Skip to main content
LE

Legiti

v0.2.0-alpha.2API Keyalpha

Prevención de fraude nativa de ticketing de BR (antes Inspetor, São Paulo). 4ª entrada de fraude. Evaluación de pedido + Collection API para rastreo de eventos/cuentas/auth. Alpha en npm — docs públicas más delgadas que ClearSale/Konduto; los formatos de las tools coinciden con el repo docs-backend.

18 herramientas2 env vars🇧🇷 Brasilalpha — validación pendiente

Qué puede hacer tu agente

Legiti le da a tu agente 18 tools que llama directo — elegí las que necesite, en Claude, Cursor o cualquier cliente MCP.

  • evaluate_orderSubmit an order to Legiti for real-time fraud evaluation via the v2 order endpoint. Returns a decision (approve / reject / manual) synchronously — response may take up to ~20s. Include as much context as possible: account, payment (tokenized card bin+last4), CPF, billing/shipping, and for ticketing flows the event_date_id / sale_items.
  • update_orderNotify Legiti of a status change on an existing order (e.g. payment captured, shipped, cancelled, refunded). Feeds the ML model — required for ongoing decision quality. Use mark_order_fraudulent for confirmed chargebacks instead.
  • mark_order_fraudulentReport a confirmed chargeback / fraud outcome back to Legiti. This is Legiti's primary ML feedback channel — unreported chargebacks degrade future decision quality for similar buyers. Call this after the issuer confirms the chargeback, not on mere suspicion.
Ejemplo de llamada
// Your agent calls a tool directly — no glue code.
// CodeSpar's managed tier handles OAuth2, token rotation and rate limits.
const result = await session.call("evaluate_order", { /* ... */ });

Instalar

terminal
$ npm install @codespar/mcp-legiti@alpha

Quickstart

Agregá esta entrada a tu claude_desktop_config.json (o a la config de cualquier cliente compatible con MCP).

claude_desktop_config.json
{
  "mcpServers": {
    "legiti": {
      "command": "npx",
      "args": [
        "-y",
        "@codespar/mcp-legiti@alpha"
      ],
      "env": {
        "LEGITI_API_KEY": "<your_legiti_api_key>"
      }
    }
  }
}

Después de reiniciar, tu agente puede llamar cualquiera de las 18 herramientas de abajo — probá evaluate_order primero.

Variables de entorno · 2

Necesarias para autenticar el server. Almacenadas cifradas al usar el hosting gestionado de CodeSpar.

LEGITI_API_KEY
obligatoriosecret

Legiti API key (JWT-format bearer token). Use the sandbox key while testing — Legiti trains its ML models on every request, so test data hitting a production key pollutes the model.

LEGITI_BASE_URL
opcional

Legiti API base URL. Defaults to https://collection-prod.inspcdn.net. Legiti issues customer-specific base URLs — override per contract.

Herramientas disponibles · 18

Cada herramienta es independiente — tu agente carga solo lo que necesita para reducir contexto y tiempo de respuesta.

READevaluate_order
Submit an order to Legiti for real-time fraud evaluation via the v2 order endpoint. Returns a decision (approve / reject / manual) synchronously — response may take up to ~20s. Include as much context as possible: account, payment (tokenized card bin+last4), CPF, billing/shipping, and for ticketing flows the event_date_id / sale_items.
WRITEupdate_order
Notify Legiti of a status change on an existing order (e.g. payment captured, shipped, cancelled, refunded). Feeds the ML model — required for ongoing decision quality. Use mark_order_fraudulent for confirmed chargebacks instead.
READmark_order_fraudulent
Report a confirmed chargeback / fraud outcome back to Legiti. This is Legiti's primary ML feedback channel — unreported chargebacks degrade future decision quality for similar buyers. Call this after the issuer confirms the chargeback, not on mere suspicion.
READevaluate_sale
Legacy single-shot sale evaluation via POST /evaluation. Synchronous — returns { inspetor_decision: 'approve' | 'reject' | 'manual' }. Prefer evaluate_order (v2) for new integrations; use this when you only have the minimal required fields or for feature parity with older Legiti/Inspetor integrations.
WRITEtrack_account
Notify Legiti of an account lifecycle event (created / updated / deleted). Legiti's ML model treats the Account as a primary entity and needs every state change to score future sales accurately.
WRITEtrack_event
Notify Legiti of an Event (concert, show, match, session) lifecycle change. Events are primary entities in Legiti's ticketing-native model — scoring for ticket sales depends on up-to-date event metadata (date, venue, capacity, price tiers).
WRITEtrack_sale
Notify Legiti of a Sale state change (created / updated). For initial sale creation without asking for a decision, set request_evaluation=false on evaluate_order instead. Use this for post-creation updates that aren't status transitions (e.g. sale items added/removed before capture).
WRITEtrack_auth
Notify Legiti of an authentication or password event (login attempt, logout, password recovery request, password reset). Login/logout and password activity are strong signals for account-takeover fraud — feed every attempt, successful or failed.

Frameworks compatibles

MCP es un protocolo — cualquier framework que lo hable puede montar este server.

Claude Agent SDKAnthropic
OpenAI AgentsOpenAI
Vercel AI SDKVercel
LangChainLangChain
LlamaIndexLlamaIndex
CrewAICrewAI
MastraMastra
Cualquier cliente MCPProtocolo

Preguntas frecuentes

Corré `npx -y @codespar/mcp-legiti` y agregá el bloque de config de arriba a tu cliente MCP — Claude, Cursor, VS Code o cualquier cliente compatible con MCP. Sin build, sin SDK. ¿Preferís hosted? El tier gestionado de CodeSpar lo corre por vos, con la auth resuelta.
Legiti — MCP server · 18 tools | CodeSpar