Prevención de fraude nativa de ticketing de BR (antes Inspetor, São Paulo). 4ª entrada de fraude. Evaluación de pedido + Collection API para rastreo de eventos/cuentas/auth. Alpha en npm — docs públicas más delgadas que ClearSale/Konduto; los formatos de las tools coinciden con el repo docs-backend.
Legiti le da a tu agente 18 tools que llama directo — elegí las que necesite, en Claude, Cursor o cualquier cliente MCP.
evaluate_order — Submit an order to Legiti for real-time fraud evaluation via the v2 order endpoint. Returns a decision (approve / reject / manual) synchronously — response may take up to ~20s. Include as much context as possible: account, payment (tokenized card bin+last4), CPF, billing/shipping, and for ticketing flows the event_date_id / sale_items.update_order — Notify Legiti of a status change on an existing order (e.g. payment captured, shipped, cancelled, refunded). Feeds the ML model — required for ongoing decision quality. Use mark_order_fraudulent for confirmed chargebacks instead.mark_order_fraudulent — Report a confirmed chargeback / fraud outcome back to Legiti. This is Legiti's primary ML feedback channel — unreported chargebacks degrade future decision quality for similar buyers. Call this after the issuer confirms the chargeback, not on mere suspicion.// Your agent calls a tool directly — no glue code.
// CodeSpar's managed tier handles OAuth2, token rotation and rate limits.
const result = await session.call("evaluate_order", { /* ... */ });$ npm install @codespar/mcp-legiti@alphaAgregá esta entrada a tu claude_desktop_config.json (o a la config de cualquier cliente compatible con MCP).
{
"mcpServers": {
"legiti": {
"command": "npx",
"args": [
"-y",
"@codespar/mcp-legiti@alpha"
],
"env": {
"LEGITI_API_KEY": "<your_legiti_api_key>"
}
}
}
}Después de reiniciar, tu agente puede llamar cualquiera de las 18 herramientas de abajo — probá evaluate_order primero.
Necesarias para autenticar el server. Almacenadas cifradas al usar el hosting gestionado de CodeSpar.
LEGITI_API_KEYLegiti API key (JWT-format bearer token). Use the sandbox key while testing — Legiti trains its ML models on every request, so test data hitting a production key pollutes the model.
LEGITI_BASE_URLLegiti API base URL. Defaults to https://collection-prod.inspcdn.net. Legiti issues customer-specific base URLs — override per contract.
Cada herramienta es independiente — tu agente carga solo lo que necesita para reducir contexto y tiempo de respuesta.
evaluate_orderupdate_ordermark_order_fraudulentevaluate_saletrack_accounttrack_eventtrack_saletrack_authMCP es un protocolo — cualquier framework que lo hable puede montar este server.