--- title: Heroku API Integration on Truto slug: heroku category: Application Development canonical: "https://truto.one/integrations/detail/heroku/" --- # Heroku API Integration on Truto **Category:** Application Development **Status:** Generally available ## Unified APIs ### Unified User Directory API - **Groups** — Groups are a collection of users in the source application. In some applications, they might also be called Teams. - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ## How it works 1. **Link your customer's Heroku account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Heroku.** The Proxy API is a 1-to-1 mapping of the Heroku API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate identity governance across Heroku teams and apps** — Security and compliance SaaS companies can pull Heroku team members, roles, and app-level collaborators to detect orphaned accounts, enforce least-privilege access, and trigger automated deprovisioning when users are offboarded from a central IdP. - **Build a unified developer directory spanning PaaS and cloud platforms** — Internal developer portals and platform engineering tools can sync Heroku users, teams, and roles into a single directory alongside other infrastructure providers, giving engineering managers a consolidated view of who has access to what. - **Detect identity threats by cross-referencing Heroku access with HR systems** — ITDR and access intelligence platforms can continuously compare Heroku collaborator lists against authoritative sources like Okta or Google Workspace, flagging and remediating access drift for terminated or role-changed employees. - **Enforce security posture policies on Heroku team membership** — Cloud security SaaS products can audit Heroku team structures to ensure that admin roles are limited, external collaborators are reviewed periodically, and access patterns comply with SOC 2 or internal governance policies. ## What you can build - **Heroku team and role inventory dashboard** — Surface all Heroku teams, their members, and assigned roles (admin, member, viewer, billing) in a single pane of glass inside your product. - **Cross-platform user access comparison** — Compare Heroku users and collaborators against identity providers or HR systems to flag accounts that exist in Heroku but have been deactivated elsewhere. - **Automated collaborator deprovisioning workflow** — Trigger removal of Heroku app-level collaborators when an offboarding event is detected in a connected HR or IdP system. - **Role drift alerting for Heroku teams** — Monitor changes in Heroku team member roles over time and alert security teams when privilege escalations occur outside of approved change windows. - **Unified user directory with Heroku as a connected source** — Map Heroku users, groups (teams), and roles into Truto's Unified User Directory API schema so your product treats Heroku identically to other directory sources. ## FAQs ### How does authentication work for the Heroku integration? Heroku supports OAuth 2.0 for third-party integrations as well as direct API token (Bearer token) authentication. Truto handles the OAuth flow and token management so your end users can connect their Heroku accounts securely without you managing refresh logic. ### What Heroku data maps to Truto's Unified User Directory API? Heroku Teams map to Groups, team-level roles (admin, member, viewer, billing) map to Roles, and team members plus app-level collaborators map to Users. This gives you a normalized view of identity and access within Heroku. ### Are there rate limits on the Heroku Platform API? Yes. Heroku enforces a rate limit of approximately 4,500 requests per hour per OAuth token. Truto manages pagination and request budgeting so you can sync large accounts without hitting limits or writing retry logic yourself. ### Can I write back to Heroku — for example, removing a collaborator? The Heroku Platform API supports write operations such as adding or removing team members and app collaborators. Specific write-back tools for Truto's Heroku integration are built on request — contact Truto to scope your exact workflow. ### Are Heroku-specific tools available out of the box in Truto? Heroku is currently available as an on-request integration. Truto will build the specific tools and data mappings your product needs, aligned to the Unified User Directory API and any custom Heroku API endpoints you require. ### How fresh is the data when syncing Heroku users and teams? Data freshness depends on your sync frequency. The Heroku Platform API returns real-time data on each request, so Truto can poll at whatever interval you configure — near-real-time syncs are possible within rate limit constraints.