---
title: Bitwarden API Integration on Truto
slug: bitwarden
category: Default
canonical: "https://truto.one/integrations/detail/bitwarden/"
---

# Bitwarden API Integration on Truto



**Category:** Default  
**Status:** Beta

## Unified APIs

### Unified User Directory API

- **Groups** — Groups are a collection of users in the source application. In some applications, they might also be called Teams.
- **Users** — The User object represents a User.

## How it works

1. **Link your customer's Bitwarden account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app.
2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request.
3. **Call Truto's API to reach Bitwarden.** The Proxy API is a 1-to-1 mapping of the Bitwarden API.
4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field.

## Use cases

- **Automate employee onboarding and offboarding in Bitwarden** — IT management and HR platforms can sync user lifecycle events to Bitwarden, automatically inviting new hires into the right groups and revoking vault access the moment someone is terminated — eliminating manual credential hygiene.
- **Continuously audit password management posture for compliance** — Compliance automation platforms can pull Bitwarden member and group data to verify that all employees are provisioned into the correct organizational groups, supporting SOC2 and HIPAA evidence collection without manual screenshots.
- **Sync directory groups to Bitwarden for role-based access control** — SaaS products that manage identity or access policies can push group membership changes into Bitwarden, ensuring that shared credential collections automatically reflect organizational role changes across departments.
- **Provision and deprovision contractor access to shared credentials** — Workforce management platforms can programmatically add temporary contractors to specific Bitwarden groups and remove them when engagements end, preventing lingering access to sensitive client passwords.

## What you can build

- **One-click Bitwarden seat provisioning** — Automatically invite new employees into Bitwarden and assign them to department-specific groups when they're created in your platform.
- **Real-time offboarding credential revocation** — Instantly remove terminated users from Bitwarden when their status changes to inactive in your HR or IT system, closing the access gap.
- **Group membership sync dashboard** — Display a unified view of Bitwarden groups alongside groups from other directory providers, letting admins spot drift and enforce consistency.
- **Bulk user-to-group mapping import** — Allow admins to upload or define role-to-group mappings that automatically categorize Bitwarden users into the correct collections based on job function.
- **Compliance evidence export for user directory state** — Generate point-in-time snapshots of Bitwarden members and their group assignments to feed directly into audit evidence packages.

## FAQs

### How does authentication work with the Bitwarden integration?

Bitwarden's Public API uses OAuth2 client credentials. Your end users provide their organization's client_id and client_secret, which Truto manages securely to handle token issuance and refresh automatically.

### What Bitwarden data can I access through Truto's Unified User Directory API?

Truto maps Bitwarden's Members and Groups endpoints to the Unified User Directory API's Users and Groups resources. This covers listing users, checking their status, managing group memberships, and inviting or removing members.

### Are there rate limits on the Bitwarden Public API?

Bitwarden applies rate limiting to its Public API. Truto handles retry logic and backoff strategies so your integration doesn't need to manage rate limit errors directly.

### Can I write data back to Bitwarden or is it read-only?

Bitwarden's Public API supports both read and write operations for members and groups — including creating invites, updating group assignments, and deleting members. The specific write operations available through Truto depend on the integration build.

### Does this integration access vault items or passwords?

No. Bitwarden's Public API is scoped to organizational administration — members, groups, policies, and event logs. Vault contents are end-to-end encrypted and are not exposed through the Public API, so no plaintext passwords are ever accessible.

### The tools for Bitwarden aren't listed yet — can I still use this integration?

Bitwarden integrations are built on request. Once you signal interest, Truto builds and ships the integration with full support for auth, pagination, and error handling against Bitwarden's Public API, mapped to the Unified User Directory API.