--- title: CockroachDB Cloud API Integration on Truto slug: cockroachdbcloud category: Default canonical: "https://truto.one/integrations/detail/cockroachdbcloud/" --- # CockroachDB Cloud API Integration on Truto **Category:** Default **Status:** Generally available ## Unified APIs ### Unified User Directory API - **Groups** — Groups are a collection of users in the source application. In some applications, they might also be called Teams. - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ## How it works 1. **Link your customer's CockroachDB Cloud account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach CockroachDB Cloud.** The Proxy API is a 1-to-1 mapping of the CockroachDB Cloud API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate database user lifecycle management from your IAM platform** — IAM and identity governance SaaS companies can offer CockroachDB Cloud as a connected integration, enabling customers to automatically provision, update, and deprovision database users and roles in sync with their corporate directory — eliminating standing admin accounts and enforcing zero-trust access. - **Sync CockroachDB Cloud roles and groups into your access governance dashboard** — Security and compliance platforms can pull CockroachDB Cloud users, roles, and group assignments via Truto's Unified User Directory API to give security teams a unified view of who has access to production database clusters alongside every other system in their stack. - **Enable Just-in-Time database access from your privileged access management tool** — PAM and JIT access SaaS products can programmatically create temporary SQL users with scoped roles on CockroachDB Cloud clusters, then automatically revoke access after a defined window — reducing blast radius during incident response without manual DBA intervention. - **Offer CockroachDB Cloud user provisioning in your Internal Developer Portal** — Developer platform and IDP products can integrate with CockroachDB Cloud to automatically create database users and assign appropriate roles when developers onboard to a project or spin up new environments, streamlining the inner loop without tickets to the DBA team. - **Audit database access across your customers' CockroachDB Cloud organizations** — GRC and audit platforms can continuously sync user and role data from CockroachDB Cloud to detect over-privileged accounts, orphaned users, and role drift — critical for SOC 2, SOX, and GDPR compliance reporting. ## What you can build - **Automated database user provisioning and deprovisioning** — Sync user lifecycle events from your product to CockroachDB Cloud, creating SQL users on hire and removing them on offboarding — all mapped through Truto's Unified User Directory API. - **Cross-platform role mapping for CockroachDB Cloud** — Map corporate directory groups (e.g., from Okta or Azure AD) to CockroachDB Cloud roles like Cluster Admin, Cluster Developer, or Billing Coordinator so permissions stay consistent across systems. - **Unified access review dashboard including CockroachDB Cloud** — Surface CockroachDB Cloud users, groups, and role assignments alongside other SaaS and infrastructure tools in a single access review workflow for compliance audits. - **Time-bound privileged database access grants** — Let your users request and receive temporary CockroachDB Cloud access with a specific role that is automatically revoked after a configurable expiration window. - **Orphaned account detection for CockroachDB Cloud** — Continuously compare CockroachDB Cloud user lists against your customers' HR or identity provider records to flag accounts that should have been deprovisioned. - **Service account inventory and rotation tracking** — Enumerate CockroachDB Cloud service accounts and surface them in your security dashboard so customers can track credential age and trigger rotation workflows. ## FAQs ### What Unified APIs does Truto support for CockroachDB Cloud? Truto supports the Unified User Directory API for CockroachDB Cloud, covering Users, Groups, and Roles. This lets you read and manage database users, organizational roles, and group assignments through a standardized schema. ### How does authentication work for the CockroachDB Cloud integration? CockroachDB Cloud's API uses API keys (service accounts) for authentication. Truto handles credential storage and token management so your end users can securely connect their CockroachDB Cloud organization without you building custom auth flows. ### Are there additional tools or endpoints available beyond the Unified User Directory API? Currently, the integration is mapped to the Unified User Directory API. Additional tools — such as cluster lifecycle management, spend limit configuration, or observability endpoints — can be built on request based on your specific use case. ### Does Truto handle pagination and rate limits for the CockroachDB Cloud API? Yes. Truto abstracts away pagination and respects CockroachDB Cloud's API rate limits automatically, so you don't need to implement retry logic or cursor management in your application code. ### Can I write back to CockroachDB Cloud, or is the integration read-only? The Unified User Directory API supports both read and write operations where the underlying CockroachDB Cloud API permits — including creating, updating, and deleting users and role assignments. Exact write capabilities depend on the permissions granted by the connected API key. ### What data can I access through the Unified User Directory API for CockroachDB Cloud? You can access SQL users, service accounts, cross-organization roles (such as Cluster Admin, Cluster Developer, and Billing Coordinator), and group memberships — all normalized into Truto's unified User, Group, and Role schemas.