--- title: Cato Networks API Integration on Truto slug: catonetworks category: Default canonical: "https://truto.one/integrations/detail/catonetworks/" --- # Cato Networks API Integration on Truto **Category:** Default **Status:** Beta ## Unified APIs ### Unified User Directory API - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ## How it works 1. **Link your customer's Cato Networks account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Cato Networks.** The Proxy API is a 1-to-1 mapping of the Cato Networks API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate Zero Trust access provisioning from identity lifecycle events** — SaaS companies building IT automation or identity governance products can sync user lifecycle changes (onboarding, offboarding, role changes) directly into Cato Networks to provision or revoke ZTNA licenses and VPN user access in real time, closing security gaps caused by manual processes. - **Unify network identity data for cyber asset inventory** — CAASM and asset intelligence platforms can pull Cato Networks user and role data alongside other identity sources to build a comprehensive view of who has network access, what roles they hold, and whether their access aligns with corporate policy. - **Enforce role-based network access policies from a central SaaS platform** — Security and compliance SaaS products can read user roles and group memberships from Cato Networks to verify that network access policies match organizational role definitions, flagging drift or policy violations automatically. - **Streamline MSP client user management across multiple tenants** — MSP-focused platforms can offer a single pane of glass for managing Cato Networks users and roles across multiple client accounts, reducing the operational overhead of logging into each Cato management portal individually. ## What you can build - **Automated ZTNA user deprovisioning on offboarding** — Instantly revoke a terminated employee's Cato Networks VPN user status and Zero Trust access when their status changes in the upstream HRIS or identity provider. - **Cross-platform user directory audit dashboard** — Display a unified view of Cato Networks users and roles alongside data from other identity sources, highlighting orphaned accounts and role mismatches. - **Role-based access compliance checks** — Continuously compare Cato Networks user roles against your customers' access policy definitions and surface non-compliant assignments for remediation. - **Bulk user and role sync for new site rollouts** — Let customers provision hundreds of users into Cato Networks with the correct role assignments in a single workflow when onboarding a new office or business unit. - **Real-time user access change notifications** — Push alerts to Slack, Teams, or a SIEM whenever a user's role or access status changes in Cato Networks, keeping security teams informed without manual log reviews. ## FAQs ### What authentication method does the Cato Networks API use? Cato Networks uses API key-based authentication for its GraphQL API. Your end users generate an API key from the Cato Management Application, which Truto securely stores and manages on your behalf. ### What type of API does Cato Networks expose? Cato Networks provides a GraphQL API (with v1 and v2 endpoints), which allows precise queries and mutations without over-fetching data. Truto abstracts this behind a consistent REST-style Unified API so you don't need to write GraphQL queries yourself. ### Which Unified APIs does Truto support for Cato Networks? Truto currently maps Cato Networks to the Unified User Directory API, covering Users and Roles resources. This lets you read and manage VPN/ZTNA users and their role assignments through a standardized schema. ### Are additional Cato Networks tools and endpoints available beyond the Unified User Directory API? Cato Networks tools in Truto are built on request. If you need access to objects like accountSnapshot, appStats, accountMetrics, or security event data, Truto can build and expose those as custom or unified resources for your use case. ### Does Truto handle pagination and rate limits for the Cato Networks API? Yes. Truto manages pagination and respects Cato's API rate limits automatically, so you can query large user directories without worrying about throttling or incomplete result sets. ### Can I write data back to Cato Networks through Truto, or is it read-only? Cato's GraphQL API supports mutations (write operations) for actions like provisioning users and updating roles. The specific write operations available through Truto depend on the tools built for your account — contact Truto to confirm or request mutation support for your workflow.