Make a Hunch Website Usable From ChatGPT
Use this guide when you want visitors to use a Hunch-enabled website from ChatGPT through the public visitor connector.
This is not the old owner/team OAuth install flow. The website owner enables a public connector in Hunch, then shares the connector URL. Visitor-facing access is no-auth or OAuth, rate-limited, audited, and restricted to public-safe website capabilities and workflow skills.
Before You Start
Make sure all of the following are true:
- your website is already added in Hunch
- the widget is installed and verified on the live site
- discovery has run and Hunch has mapped the site's public actions
- you have reviewed which actions should be exposed to outside AI visitors
- your ChatGPT plan or workspace supports custom connectors or remote MCP servers
OpenAI can change ChatGPT connector availability or UI labels. If the ChatGPT UI looks different, check OpenAI's current connector and MCP docs before continuing:
Enable Public AI Access in Hunch
- Log in to the Hunch dashboard.
- Open Websites.
- Select the website you want to make AI-accessible.
- Open Public AI Access.
- Set Public Access Mode:
- Off blocks public AI access.
- Unlisted allows access only to people with the public connector URL.
- Listed allows the site to appear in Hunch's public connector directory.
- Review Website Action Controls and disable any action you do not want public AI visitors to use.
- Review Visitor Security. Use signed visitor tokens, challenge mode, referrer rules, blocked visitor hashes, and a max risk score when the connector should not be fully open to anyone with the URL.
- Save your settings.
- Copy the Public Connector URL.
- Optionally use Remote MCP Readiness to:
- run the connector smoke test
- copy an install package
- validate a CIMD document
- review recent install health
Connect From ChatGPT
There are two ways to connect. Choose the one that fits your setup.
Option A – OAuth (recommended for workspaces and teams)
Use this when you manage a ChatGPT workspace and want all members to access the connector through a published app.
- In ChatGPT, open the connector or custom remote MCP setup flow.
- Create a new MCP app with the Public Connector URL from Hunch as the server URL.
- Choose OAuth as the authentication type. ChatGPT discovers the OAuth metadata automatically via the server's well-known endpoint (RFC 8414) and handles Dynamic Client Registration (DCR) for you—no client credentials to copy.
- Save the app.
- Publish the app so workspace members can see and use it.
- When a workspace user connects for the first time, they are redirected to a Hunch consent page. The website owner approves the connection, and ChatGPT receives OAuth tokens with
mcp:readandmcp:toolsscopes.
Option B – No authentication (simpler, for individual use)
Use this for quick personal testing or when your ChatGPT plan does not support OAuth apps.
- In ChatGPT, open the connector or custom remote MCP setup flow.
- Create a new connector for a remote MCP server.
- Paste the Public Connector URL from Hunch.
- Choose No authentication when ChatGPT asks for an authentication type.
- Save the connector and test it with low-risk prompts.
Public connector URL format
The public connector URL looks like this:
https://api.hunchbank.com/public-mcp/{website_id}
How Users Discover and Access the Connector
Workspace-only vs public directory
A custom MCP app you create in ChatGPT is initially available only to members of your ChatGPT workspace. To reach all eligible ChatGPT users, you need to submit the app to the ChatGPT App Directory.
Submit to the ChatGPT App Directory
Apply for public listing so any eligible ChatGPT user can find and use your Hunch connector:
- Build and test the app in developer mode (you already did this).
- Go to platform.openai.com/apps-manage with a verified OpenAI platform account.
- Provide required metadata: icon (64×64px, under 5KB), name (30 chars), short description (30 chars), long description (4,000 chars), developer name, privacy policy, terms and conditions, screenshots, and test credentials for the OAuth flow.
- Submit for review. OpenAI reviews for quality, safety, and policy compliance.
- Once approved, click Publish in the dashboard. The app appears in the ChatGPT App Directory.
For full details see Submitting apps to the ChatGPT app directory.
Share the no-auth public connector URL
Users on Pro, Business, or Enterprise plans can manually add https://api.hunchbank.com/public-mcp/{website_id} as a custom MCP server without OAuth. This is the quickest way to share access without going through the App Directory review.
ChatGPT plan eligibility
| Plan | Can use directory apps | Can add custom MCP |
|---|---|---|
| Free | ✔ (interactive + search) | ✗ |
| Go | ✔ (interactive + search) | ✗ |
| Plus | ✔ (including write actions) | ✗ |
| Pro | ✔ | ✔ |
| Business | ✔ | ✔ |
| Enterprise/Edu | ✔ | ✔ |
All ChatGPT users can use published App Directory apps for basic interactions. Only Pro, Business, and Enterprise/Edu users can manually add custom MCP servers. Publishing to the App Directory is the broadest way to reach ChatGPT users.
What ChatGPT Can Do
ChatGPT can only use the public-safe subset Hunch exposes for that website:
- answer grounded website questions with
site.ask - search public website knowledge with
site.search - search the exposed tool catalog with
site.search_tools - inspect workflow playbooks with
site.list_skillsandsite.get_skill - use MCP prompts exposed by Hunch workflow skills
- inspect available public capabilities with
site.get_capabilities - start approved public actions such as contact, support, booking, or quote flows
- continue multi-turn action sessions with
action.reply,action.confirm, andaction.cancel - export a handoff when a human should take over
ChatGPT cannot use owner-only tools, raw DOM tools, private dashboard actions, or live browser-session tools through the public visitor connector.
Test the Connector
Start with prompts like:
- "What can this website help me do?"
- "Search this website for pricing."
- "Search the tools for quote or booking workflows."
- "List the workflow skills available for this website."
- "Start the contact, support, or booking flow."
Then complete one low-risk action end to end before sharing the connector URL publicly.
Safety Model
Public visitor connector access is intentionally narrower than owner/team MCP access:
- access is off by default
- owners must choose Unlisted or Listed
- each public request is rate-limited per website and visitor source
- owners can require signed visitor tokens before public JSON-RPC calls are accepted
- challenge mode can require Cloudflare Turnstile proof before issuing visitor tokens
- referrer allow/block lists and blocked visitor hashes can deny specific sources or identities
- max risk score blocks suspicious requests before tool execution
- only public-safe read/search tools, workflow skills, and approved contact, support, booking, or quote actions are exposed
- live-session bridge tools are blocked
- every tool call writes to the Hunch audit log
- website embed API keys are never used as connector credentials
Common Issues
ChatGPT says the server needs OAuth
The public visitor connector supports both OAuth and no-auth access. If you want OAuth, follow Option A above—ChatGPT handles DCR automatically when you choose OAuth as the authentication type. If you prefer no-auth, make sure you are using the public connector URL from Public AI Access (not the legacy owner/team MCP endpoint) and select No authentication.
ChatGPT can read but cannot act
Check:
- the relevant action was discovered by Hunch
- the action category is public-safe, such as contact, support, booking, or quote
- the action is enabled in Website Action Controls
- public access mode is Unlisted or Listed
The connector URL returns "not enabled"
The website is still set to Off. Go back to Public AI Access, choose Unlisted or Listed, and save.