will be aggressively removed by the API. If an LLM attempts to update an order just to append a new note, but omits the shipments array, it will inadvertently wipe out the active tracking data for that customer. Your MCP schema logic must explicitly constrain the LLM to either supply the full array or warn it against modifying orders without prior state retrieval.

Nested Alternate IDs and Tracking Lookups

E-commerce platforms do not operate on raw database IDs. Customers search by tracking codes, and internal systems search by alternate IDs (like a Shopify order number). Searching for an order by tracking code requires calling a specific endpoint that filters against nested shipment arrays. If your MCP server just exposes a raw generic GET /orders endpoint, the LLM will struggle to map a customer's "Where is my package?" query to the correct database entity. You must provide explicitly named, purpose-built tools for alternate identity lookups.

Rate Limits and The 429 Pass-Through Reality

Polling for order events or bulk-syncing webhooks will inevitably trigger rate limits. This is a critical architectural fact: Truto does not retry, throttle, or apply backoff on rate limit errors. When the upstream Malomo API returns an HTTP 429 Too Many Requests, Truto passes that error directly to the caller.

However, Truto normalizes the upstream rate limit information into standardized headers per the IETF specification:

• ratelimit-limit
• ratelimit-remaining
• ratelimit-reset

The caller (your LLM agent or framework) is completely responsible for reading these headers and executing exponential backoff. If your agent framework ignores the 429, the LLM will assume the tool call succeeded and hallucinate the response.

Creating and Connecting the Malomo MCP Server

Instead of building a proxy server from scratch, you can use Truto to expose Malomo's resources as dynamically generated tools. Truto derives the tool schemas directly from the integration's documentation records, ensuring the LLM always has the correct parameters.

Here is how to create the server and hook it into ChatGPT. We will cover both the UI approach and the programmatic API approach.

Step 1: Generating the Server URL

Method A: Via the Truto UI

1. Navigate to the Integrated Accounts page for your connected Malomo instance.
2. Click the MCP Servers tab.
3. Click Create MCP Server.
4. Select your desired configuration (name, allowed methods like read or write, tags, and expiry date).
5. Copy the generated MCP server URL. It will look like https://api.truto.one/mcp/a1b2c3d4e5f6....

Method B: Via the Truto API For teams deploying agents programmatically, you can issue a REST call to provision a server on the fly.

curl -X POST https://api.truto.one/integrated-account/{integrated_account_id}/mcp \
  -H "Authorization: Bearer YOUR_TRUTO_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Malomo Tracking Agent",
    "config": {
      "methods": ["read", "write"],
      "require_api_token_auth": false
    }
  }'

The API securely hashes the token into a distributed key-value store and returns the endpoint URL:

{
  "id": "abc-123",
  "name": "Malomo Tracking Agent",
  "config": { "methods": ["read", "write"] },
  "expires_at": null,
  "url": "https://api.truto.one/mcp/a1b2c3d4e5f6..."
}

Step 2: Connecting the Server to ChatGPT

Method A: Via the ChatGPT UI If you have a ChatGPT Plus, Pro, Team, or Enterprise account with Developer Mode enabled:

1. In ChatGPT, click Settings -> Apps -> Advanced settings.
2. Ensure Developer mode is toggled on.
3. Under MCP servers / Custom connectors, click to add a new server.
4. Name: "Malomo (Truto)"
5. Server URL: Paste the URL copied from Truto.
6. Click Save. ChatGPT will execute an initialize handshake and pull the Malomo tool schemas.

Method B: Via Manual Config File (Local/CLI Agents) If you are using a local desktop client or a headless CLI agent that relies on standard MCP config files, define it like this. You will use the standard SSE transport module to connect to the remote Truto URL.

{
  "mcpServers": {
    "malomo-agent": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-sse",
        "--url",
        "https://api.truto.one/mcp/a1b2c3d4e5f6..."
      ]
    }
  }
}

Once connected, the architecture looks like this:

sequenceDiagram
    participant ChatGPT as ChatGPT Client
    participant Truto as Truto MCP Router
    participant KV as Distributed KV Store
    participant Malomo as Malomo API

    ChatGPT->>Truto: POST /mcp/token (tools/call)
    Truto->>KV: Hash token & validate auth
    KV-->>Truto: Valid
    Truto->>Truto: Parse flat arguments via JSON Schema
    Truto->>Malomo: Exec Proxy API Request
    Malomo-->>Truto: JSON Response (or 429)
    Truto-->>ChatGPT: JSON-RPC Result (normalized)

Core Malomo MCP Tools

Truto automatically generates descriptive snake_case tool names based on the integration's internal configuration. You do not need to manually write descriptions for the LLM - Truto injects schema instructions automatically (such as instructing the model to return cursor strings exactly as received).

Here are the high-leverage hero tools your ChatGPT agent can now access.

list_all_malomo_orders

Retrieves a paginated list of orders from Malomo. This tool exposes optional filters like alternate_id, tracking_code, number, or customer_email. Because Truto injects cursor instructions into the schema, the LLM knows how to paginate through historical orders without hallucinating page limits.

"Fetch the last 50 orders in Malomo associated with the customer email help@example.com."

get_single_malomo_orders_by_tracking_code_by_id

This is a highly specific lookup tool. Instead of dumping the entire order database to find a shipment, this tool accepts a tracking_code parameter and resolves the exact parent order. This is critical for post-purchase support queries where the customer only provides a FedEx or UPS number.

"A customer is asking about tracking code 1Z9999999999999999. Find the order associated with this code and tell me their order number."

list_all_malomo_order_events

Once you have a specific order_id, this tool extracts the detailed event ledger for that shipment. It returns the exact timestamps of when a package was manifested, scanned, out for delivery, or delayed.

"Retrieve the event history for order ID ord_789xyz. Has it been marked as 'Out for Delivery' yet?"

update_a_malomo_order_by_id

Updates an existing Malomo order. As noted in the API quirks section, the shipments array requires extreme care. The LLM must be explicitly prompted to retain existing tracking entries if it only intends to update a different field.

"Update order ord_123abc. Add an alternate ID of 'Shopify-8982'. Be sure to include the existing shipment array exactly as it is currently saved so we do not lose tracking data."

list_all_malomo_customers

Searches the customer directory within Malomo. It returns the core profile elements: ID, email, first name, last name, phone number, and account timestamps.

"Find the Malomo customer record for John Doe using the email john.doe@example.com to verify their phone number."

create_a_malomo_webhook

Automates the provisioning of tracking webhooks. Rather than an engineer logging into an admin panel, an operations manager can instruct ChatGPT to subscribe to a new event topic and point it at an external URL.

"Create a new Malomo webhook. Set the topic to 'order.delivered' and route the payload to https://hooks.internal.app/malomo-delivered."

To see the complete tool inventory, required schema fields, and advanced configuration options, visit the Malomo integration page.

Workflows in Action

Exposing an MCP server to an LLM changes how you interact with internal tools. Instead of writing custom internal dashboards, you orchestrate multi-step data retrieval via natural language. Here are concrete examples of how personas leverage the Malomo MCP server through ChatGPT.

Scenario 1: The CX Agent Tracing a Lost Package

Customer support agents often juggle Zendesk, Shopify, and carrier portals to figure out where a package is. With the MCP server connected to ChatGPT, the agent executes a unified search.

"A customer emailed complaining that their package 1Z9999999999999999 is lost. Find the order, identify the customer, pull the entire event history, and write a polite summary email I can send back to them explaining exactly where the package is right now."

1. get_single_malomo_orders_by_tracking_code_by_id: The LLM queries the tracking code to find the internal order_id.
2. get_single_malomo_order_by_id: The LLM pulls the parent order to verify the customer details and email.
3. list_all_malomo_order_events: The LLM fetches the chronological ledger to determine the last known scan location.
4. Synthesis: The model writes a professional reply referencing the specific carrier scan event.

flowchart TD
    A["ChatGPT evaluates<br>prompt intent"] --> B["Tool Call: get_single_malomo...<br>by_tracking_code"]
    B --> C["Tool Call: get_single_malomo<br>_order_by_id"]
    C --> D["Tool Call: list_all_malomo<br>_order_events"]
    D --> E["Synthesize<br>Customer Email"]

Scenario 2: Operations Manager Auditing Webhooks

An ops manager needs to ensure that the fulfillment center's custom alerting system is properly subscribed to delayed package events.

"List all active Malomo webhooks. If there isn't one specifically tracking 'order.exception', create it and point it to https://api.ops.internal/exception-handler."

1. list_all_malomo_webhooks: The LLM retrieves the array of active subscriptions.
2. Evaluation: The LLM parses the topic fields to see if order.exception exists.
3. create_a_malomo_webhook: If missing, the LLM executes a POST operation to provision the new endpoint, returning the new subscription ID to the user.

Security and Access Control

Giving an AI agent access to production customer and order data requires strict governance. Truto's MCP servers are designed to be scoped tightly at the configuration layer.

• Method Filtering (methods): You can restrict the MCP server to specific HTTP verbs. Passing ["read"] during server creation guarantees that ChatGPT can only execute get and list operations, physically blocking any accidental create, update, or delete calls.
• Tag Filtering (tags): Integrations can group resources by tags. If you apply a tag filter, the server will only expose tools associated with that specific domain (e.g., exposing only webhooks, but hiding customer data).
• Token Authentication (require_api_token_auth): By default, possessing the MCP URL is enough to connect. Setting this flag to true forces the MCP client to also pass a valid Truto API token in the Authorization header, creating a dual-layer security requirement.
• Time-to-Live (expires_at): For temporary contractor access or short-lived agent sessions, you can set an ISO datetime for the server to expire. Truto uses managed stateful actors to automatically purge the token and configurations from storage the second it expires.

The Better Way to Integrate AI

Building a custom integration layer between ChatGPT and Malomo is a massive distraction from your core product. You have to build polling mechanisms, decode complex nested arrays, handle the aggressive tracking field replacements, and implement exponential backoff for rate limits.

By leveraging Truto's documentation-driven MCP generation, you skip the boilerplate entirely. You pass a single API call to generate a secure, scoped server URL, plug it into ChatGPT, and instantly give your AI agents the ability to read tracking codes, trace events, and manage webhooks.