How do I connect Apono to an AI agent?

You can connect Apono to AI agents by using an integration layer like Truto to generate AI-ready JSON schemas for Apono's REST API and binding them to your LLM using frameworks like LangChain.

Does Truto handle rate limits for Apono API calls?

Truto normalizes Apono's rate limit headers into standard IETF formats (ratelimit-remaining, ratelimit-reset) but does not automatically retry requests. Your agent must handle backoff logic.

Can I use Truto tools with LangGraph?

Yes, Truto's toolset SDK generates standard tool objects that can be bound directly to LLMs within LangGraph nodes for autonomous execution.

Connect Apono to AI Agents: Automate Security & Access Workflows

Managing just-in-time (JIT) access requests, rotating infrastructure privileges, and auditing security policies manually is a massive bottleneck for DevOps and IT teams. Whether you want to connect Apono to ChatGPT, integrate with Claude, or build a custom agent so it can provision temporary database access, audit roles, and query active sessions autonomously, you need an integration layer that translates agent reasoning into structured Apono REST API calls.

A 2026 Gartner report predicts that by 2029, 70% of enterprises will deploy agentic AI as part of their infrastructure and IT operations. However, giving a Large Language Model (LLM) read and write access to your infrastructure security platform is a serious engineering task. You either spend weeks building and maintaining custom API wrappers, or you use a managed infrastructure layer that handles the boilerplate for you.

This guide breaks down exactly how to use Truto's /tools endpoint to generate AI-ready tools for Apono, bind them natively to frameworks like LangChain or LangGraph, and execute complex access workflows using natural language.

The Engineering Reality of Custom Apono Connectors

As we've discussed when connecting Pylon to AI agents, building AI agents is easy. Connecting them to external SaaS APIs is hard.

Giving an LLM access to external data sounds simple in a prototype: you write a Node.js function that makes a fetch request and wrap it in an @tool decorator. In production, this approach collapses entirely.

If you decide to build a custom integration for Apono, you are responsible for the entire API lifecycle. You have to handle API key management and secure credential storage. You have to write and maintain massive JSON schemas for every endpoint you want the LLM to access. When the LLM requests a list of access sessions, you have to write the logic to handle pagination cursors.

LLMs do not inherently understand cursor-based pagination, rate limits, or undocumented API edge cases. If you pass an LLM a raw, unpaginated API response containing 10,000 access logs, you will blow past your context window and crash the agent.

How Truto Exposes Apono as AI-Ready Tools

Truto solves this by acting as a proxy layer between your AI agent and the Apono API. Instead of hand-coding tool definitions, Truto derives them dynamically from Apono's resource definitions and API documentation.

Every Apono endpoint is mapped into a standardized Proxy API. Truto then exposes these endpoints via the /integrated-account/<id>/tools endpoint. This returns a complete array of tools - complete with descriptive names, query schemas, and body schemas - that your LLM framework can ingest directly.

sequenceDiagram
    participant Agent as AI Agent (LangGraph)
    participant Truto as Truto Proxy API
    participant Apono as Apono REST API
    Agent->>Truto: Call apono_create_access_bundle(args)
    Truto->>Truto: Inject Authentication Credentials
    Truto->>Apono: POST /api/v1/access-bundles
    Apono-->>Truto: 200 OK (or 429 Rate Limit)
    Truto-->>Agent: Standardized JSON Response + Rate Limit Headers

Handling Rate Limits in Agentic Loops

When building autonomous agents, rate limits are your biggest enemy. As we've seen when connecting Affinity to AI agents, an agent stuck in a retry loop can easily spam an upstream API and trigger a temporary ban.

It is critical to understand that Truto does NOT retry, throttle, or apply backoff on rate limit errors.

When the Apono API returns a rate-limit error (e.g., HTTP 429), Truto passes that error directly back to your agent. What Truto does do is normalize the rate limit information from Apono into standardized response headers based on the IETF RateLimit specification:

ratelimit-limit: The maximum number of requests allowed in the current window.
ratelimit-remaining: The number of requests left in the current window.
ratelimit-reset: The number of seconds until the rate limit window resets.

Your AI agent or orchestration framework (like LangGraph) is entirely responsible for reading these standardized headers and implementing its own exponential backoff or scheduling logic.

Step-by-Step: Connecting Apono to LangChain

To connect Apono to your agent, you can use the @trutohq/truto-langchainjs-toolset SDK. This SDK automatically fetches the schemas from Truto and formats them for LangChain.

First, install the required packages:

npm install @trutohq/truto-langchainjs-toolset @langchain/openai

Next, initialize the tool manager and bind the Apono tools to your LLM:

import { TrutoToolManager } from '@trutohq/truto-langchainjs-toolset';
import { ChatOpenAI } from '@langchain/openai';
 
async function initializeAponoAgent() {
  // Initialize the Truto Tool Manager with your Apono Integrated Account ID
  const manager = await TrutoToolManager.create({
    integratedAccountId: 'your_apono_integrated_account_id',
    trutoToken: process.env.TRUTO_API_TOKEN,
  });
 
  // Fetch all available Apono tools
  const aponoTools = manager.getTools();
 
  // Initialize your LLM
  const llm = new ChatOpenAI({ 
    modelName: 'gpt-4o',
    temperature: 0 
  });
 
  // Bind the tools to the LLM
  const llmWithTools = llm.bindTools(aponoTools);
 
  // Execute a natural language command
  const response = await llmWithTools.invoke(
    "List all active access sessions and check if any delegated access requests are pending."
  );
 
  console.log(response.tool_calls);
}

Because Truto handles the schema generation, the LLM knows exactly which parameters are required to execute list_all_apono_access_sessions and list_all_apono_delegated_access_requests.

The Complete Apono AI Agent Tool Inventory

By connecting Apono through Truto, your AI agent gains access to 48 distinct tools covering the entire Apono API surface. You can view the full integration capabilities and documentation on the Apono integration page.

Below is the complete inventory of Apono tools available to your AI agents, grouped by functional area.

Access Scopes & Bundles

Access scopes and bundles define what resources users can access. Agents can use these tools to dynamically provision or audit access packages.

create_a_apono_access_scope: Create an access scope using a name and query. Returns id, name, query, creation_date, and update_date.
get_single_apono_access_scope_by_id: Get details of a specific access scope using its id.
update_a_apono_access_scope_by_id: Update an existing access scope.
delete_a_apono_access_scope_by_id: Delete an access scope. Returns no content upon successful deletion.
list_all_apono_access_scopes: List all access scopes in Apono.
create_a_apono_access_bundle: Create an access bundle requiring a name and integration_targets.
get_single_apono_access_bundle_by_id: Get details of a specific access bundle by id.
update_a_apono_access_bundle_by_id: Update an existing access bundle.
delete_a_apono_access_bundle_by_id: Delete an existing access bundle.
list_all_apono_access_bundles: List all access bundles and their integration targets.
list_all_apono_available_access_bundles: List available access bundles. Returns a list of bundles with id and name fields.
create_a_apono_bundle: Create a new bundle requiring a name and access_targets.
get_single_apono_bundle_by_id: Get details of a specific bundle.
update_a_apono_bundle_by_id: Update a specific bundle using its id.
delete_a_apono_bundle_by_id: Delete a specific bundle.
list_all_apono_bundles: List all bundles in Apono.

Access Flows, Sessions & Requests

These tools allow agents to monitor active sessions, approve requests, and manage access workflows.

create_a_apono_access_flow: Create an access flow. Requires name, active status, trigger, requestors, access_targets, and settings.
get_single_apono_access_flow_by_id: Get details of a specific access flow.
update_a_apono_access_flow_by_id: Update an existing access flow.
delete_a_apono_access_flow_by_id: Delete an access flow.
list_all_apono_access_flows: List all access flows in Apono.
get_single_apono_access_session_by_id: Get details of a specific access session. Returns id, name, request_ids, and integration details.
list_all_apono_access_sessions: List all active access sessions in Apono.
get_single_apono_delegated_access_request_by_id: Get a delegated access request using its id. Returns status, duration_in_sec, and justification.
list_all_apono_delegated_access_requests: List all delegated access requests.

Integrations & Connectors

Agents can use these tools to audit or configure the underlying infrastructure connections Apono manages.

create_a_apono_integration: Create a new integration requiring a name and type.
get_single_apono_integration_by_id: Get details about a specific integration.
update_a_apono_integration_by_id: Update an existing integration.
delete_a_apono_integration_by_id: Delete a specific integration.
list_all_apono_integrations: List all integrations in Apono.
get_single_apono_connector_by_id: Get details about a specific connector. Returns name, status, version, and last_connected time.
update_a_apono_connector_by_id: Update a specific connector by id.
delete_a_apono_connector_by_id: Delete a connector permanently.
list_all_apono_connectors: List all connectors in Apono.

Identities, Users, & Groups

Manage the human and machine identities that interact with your infrastructure.

create_a_apono_group: Create a group by providing a name and members_emails.
get_single_apono_group_by_id: Get details about a specific group.
delete_a_apono_group_by_id: Delete a specific group.
list_all_apono_groups: List all groups in Apono.
get_single_apono_user_by_id: Get information about a specific user. Returns email, first_name, last_name, and roles.
list_all_apono_users: List all users in Apono.
list_all_apono_identities: List attributes for multiple identities. Returns each identity's email and associated attributes.
list_all_apono_attributes: List attributes in Apono. Returns type, value, and source_id.

Activity & Reporting

Essential for compliance agents that need to generate audit logs and monitor system activity.

list_all_apono_activity: List activity records. Returns request_id, request_date, requestor_name, and requestor_email.
create_a_apono_activity_report: Create an Activity Report requiring a name, filters, and timeframe.
get_single_apono_activity_report_by_id: Get a specific activity report.
update_a_apono_activity_report_by_id: Update an existing activity report.
delete_a_apono_activity_report_by_id: Delete a specific activity report.
list_all_apono_activity_reports: List all activity reports in Apono.

Building Autonomous Access Workflows

Connecting Apono to AI agents transforms IT operations from a reactive ticketing queue into a proactive, autonomous system. Instead of engineers waiting hours for a human to approve temporary database access, an AI agent can instantly verify the request against internal policies, use the create_a_apono_access_bundle tool to provision access, and log the transaction via create_a_apono_activity_report.

By leveraging Truto's /tools endpoint, you bypass the massive engineering overhead of building these API connections yourself. You get standardized rate limit headers, automatic schema generation, and a single integration point that works with LangChain, LangGraph, and any other modern agent framework.

Stop writing custom API wrappers for every SaaS tool your agents need to touch. Standardize your agentic infrastructure and focus on building workflows that actually drive value.