Connect Boomi to Claude: Manage Permissions & Governance via MCP

To connect Boomi to Claude, you need a Model Context Protocol (MCP) server. This server acts as a translation layer, converting the LLM's standardized JSON-RPC tool calls into Boomi's specific AtomSphere REST API requests. By using a managed MCP server, you bypass the boilerplate of authentication management, JSON schema mapping, and rate limit header normalization.

If your team uses ChatGPT, check out our guide on connecting Boomi to ChatGPT. If you are building autonomous backend systems, read our guide on connecting Boomi to AI Agents.

Giving a Large Language Model (LLM) read and write access to your integration platform is a serious engineering task. You either spend weeks building, hosting, and maintaining a custom MCP server, or you use a managed infrastructure layer that handles the protocol dynamically. This guide breaks down exactly how to use Truto to generate a secure, managed MCP server for Boomi, connect it natively to Claude, and execute complex access workflows.

The Engineering Reality of Boomi's AtomSphere API

A custom MCP server is a self-hosted integration layer. While the Model Context Protocol provides a predictable way for models to discover tools, implementing it against vendor APIs takes significant engineering effort, just as we've seen when connecting Affinity to Claude. Boomi has specific architectural quirks that make building a custom connector uniquely frustrating for AI agents.

The QueryFilter Object Complexity Most modern REST APIs allow you to filter results using flat query parameters (e.g., ?status=active). Boomi does not. To query resources like users or roles, you must construct a highly specific, nested JSON payload called a QueryFilter. This object requires nested expression arrays containing property, operator, and argument fields. If you hand an LLM a raw HTTP client and ask it to filter Boomi users, it will inevitably hallucinate standard REST query parameters and fail.

Pagination via QueryToken Boomi does not use standard offset or link-header pagination. When a query returns more than 100 results, Boomi returns a QueryToken. To get the next page, you must make a completely different API call to a specific .../queryMore endpoint, passing only that token. Truto's MCP implementation abstracts this entirely. When generating the tool schema, Truto automatically injects limit and next_cursor properties, explicitly instructing Claude to pass the cursor back unchanged. Truto then handles the underlying queryMore routing automatically.

Hybrid XML/JSON Responses While Boomi supports JSON, its legacy architecture means error messages and edge-case responses often revert to XML. Truto's proxy API layer intercepts these responses, evaluates them against predefined JSONata error expressions, and normalizes them into clean JSON before returning them to Claude.

Generating the Boomi MCP Server

Truto dynamically generates MCP tools from Boomi's resource definitions and documentation records. You can spin up an MCP server for a connected Boomi account using either the Truto UI or the API.

Method 1: Via the Truto UI

1. Navigate to the integrated account page for your Boomi connection in the Truto dashboard.
2. Click the MCP Servers tab.
3. Click Create MCP Server.
4. Select your desired configuration (name, allowed methods, tags, and expiration).
5. Copy the generated MCP server URL.

Method 2: Via the Truto API

You can programmatically provision MCP servers for your customers or internal tools. Make an authenticated POST request to /integrated-account/:id/mcp.

POST /integrated-account/YOUR_ACCOUNT_ID/mcp
{
  "name": "Boomi Governance Server",
  "config": {
    "methods": ["read"],
    "tags": ["governance", "users"]
  },
  "expires_at": "2026-12-31T23:59:59Z"
}

The API returns a database record containing the secure MCP server URL. This URL contains a cryptographic token that encodes the integrated account and configuration. Raw tokens are never stored - they are hashed via HMAC before being placed in key-value storage.

Connecting the MCP Server to Claude

Once you have your Truto MCP URL, you can connect it to Claude. All communication happens over HTTP POST with JSON-RPC 2.0 messages.

Method A: Via the Claude UI

If you are using Claude Desktop or Claude for Enterprise:

1. Open Claude and navigate to Settings -> Integrations -> Add MCP Server.
2. Paste your Truto MCP URL.
3. Click Add. Claude will immediately execute an initialize handshake and call tools/list to discover the available Boomi operations.

Method B: Via Manual Config File

If you prefer managing configurations via code, you can edit the claude_desktop_config.json file. Since Truto provides a remote HTTP endpoint, you use the official SSE wrapper to bridge the connection.

{
  "mcpServers": {
    "boomi_governance": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-sse",
        "https://api.truto.one/mcp/YOUR_SECURE_TOKEN"
      ]
    }
  }
}

sequenceDiagram
    participant Claude
    participant Truto MCP Server
    participant Boomi API
    Claude->>Truto MCP Server: tools/call (list_all_boomi_users)
    Note over Truto MCP Server: Validates token & schema<br>Splits flat args into query/body
    Truto MCP Server->>Boomi API: POST /api/rest/v1/accountId/AccountUser/query
    Note over Boomi API: Processes QueryFilter
    Boomi API-->>Truto MCP Server: Returns raw response
    Note over Truto MCP Server: Normalizes response<br>Extracts QueryToken for pagination
    Truto MCP Server-->>Claude: JSON-RPC Result

Boomi Tool Inventory for Claude

Truto automatically maps Boomi's API endpoints into descriptive, snake_case tools. Here are the primary tools you will use for access and governance workflows.

list_all_boomi_users

• Description: Retrieves a list of all users within the connected Boomi account. Supports filtering via Boomi's QueryFilter structure.
• Example Prompt: "Pull a list of all active Boomi users and format their email addresses into a markdown table."

list_all_boomi_roles

• Description: Lists all available roles and their associated privilege levels within the Boomi AtomSphere environment.
• Example Prompt: "List all custom roles in our Boomi account and tell me which ones have deployment privileges."

get_single_boomi_role_by_id

• Description: Retrieves the deep configuration details of a specific Boomi role. Always requires the role ID to fetch.
• Example Prompt: "Get the details for role ID '8a9b-4c2d' and summarize the exact permissions granted to it."

Here is the complete inventory of additional Boomi tools available. For full schema details, visit the Boomi integration page.

• create_a_boomi_user - Provisions a new user account in Boomi.
• update_a_boomi_user_by_id - Modifies an existing user's details or status.
• delete_a_boomi_user_by_id - Removes a user from the Boomi account.
• create_a_boomi_role - Creates a new custom role with specific privileges.
• update_a_boomi_role_by_id - Modifies the privileges of an existing role.
• delete_a_boomi_role_by_id - Deletes a custom role from the account.

Workflows in Action

Once Claude is connected to the Boomi MCP server, you can execute complex, multi-step governance tasks purely through natural language.

Scenario 1: Quarterly Access Audit

IT and compliance teams spend hours manually cross-referencing user lists with role permissions during SOC 2 audits, often drowning in Jira tickets. Claude can automate this entirely.

"I need to run a quarterly access review. Pull a list of all Boomi users. For any user assigned to a custom role, fetch the details of that role and tell me if they have 'Atom Management' privileges."

1. Claude calls list_all_boomi_users to retrieve the directory.
2. Claude parses the user list, identifying individuals with custom role IDs.
3. Claude iterates through the IDs, calling get_single_boomi_role_by_id for each unique role.
4. Claude analyzes the returned privilege arrays and outputs a clean markdown report flagging users with sensitive access.

Scenario 2: Offboarding Verification

When an engineer leaves the company, security teams must verify that all integration platform access has been revoked.

"Verify if john.doe@company.com still has an active account in Boomi. If he does, list his current roles and prepare the exact command needed to disable his access."

1. Claude calls list_all_boomi_users using a query parameter targeting the specific email address.
2. Claude inspects the response. If the user exists, it notes the user ID and assigned roles.
3. Claude formulates the JSON body required for update_a_boomi_user_by_id (setting the status to inactive) and presents it to the admin for execution.

Security and Access Control

Exposing your integration platform to an LLM requires strict boundaries. Truto provides multiple layers of security to ensure Claude only accesses what you explicitly allow.

• Method filtering: Restrict the MCP server to read-only operations using config.methods: ["read"]. This ensures Claude can query users and roles but cannot accidentally delete an account or modify permissions.
• Tag filtering: Restrict access to specific resource types using config.tags: ["governance"]. If a resource isn't tagged appropriately in the integration config, it won't be exposed as a tool.
• Token authentication: For enterprise environments, set require_api_token_auth: true. This forces the MCP client to provide a valid Truto API token in the Authorization header, ensuring possession of the URL alone is not enough to access the tools.
• Ephemeral access: Use the expires_at field to generate temporary credentials for contractors or automated audit scripts. The platform schedules work ahead of token expiry to automatically revoke the server and clean up key-value storage the moment the timestamp passes.