Changelog
Product update of the week: Year 4 • Week 26
New in Truto: better API token visibility, auto-resuming sync jobs, and expanded User Directory APIs
This week we are giving developers more visibility into API token usage with new staleness tracking and alerts. We also made Sync Job v4 more resilient against transient errors and rate limits, added User Directory support for The Auth API and Roserocket, shipped CRM engagement support for Attio, and expanded our AI-ready integrations with 11 new tools.
✨ Highlights
- 11 new AI-ready integrations including Deel, Runpod, Groq, Exa, and Modulr
- Added
last_used_attracking, Stale badges, and automated notifications for API Tokens - Added a new
rate_limitedstatus and automatic resuming for transient errors in Sync Job v4 - Added User Directory Unified API support (
user-directory/users,user-directory/organizations) for The Auth API and Roserocket - Attio: Added Unified CRM
crm/engagements— list and retrieve notes, tasks, meetings, comments, and call recordings linked to accounts, contacts, and opportunities - Fixed a race condition in the connection flow that could create duplicate integrated accounts during token generation
🤖 AI-ready integrations

- Modulr: Embed payment and account management capabilities into AI workflows.
- Flutterwave: Connect African payments and collection data to AI assistants.
- Penneo: Enable AI agents to initiate digital signing and KYC checks.
- Runpod: Manage cloud GPU and AI deployments through AI assistants.
- Deel: Bring global payroll and contractor management into AI-driven HR workflows.
- Tavio: Automate HR ecosystems and embed integration capabilities using AI.
- Fanvue: Connect creator platform monetization and engagement data to AI agents.
- Groq: Connect fast AI inference operations to other agent workflows.
- Exa: Enhance AI assistants with advanced web search capabilities.
- GuestPoint: Connect property management and hospitality operations to AI agents.
- Stax.ai: Bring intelligent document processing and retirement plan data into AI workflows.
🔐 Security
API tokens now track a last_used_at timestamp, giving you better visibility into which tokens are actively being used. We backfilled this data from the last 90 days of log history for all existing tokens.
In Settings → API Tokens, you can now see exactly when each token was last used. Tokens that have been inactive for 30 days or more are flagged with a Stale badge, and a new Show stale only filter helps you quickly audit unused credentials.
You can also stay ahead of dormant tokens by setting up Notifications with the API Events type to receive automated alerts when tokens become stale.

Sync Jobs
We made Sync Job v4 more resilient to external API limits and temporary provider issues.
- Rate limit handling: We added a new
rate_limitedstatus. If an API rate-limits a sync job, it will automatically move into this status instead of failing. Once the resume process starts, the job transitions back torunning. - Auto-recovery: Sync jobs that get stuck due to transient provider errors will now automatically resume or restart, reducing the need for manual intervention.
Unified APIs
We added User Directory Unified API support for two new integrations:
| Integration | Unified API support | What you can now do |
|---|---|---|
| The Auth API | User Directory (users, organizations) |
Read and manage users and organizations through Truto's unified model |
| Roserocket | User Directory (users, organizations) |
Connect to transportation management users and organizations using a single API |
Attio now supports the Unified CRM crm/engagements resource. You can list and fetch notes, tasks, meetings, comment threads, and call recordings through a single API, with filters for account, contact, opportunity, owner, and task status. Omit engagement_type to paginate across all engagement types in one stream.
🛠️ Fixes and Reliability
- Integrated accounts: Fixed a race condition in the connection flow where some integrations sent multiple requests during token generation. We implemented a mutex so concurrent requests are processed only once. This prevents duplicate integrated accounts and ensures both callers receive the correct, single account response.