---
title: Apono API Integration on Truto
slug: apono
category: IM
canonical: "https://truto.one/integrations/detail/apono/"
---

# Apono API Integration on Truto



**Category:** IM  
**Status:** Beta

## Unified APIs

### Unified User Directory API

- **Groups** — Groups are a collection of users in the source application. In some applications, they might also be called Teams.
- **Roles** — The Role object represents a role of a User.
- **Users** — The User object represents a User.

## MCP-ready AI tools

Truto exposes 48 tools for Apono that AI agents can call directly.

- **list_all_apono_users** — List users in Apono. Returns id, email, first_name, last_name, active status, roles, source_integration_id, source_integration_name, and attributes for each user.
- **get_single_apono_user_by_id** — Get information about a specific user in Apono using id. Returns fields such as id, email, first_name, last_name, active status, roles, and source_integration details.
- **list_all_apono_groups** — List groups in Apono. Returns an array of groups with fields id, name, source_id, source_integration_id, and source_integration_name.
- **get_single_apono_group_by_id** — Get details about a specific group in Apono. Requires id. Returns id, name, source_id, source_integration_id, and source_integration_name.
- **create_a_apono_group** — Create a group in Apono by providing name and members_emails. Returns id, name, source_id, source_integration_id, and source_integration_name in the response.
- **delete_a_apono_group_by_id** — Delete a specific group in Apono using id. Returns no content on success.
- **list_all_apono_activity_reports** — List activity reports in Apono. Returns id, name, filters, timeframe, schedule, format, creation_date, and update_date for each report.
- **create_a_apono_activity_report** — Create an Activity Report in Apono. Requires name, filters, and timeframe. Returns id, name, filters, timeframe, schedule, format, creation_date, and update_date in the response.
- **get_single_apono_activity_report_by_id** — Get a specific activity report in Apono by id. Returns fields such as id, name, filters, timeframe, schedule, format, creation_date, and update_date.
- **update_a_apono_activity_report_by_id** — Update an existing activity report in Apono using id. Returns id, name, selected fields, filters, timeframe, schedule, format, creation_date, and update_date in the response.
- **delete_a_apono_activity_report_by_id** — Delete a specific activity report in Apono. Requires id. Returns a message confirming successful deletion.
- **list_all_apono_attributes** — List attributes in Apono. Returns key fields including type, value, source_id, source_integration_id, and source_integration_name for each attribute.
- **list_all_apono_access_flows** — List access flows in Apono. Returns id, name, active status, triggers, access targets, approver policy, timeframe, and settings for each access flow.
- **create_a_apono_access_flow** — Create an access flow in Apono. Requires name, active, trigger, requestors, access_targets, settings, and request_for_others. Returns id, name, trigger, access_targets details, approver_policy, grant_duration_in_min, and timestamps for creation_date and update_date.
- **get_single_apono_access_flow_by_id** — Get details of a specific access flow in Apono using id. Returns id, name, active status, trigger, approver_policy, access_targets, settings, and timeframe fields providing configuration and operational details.
- **update_a_apono_access_flow_by_id** — Update an existing access flow in Apono using id. Returns fields such as name, active status, trigger, requestors, access_targets, approver_policy, grant_duration_in_min, timeframe, settings, creation_date, and update_date.
- **delete_a_apono_access_flow_by_id** — Delete an access flow in Apono using id. Returns no content when the deletion is successful.
- **list_all_apono_bundles** — List bundles in Apono. Returns id, name, access_targets with integration details and access scopes, creation_date, and update_date for each bundle.
- **create_a_apono_bundle** — Create a new bundle in Apono. Requires name and access_targets. Returns id, name, access_targets with integration and access_scope details, creation_date, and update_date.
- **get_single_apono_bundle_by_id** — Get details of a specific bundle in Apono by id. Returns id, name, access_targets (with integration and access_scope details), creation_date, and update_date fields in the response.
- **update_a_apono_bundle_by_id** — Update a specific bundle in Apono using id. Returns id, name, access_targets with integration and access_scope details, and timestamps (creation_date, update_date).
- **delete_a_apono_bundle_by_id** — Delete a specific bundle in Apono using id. Returns no content on success.
- **list_all_apono_connectors** — List connectors in Apono. Returns id, name, status, version, last_connected, is_latest_version, cloud_provider_type, and sessions details for each connector.
- **get_single_apono_connector_by_id** — Get details about a specific connector in Apono using id. Returns fields such as name, status, version, last_connected, is_latest_version, cloud_provider_type, and sessions with metadata like connector_version and cloud provider details.
- **update_a_apono_connector_by_id** — Update a specific connector in Apono by id. Requires id. Returns fields including id, name, status, version, last_connected, is_latest_version, cloud_provider_type, and sessions with detailed metadata for the connector.
- **delete_a_apono_connector_by_id** — Delete a connector in Apono using id. Removes the connector resource permanently and returns no content in the response.
- **list_all_apono_integrations** — List integrations in Apono. Returns fields such as id, name, type, category, status, last_sync_time, connector_id, integration_config, secret_store_config, connected_resource_types, custom_access_details, owner, and owners_mapping.
- **get_single_apono_integration_by_id** — Get details about a specific integration in Apono using id. Returns integration fields including name, type, category, connector_id, status, last_sync_time, integration_config, secret_store_config, connected_resource_types, custom_access_details, owner, and owners_mapping.
- **create_a_apono_integration** — Create a new integration in Apono. Requires name and type. Returns id, name, type, category, status, connector_id, last_sync_time, integration_config, and secret_store_config details.
- **update_a_apono_integration_by_id** — Update an existing integration in Apono using id. Returns fields such as id, name, type, category, status, and configuration details defining the integration’s connection and access settings.
- **delete_a_apono_integration_by_id** — Delete a specific integration in Apono. Requires id. Returns no content upon successful deletion.
- **list_all_apono_access_sessions** — List access sessions in Apono. Returns id, name, request_ids, integration details (id and name), credentials_status, and can_reset_credentials fields in the response.
- **get_single_apono_access_session_by_id** — Get details of a specific access session in Apono using id. Returns id, name, request_ids, integration details, credentials_status, and can_reset_credentials fields in the response.
- **list_all_apono_available_access_bundles** — List available-access-bundles in Apono. Returns a list of bundles with id and name fields in the response.
- **list_all_apono_delegated_access_requests** — List delegated access requests in Apono. Returns id, status, duration_in_sec, justification, creation_date, revocation_date, access_groups (with integration and resource_types details), requestor, grantee, and bundle.
- **get_single_apono_delegated_access_request_by_id** — Get delegated access request in Apono using id. Returns id, status, duration_in_sec, justification, creation_date, revocation_date, custom_fields, access_groups, requestor, grantee, and bundle details.
- **list_all_apono_access_bundles** — List access-bundles in Apono. Returns each bundle with id, name, and details about integration_targets including integration_id, resource_type, tag filters, and permissions.
- **create_a_apono_access_bundle** — Create an access bundle in Apono. Requires name and integration_targets. Returns id, name, and integration_targets with their integration_id, resource_type, and permissions.
- **get_single_apono_access_bundle_by_id** — Get details of a specific access-bundle in Apono by id. Returns id, name, and integration_targets including integration_id, resource_type, resource_tag_includes/excludes, and permissions.
- **delete_a_apono_access_bundle_by_id** — Delete an existing access bundle in Apono using id. Returns a message field confirming successful deletion.
- **update_a_apono_access_bundle_by_id** — Update an existing access bundle in Apono by id. Returns id, name, and integration_targets with integration_id, resource_type, resource_tag_includes, resource_tag_excludes, and permissions.
- **list_all_apono_access_scopes** — List access scopes in Apono. Returns access scopes with fields id, name, query, creation_date, and update_date.
- **create_a_apono_access_scope** — Create an access scope in Apono using name and query. Returns id, name, query, creation_date, and update_date in the response.
- **get_single_apono_access_scope_by_id** — Get details of a specific access-scope in Apono using id. Returns id, name, query, creation_date, and update_date fields.
- **update_a_apono_access_scope_by_id** — Update an existing access scope in Apono using id. Returns id, name, query, creation_date, and update_date fields in the response.
- **delete_a_apono_access_scope_by_id** — Delete an access scope in Apono using id. Returns no content upon successful deletion.
- **list_all_apono_activity** — List activity records in Apono. Returns request_id, request_date, requestor_name, requestor_email, integration, resource_type, resources, permissions, justification, status, trigger_type, and access_flow fields in the response.
- **list_all_apono_identities** — List attributes for multiple identities in Apono. Returns each identity's email and associated attributes in the response.

## How it works

1. **Link your customer's Apono account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app.
2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request.
3. **Call Truto's API to reach Apono.** The Proxy API is a 1-to-1 mapping of the Apono API.
4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field.

## Use cases

- **Automate break-glass access during incident response** — On-call and incident management platforms can programmatically trigger just-in-time access requests in Apono when a critical incident is assigned, and automatically revoke access when the incident resolves — eliminating credential hunting during outages.
- **Enrich security analytics with granular access audit trails** — SIEM and SOAR platforms can ingest Apono's activity logs and access session data to correlate privilege escalation events, detect anomalous identity behavior, and power automated remediation workflows.
- **Power quarterly access reviews for compliance** — Identity governance tools can pull Apono's users, groups, activity reports, and access sessions to generate audit-ready evidence that zero standing privileges are enforced and every production access event was justified and time-bound.
- **Sync directory context to drive dynamic access policies** — HRIS and workforce management platforms can push employee attributes, group memberships, and org changes into Apono so that access flow policies automatically reflect real-time workforce context like department, shift, or compliance training status.
- **Remediate over-privileged identities from a CSPM dashboard** — Cloud security posture platforms can read Apono's active access sessions and access flows to detect privilege drift, then programmatically revoke or modify access policies without leaving their own UI.

## What you can build

- **Incident-triggered JIT access provisioning** — Automatically create delegated access requests in Apono tied to an incident ID, granting the on-call engineer temporary credentials that revoke when the incident closes.
- **Unified access review dashboard** — Combine Apono users, groups, access sessions, and activity reports into a single compliance view that proves time-bound, justified access for SOC2 or HIPAA auditors.
- **Real-time privilege escalation alerts** — Stream Apono activity data into your security analytics engine to flag and alert on unusual access patterns, such as off-hours requests or repeated access to sensitive resources.
- **Bi-directional group and attribute sync** — Keep Apono's groups and user attributes in sync with your directory or HRIS by creating, updating, and deleting groups and listing attributes through Truto's unified layer.
- **Access flow policy management UI** — Let your customers create, update, and delete Apono access flows directly from your product, defining who can request access, approval requirements, and grant duration.
- **Integration and connector inventory view** — Surface a read-and-manage view of all Apono integrations and connectors so platform teams can audit which cloud resources, databases, and SaaS apps are connected to the access management layer.

## FAQs

### What operations does the Apono integration support through Truto?

Truto supports full CRUD on access flows, access bundles, access scopes, groups, integrations, activity reports, and bundles. It also provides read access to users, attributes, identities, activity logs, access sessions, delegated access requests, available access bundles, and connectors. You can list, get by ID, create, update, and delete most core Apono resources.

### Which Unified APIs are available for Apono?

Apono is mapped to Truto's Unified User Directory API, which provides standardized access to Users, Groups, and Roles. This lets you read and manage Apono's directory data using the same schema you'd use for any other identity provider integrated through Truto.

### Can I read real-time access session and activity data?

Yes. You can use list_all_apono_access_sessions to see currently active JIT sessions and list_all_apono_activity to stream access event logs. For structured reporting, list_all_apono_activity_reports and create_a_apono_activity_report let you generate and retrieve audit-ready reports.

### How does Truto handle authentication with Apono?

Truto manages the full auth lifecycle with Apono on behalf of your end users. Your customers connect their Apono accounts through Truto's embedded linking flow, and Truto handles token management, refresh, and secure credential storage so you never touch raw API keys.

### Can I manage Apono groups programmatically?

Yes. The integration supports listing all groups, getting a group by ID, creating new groups, and deleting groups. This enables directory sync workflows where your product keeps Apono's group memberships aligned with an external source of truth like an HRIS or IdP.

### Does Truto handle pagination and rate limits for Apono API calls?

Yes. Truto abstracts away pagination logic and manages rate limiting transparently. When you call a list endpoint like list_all_apono_users or list_all_apono_access_sessions, Truto handles iterating through pages and respecting Apono's API rate limits so your integration code stays simple.

## Related reading

- [Connect Apono to Claude: Automate Access Flows & Security Audits via MCP](https://truto.one/blog/connect-apono-to-claude-automate-access-flows-security-audits/) — Learn how to connect Apono to Claude using Truto's managed MCP server. Automate just-in-time access, provision infrastructure roles, and audit security logs.
- [Connect Apono to ChatGPT: Manage Access via MCP](https://truto.one/blog/connect-apono-to-chatgpt-manage-just-in-time-access-permissions/) — Learn how to connect Apono to ChatGPT using a managed MCP server. Automate just-in-time access, user provisioning, and permissions via natural language.
- [Connect Apono to AI Agents: Automate Security & Access Workflows](https://truto.one/blog/connect-apono-to-ai-agents-sync-identity-scopes-access-bundles/) — Learn how to connect Apono to AI agents using Truto's /tools endpoint. Generate AI-ready schemas, bind them to LangChain, and automate JIT access workflows.