--- title: Apache Airflow API Integration on Truto slug: apacheairflow category: Application Development canonical: "https://truto.one/integrations/detail/apacheairflow/" --- # Apache Airflow API Integration on Truto **Category:** Application Development **Status:** Beta ## Unified APIs ### Unified User Directory API - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ## MCP-ready AI tools Truto exposes 11 tools for Apache Airflow that AI agents can call directly. - **list_all_apacheairflow_users** — List users in Apache Airflow. Returns user details including first_name, last_name, username, email, active status, last_login time, role names, and creation dates. - **get_single_apacheairflow_user_by_id** — Get information about a specific user in Apache Airflow using id. Returns details such as username, email, roles, and active status. - **create_a_apacheairflow_user** — Create a user in Apache Airflow using first_name, last_name, username, email, roles, and password. Returns the created user's details including username, email, active status, login count, and timestamps. - **update_a_apacheairflow_user_by_id** — Update a specific user in Apache Airflow using id. Requires username as id. Returns fields like first_name, last_name, username, email, active, last_login, login_count, failed_login_count, roles, created_on, and changed_on. - **delete_a_apacheairflow_user_by_id** — Delete a user in Apache Airflow with the specified id. This operation removes the user permanently. Returns confirmation of deletion. - **list_all_apacheairflow_roles** — List roles in Apache Airflow. Returns each role's name and associated actions, including the action name and resource name. Also returns total_entries for total available roles before pagination. - **get_single_apacheairflow_role_by_id** — Get a role in Apache Airflow by id. Returns details about the role including its permissions and name. - **create_a_apacheairflow_role** — Create a new role in Apache Airflow. Requires name and actions in the request body. Returns the created role with fields such as name and associated actions. - **update_a_apacheairflow_role_by_id** — Update a role in Apache Airflow. Requires id. Returns the role name and a list of actions with associated resources to show updated permissions and access. - **delete_a_apacheairflow_role_by_id** — Delete a specific role in Apache Airflow using id (role_name). Returns confirmation of deletion. - **list_all_apacheairflow_permissions** — List permissions in Apache Airflow. Returns a collection of permission objects, each including name, description, and associated actions. ## How it works 1. **Link your customer's Apache Airflow account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Apache Airflow.** The Proxy API is a 1-to-1 mapping of the Apache Airflow API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate compliance audits for data infrastructure access** — Security and compliance SaaS products can continuously pull Airflow user lists, roles, and permissions to generate SOC2/ISO27001-ready access reports — and automatically deactivate or remove users who no longer need access. - **Sync identity providers with Airflow's internal user directory** — IAM and SSO platforms can offer zero-touch onboarding by automatically provisioning Airflow users and mapping directory groups to Airflow roles, eliminating manual account creation for data teams. - **Enable self-serve RBAC provisioning from developer portals** — Platform engineering SaaS products can automatically create scoped Airflow roles and provision team members when a new project is spun up, enforcing least-privilege access without IT tickets. - **Detect and remediate security risks in Airflow environments** — Security posture management tools can monitor failed login counts, inactive users, and overly permissive roles across customer Airflow instances to flag and auto-remediate threats. - **Centralize user lifecycle management across the data stack** — IT management SaaS can treat Airflow as another managed application — creating, updating, and offboarding users in lockstep with HRIS events like terminations or team transfers. ## What you can build - **Automated Airflow user provisioning and deprovisioning** — Create and remove Airflow user accounts in real time when employees join, move, or leave the organization, driven by HRIS or IdP events. - **Cross-platform access review dashboard** — Pull all Airflow users, their roles, and assigned permissions into a unified view alongside other tools so security teams can review who has access to production pipelines. - **Custom role builder with least-privilege enforcement** — Programmatically create and update Airflow roles scoped to specific DAG resources, ensuring each team only accesses the pipelines they own. - **Failed login and inactive user alerting** — Monitor Airflow user records for high failed login counts or stale last login timestamps and surface alerts or trigger automated lockouts. - **Group-to-role mapping engine** — Automatically map Active Directory or IdP groups to Airflow roles so that group membership changes instantly reflect in Airflow RBAC. - **Permission drift detection** — Continuously compare current Airflow role permissions against a baseline policy and flag any unauthorized changes to role definitions. ## FAQs ### What authentication methods does the Apache Airflow integration support? Airflow's REST API typically uses Basic Auth (username/password) or API token-based authentication. Truto handles credential storage and auth flow so your end users can connect their Airflow instances securely without you managing secrets directly. ### Which Airflow resources can I manage through Truto? You can perform full CRUD operations on Users and Roles, and list all available Permissions. These map to Truto's Unified User Directory API, giving you a standardized interface for identity and access management. ### Can I both read and write data, or is this a read-only integration? This is a full read-write integration. You can list, create, update, and delete both users and roles. Permissions are available as a read-only list since they are system-defined in Airflow. ### Does Truto handle pagination when listing Airflow users or roles? Yes. Truto abstracts away Airflow's pagination logic so you receive complete result sets through the unified API without building custom pagination handling. ### How does the Unified User Directory API map to Airflow's data model? Airflow Users map to the unified Users resource (including fields like email, username, active status, and login metadata). Airflow Roles and their associated permission actions map to the unified Roles resource. This lets you use the same API schema across Airflow and other supported tools. ### Can I assign specific permissions to a custom Airflow role through Truto? Yes. When creating or updating a role via create_a_apacheairflow_role or update_a_apacheairflow_role_by_id, you can specify the actions (permission-resource pairs) assigned to that role, enabling granular RBAC configuration.