ChatGPT Apps vs. Custom GPTs: which connects to your ad accounts?
When OpenAI opened the GPT store, marketers asked the obvious question: can I build a GPT that manages my Google Ads? The answer depends on a distinction most demos skip — the difference between a stateless API action and a stateful MCP tool with a safety contract.
What a Custom GPT can and cannot do
A Custom GPT uses Actions — OpenAI's term for outbound HTTP calls made by the model during a conversation. You give it an OpenAPI spec, it calls your endpoint, and the response flows back into the chat. That works fine for reading data. The problem starts when you want the model to make changes.
Actions are stateless. Every turn is a fresh HTTP request with no session, no per-account rate-limit context, and no native way to stage a change for human review before it fires. You can bolt on a confirmation step in your prompt, but the model can be talked out of it.
Prompt-level confirmations are not safety contracts
mcp.approve is never granted to the model, so no prompt injection can authorize a spend.Where MCP-based apps fit
MCP (Model Context Protocol) is a persistent connection between an AI client and a tool server. Unlike a one-shot Action, MCP tools carry typed schemas, server-enforced scope limits, and a session that survives a multi-step workflow. When you connect SpendSignoff to ChatGPT or Claude, you get a list_campaigns tool and a propose_change tool — and nothing that writes to the platform directly.
Every change the model proposes lands in SpendSignoff's draft queue. You review the before→after diff and click "Approve & push live." The model is structurally incapable of bypassing that step because the API endpoint that executes the change requires a signed human token, not the model's session token.
The practical decision guide
If you want to read campaign data and generate a report inside ChatGPT, a Custom GPT with an Actions endpoint works. If you want to propose, review, and execute changes across Google Ads and Meta without risking unconfirmed spend, you need an MCP server with a proper approval contract. Those are different products, and conflating them is where teams get burned.
- Custom GPT / Actions — good for read-only queries, report generation, one-off lookups.
- MCP server (SpendSignoff) — necessary for any workflow that touches bids, budgets, or campaign state.
- Custom GPT + MCP action — the hybrid: a GPT that calls an MCP-aware endpoint, with the safety contract living server-side.
FAQ
- Can I use SpendSignoff inside ChatGPT?
- Yes. SpendSignoff is a Streamable-HTTP MCP server. ChatGPT supports remote MCP connections, so you can add SpendSignoff as a tool and manage campaigns in a ChatGPT conversation with the same approval contract as Claude or Cursor.
- Why not just build a Custom GPT and trust the prompt?
- Prompts are suggestions. A sufficiently creative follow-up message or an injected instruction in a campaign name can override them. Server-side scope enforcement cannot be overridden by anything the model says.
- Does SpendSignoff appear in the ChatGPT plugin or GPT store?
- SpendSignoff is available as an MCP connection, not a GPT store listing. You add it via the MCP server URL in your AI client settings — no app store submission required.
Connect an account read-only and watch the operator work.
Reads are free on every plan. Nothing spends without your two-step approval.
Related reading