Skip to main content
LE

Legiti

v0.2.0-alpha.2API Keyalpha

BR ticketing-native fraud prevention (formerly Inspetor, São Paulo). 4th fraud entry. Order evaluation + Collection API for events/accounts/auth tracking. Alpha on npm — public docs thinner than ClearSale/Konduto; tool shapes match docs-backend repo.

18 tools2 env vars🇧🇷 Brazilalpha — pending validation

What your agent can do

Legiti gives your agent 18 tools it calls directly — pick the ones it needs, in Claude, Cursor, or any MCP client.

  • evaluate_orderSubmit an order to Legiti for real-time fraud evaluation via the v2 order endpoint. Returns a decision (approve / reject / manual) synchronously — response may take up to ~20s. Include as much context as possible: account, payment (tokenized card bin+last4), CPF, billing/shipping, and for ticketing flows the event_date_id / sale_items.
  • update_orderNotify Legiti of a status change on an existing order (e.g. payment captured, shipped, cancelled, refunded). Feeds the ML model — required for ongoing decision quality. Use mark_order_fraudulent for confirmed chargebacks instead.
  • mark_order_fraudulentReport a confirmed chargeback / fraud outcome back to Legiti. This is Legiti's primary ML feedback channel — unreported chargebacks degrade future decision quality for similar buyers. Call this after the issuer confirms the chargeback, not on mere suspicion.
Example call
// Your agent calls a tool directly — no glue code.
// CodeSpar's managed tier handles OAuth2, token rotation and rate limits.
const result = await session.call("evaluate_order", { /* ... */ });

Install

terminal
$ npm install @codespar/mcp-legiti@alpha

Quickstart

Add this entry to your claude_desktop_config.json (or any MCP-compatible client config).

claude_desktop_config.json
{
  "mcpServers": {
    "legiti": {
      "command": "npx",
      "args": [
        "-y",
        "@codespar/mcp-legiti@alpha"
      ],
      "env": {
        "LEGITI_API_KEY": "<your_legiti_api_key>"
      }
    }
  }
}

After restart, your agent can call any of the 18 tools below — try evaluate_order first.

Environment variables · 2

Required to authenticate the server. Stored encrypted when using CodeSpar managed hosting.

LEGITI_API_KEY
requiredsecret

Legiti API key (JWT-format bearer token). Use the sandbox key while testing — Legiti trains its ML models on every request, so test data hitting a production key pollutes the model.

LEGITI_BASE_URL
optional

Legiti API base URL. Defaults to https://collection-prod.inspcdn.net. Legiti issues customer-specific base URLs — override per contract.

Available tools · 18

Each tool is independent — your agent loads only what it needs to reduce context and response time.

READevaluate_order
Submit an order to Legiti for real-time fraud evaluation via the v2 order endpoint. Returns a decision (approve / reject / manual) synchronously — response may take up to ~20s. Include as much context as possible: account, payment (tokenized card bin+last4), CPF, billing/shipping, and for ticketing flows the event_date_id / sale_items.
WRITEupdate_order
Notify Legiti of a status change on an existing order (e.g. payment captured, shipped, cancelled, refunded). Feeds the ML model — required for ongoing decision quality. Use mark_order_fraudulent for confirmed chargebacks instead.
READmark_order_fraudulent
Report a confirmed chargeback / fraud outcome back to Legiti. This is Legiti's primary ML feedback channel — unreported chargebacks degrade future decision quality for similar buyers. Call this after the issuer confirms the chargeback, not on mere suspicion.
READevaluate_sale
Legacy single-shot sale evaluation via POST /evaluation. Synchronous — returns { inspetor_decision: 'approve' | 'reject' | 'manual' }. Prefer evaluate_order (v2) for new integrations; use this when you only have the minimal required fields or for feature parity with older Legiti/Inspetor integrations.
WRITEtrack_account
Notify Legiti of an account lifecycle event (created / updated / deleted). Legiti's ML model treats the Account as a primary entity and needs every state change to score future sales accurately.
WRITEtrack_event
Notify Legiti of an Event (concert, show, match, session) lifecycle change. Events are primary entities in Legiti's ticketing-native model — scoring for ticket sales depends on up-to-date event metadata (date, venue, capacity, price tiers).
WRITEtrack_sale
Notify Legiti of a Sale state change (created / updated). For initial sale creation without asking for a decision, set request_evaluation=false on evaluate_order instead. Use this for post-creation updates that aren't status transitions (e.g. sale items added/removed before capture).
WRITEtrack_auth
Notify Legiti of an authentication or password event (login attempt, logout, password recovery request, password reset). Login/logout and password activity are strong signals for account-takeover fraud — feed every attempt, successful or failed.

Compatible frameworks

MCP is a protocol — any framework that speaks it can mount this server.

Claude Agent SDKAnthropic
OpenAI AgentsOpenAI
Vercel AI SDKVercel
LangChainLangChain
LlamaIndexLlamaIndex
CrewAICrewAI
MastraMastra
Any MCP clientProtocol

Frequently asked questions

Run `npx -y @codespar/mcp-legiti` and add the config block above to your MCP client — Claude, Cursor, VS Code, or any MCP-compatible client. No build step, no SDK required. Prefer hosted? CodeSpar's managed tier runs it for you with auth handled.
Legiti — MCP server · 18 tools | CodeSpar