--- title: Strac API Integration on Truto slug: strac category: Security canonical: "https://truto.one/integrations/detail/strac/" --- # Strac API Integration on Truto **Category:** Security **Status:** Beta ## MCP-ready AI tools Truto exposes 27 tools for Strac that AI agents can call directly. - **create_a_strac_document** — Upload a document to the strac vault and receive a reference ID for later retrieval. Returns: documentId. Required: document (binary, max 10 MB). Each upload is immutable — repeating the call creates a new stored document and a new reference ID. - **get_single_strac_document_by_id** — Download the original document from strac by its document ID. Returns the raw binary file content of the document (an opaque binary stream, not a structured JSON response). Required: id. - **delete_a_strac_document_by_id** — Delete a document from strac by its document ID. Returns an empty 204 response on success. Required: id. - **create_a_strac_detect** — Detect sensitive data from a document or text using strac. Submits a detection payload to the strac engine and returns the resulting sensitive-data findings. The exact request and response fields are defined by the strac DetectDocumentInput and DetectDocumentOutput schemas respectively — consult the strac API docs for the full field-level breakdown. - **create_a_strac_redact** — Redact a document in the strac vault by submitting a redaction request. On success, returns a RedactDocumentOutput object that can subsequently be used to retrieve the fully redacted document via the strac Get redacted document API. The specific request body fields and response fields are defined by the RedactDocumentInput and RedactDocumentOutput schemas; consult the upstream strac API documentation for the field-level breakdown. - **create_a_strac_redact** — Redact sensitive data from inline text content in Strac, replacing detected PII and other sensitive fields according to the configured redact mode (e.g., substituting tokenized Strac vault links for sensitive values). Returns: redacted_text. Required: text. - **get_single_strac_redacted_document_by_id** — Download a redacted document from strac by document ID. Returns the redacted document as a binary file stream (not a JSON object — the response body is raw binary content). Required: id. - **list_all_strac_tokens** — List token identifiers within a strac redacted document. Returns: id. Required: document_id. - **create_a_strac_token** — Create a token in the strac vault by sending sensitive data and receiving back a reference identifier. By default a new token is generated per request; set idempotent to true to reuse an existing token for duplicate data. Returns: id. - **update_a_strac_tokens_modify_by_id** — Update an existing Strac token's value and type by id. Returns: tokenId, value, type. Required: id. Updates to tokens created with idempotency and updates to tags are not supported. - **delete_a_strac_tokens_modify_by_id** — Delete an existing Strac token by id. Returns an empty 204 response on success. Required: id. - **create_a_strac_tokens_batch** — Create a batch of up to 200 strac tokens by sending sensitive data elements to the vault. Returns reference token identifiers for each submitted data element. The entire batch is atomic — if any single element fails to tokenize, the whole request fails. Each call always produces a new set of tokens regardless of duplicate input. - **create_a_strac_tokens_search_datum** — Search for tokens by data in Strac. Submits a sensitive data value to find its matching token. Returns: token. Required: data. - **create_a_strac_tokens_search_tag** — Search for tokens in Strac by tag. Returns: tokens. Required: tag. Access is restricted to server-to-server connections; contact Strac to allowlist your IP addresses for live environments. - **create_a_strac_tokens_info** — Extract information about a strac token without revealing the original sensitive data in full (e.g., last four digits of a social security number). Returns: token_type, attributes. Required: token. - **create_a_strac_tokens_detokenize_batch** — Batch detokenize up to 10 Strac tokens to retrieve their original sensitive data. Returns: tokens (array of detokenized results mapping each input token to its original value). Required: tokens. Restricted to server-to-server connections only; IP allowlisting required for live environments. - **create_a_strac_anonymize_gsheet** — Anonymize a Google Sheet document in strac by replacing sensitive fields — phone numbers, names, emails, and ZIP codes — with pseudonyms or tokens via Google Workspace domain-wide delegation. Can be configured to run on a recurring basis. Returns the anonymization output object; specific response fields are defined in the upstream AnonymizeGoogleSheetsOutput schema and are not enumerable from the available source documentation. - **create_a_strac_anonymize_gsheets_reverse** — De-anonymize a Google Sheet in Strac, restoring an anonymized Google Sheets document to its original content within a specified Google Drive folder. This reverses the effects of a prior anonymize-gsheets operation. Returns: message, file_id. Required: file_id, folder_id. - **list_all_strac_anonymize_gsheets_jobs** — List recurring Google Sheets anonymization jobs in Strac. Returns job objects including id and attributes containing job-specific configuration details. No required parameters. - **create_a_strac_proxy** — Send any HTTP request (POST, PUT, PATCH, GET, DELETE, or OPTIONS) to a third-party endpoint via the Strac outbound proxy, substituting tokens for sensitive values such as API keys or SSNs. Strac forwards the call to the specified target URL and relays the third-party's response verbatim; the response shape is entirely endpoint-specific. Returns the proxied third-party response; shape is endpoint-specific. Required: Target-Url. - **create_a_strac_proxy_redact** — Send any HTTP request through Strac's outbound proxy to a third-party URL, replacing sensitive data (such as SSNs and passport numbers) with redacted, non-sensitive equivalents before forwarding. Returns the forwarded response from the third-party service; the response shape is entirely determined by the target endpoint and cannot be enumerated statically. Required: Target-Url. - **create_a_strac_proxy_detokenize** — Invoke the strac inbound detokenize proxy to retrieve original sensitive data for up to 10 tokens. The request body and headers are forwarded to your configured authorization server for end-user authorization; on success, the authorization server's response is returned with the detokenized values decorated in. The response shape is dynamic and depends entirely on the authorization server's configuration. - **create_a_strac_proxy_webhook** — Forward HTTP webhook requests through Strac's webhook proxy to your server, replacing sensitive data such as SSNs and bank account numbers with tokens. Returns the forwarded response from your connected server; the response shape is determined by your server's implementation. Required: id (contact Strac to generate a webhookId and configure your endpoint). - **create_a_strac_proxy_function** — Send a request to a third-party API through a Strac-hosted proxy function, forwarding tokens in place of sensitive data. Returns a dynamic JSON response whose shape is determined entirely by the hosted function. Required: Function-Id. - **create_a_strac_proxy_sftp** — Detokenize and upload a CSV file to an SFTP server via Strac's proxy. SFTP server credentials must be pre-registered with Strac before use. Returns a 200 OK response with no body on success. - **list_all_strac_data_security_risks** — List data security risks discovered in strac across integrated applications, filterable by app type, date ranges, sensitive data types, and other criteria. Returns records containing event (with eventId, detectedElementTypes, filePath, eventTime, documentId), endpointResourceType, and endpointRemediationType. Required: appType, startDate, endDate. - **list_all_strac_data_security_audit_events** — List strac data security audit events tracking user actions and system activities. Returns an events array where each record includes eventId, actionName, actorEmailAddress, dateTime, actorIpAddress, actorUserGroups, actionRequestPath, and a target object with action-specific context. Optionally filter by startDate or endDate. ## How it works 1. **Link your customer's Strac account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Strac.** The Proxy API is a 1-to-1 mapping of the Strac API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Keep your SaaS out of PCI and HIPAA scope** — Offer a native Strac integration so your customers can route sensitive inputs through their own Strac tenant for redaction and tokenization. Your application never persists raw PII, PCI, or PHI, dramatically shrinking your compliance surface area. - **Power 'Bring Your Own Vault' for enterprise deals** — Enterprise buyers increasingly require that sensitive data be vaulted in a system they control. A Strac integration via Truto lets your customers tokenize their own data and proxy it through Strac, unblocking security reviews and procurement. - **Automate compliance evidence collection** — GRC and security tools can pull Strac risk findings and audit events on behalf of their customers to populate SOC 2, HIPAA, and GDPR control evidence. This replaces manual screenshots with continuous, API-driven proof of DLP enforcement. - **Sanitize unstructured user-generated content** — Helpdesk, collaboration, and AI products can pipe chats, documents, and uploads through Strac's detection and redaction APIs before persisting. End users get safer workflows; you avoid storing data you never wanted in the first place. - **Anonymize analytics pipelines on demand** — BI and revenue analytics platforms can trigger Strac anonymization on Google Sheets data sources before ingestion, so customer PII never enters the analytics warehouse while preserving structural usefulness for modeling. ## What you can build - **Inline text redaction on ingest** — Call Strac's redact endpoint on every inbound message, comment, or note so your database only stores sanitized text with reference tokens in place of detected PII. - **Document vault with redacted previews** — Upload PDFs, images, and files to Strac, store only the document ID, and render a redacted version on demand for agents and reviewers who don't need the raw content. - **Tokenized field storage for sensitive attributes** — Replace fields like SSNs, account numbers, and API keys with Strac tokens at write time, and use token info lookups to display masked previews (e.g., last 4) in your UI. - **Outbound proxy for third-party API calls** — Route requests to downstream services through Strac's HTTP, webhook, function, or SFTP proxies so tokens are detokenized in flight and raw values never traverse your infrastructure. - **Batch tokenization and detokenization workflows** — Use batch token and detokenize endpoints to migrate existing sensitive datasets into Strac, or to bulk-rehydrate values for scheduled exports and reporting jobs. - **Embedded DLP risk and audit dashboards** — Pull Strac data security risks and audit events into your product to give customers a native view of policy violations, remediations, and user activity tied to their workspace. ## FAQs ### How does authentication to a customer's Strac account work through Truto? Strac uses API key authentication scoped to each customer's workspace. Through Truto, your end users provide their Strac API credentials once during connection setup, and Truto manages secure storage and injection on every subsequent API call. ### What sensitive data operations are supported out of the box? Truto exposes Strac's core primitives: document upload and redaction, inline text detection and redaction, token create/update/delete, batch tokenization and detokenization, token search by data or tag, and token info lookups for masked rendering. ### Can I forward third-party API traffic through Strac without storing raw data? Yes. Strac's proxy endpoints (HTTP, webhook, function, and SFTP) are available, plus dedicated proxy redact and detokenize operations. You store tokens, and Strac swaps them for real values in transit to the downstream system. ### How do I pull compliance and DLP evidence on a schedule? Use the list endpoints for data security risks and audit events to poll Strac for new findings and remediation activity. This is the standard pattern for GRC dashboards and continuous compliance monitoring. ### Is there support for anonymizing spreadsheet data sources? Yes. Strac's Google Sheets anonymization endpoints let you trigger a pseudonymization job, list job status, and reverse the anonymization when needed — useful for BI pipelines that must avoid ingesting raw PII. ### Does Truto offer a unified Security API for Strac? Not currently. The Strac integration is exposed as passthrough tools mapped 1:1 to Strac's native endpoints, which gives you full access to its detection, tokenization, proxy, and posture management capabilities without a normalization layer in between. ## Related reading - [Connect Strac to Claude: Monitor Risks and Manage Secure Tokens](https://truto.one/blog/connect-strac-to-claude-monitor-risks-and-manage-secure-tokens/) — Learn how to connect Strac to Claude using a managed MCP server. Automate sensitive data detection, redaction, and tokenization without custom integration code. - [Connect Strac to ChatGPT: Securely Vault and Redact Sensitive Data](https://truto.one/blog/connect-strac-to-chatgpt-securely-vault-and-redact-sensitive-data/) — Architect a managed MCP server to give ChatGPT secure, tokenized access to the Strac API. Learn how to automate data redaction, proxy sensitive requests, and manage vault tokens. - [Connect Strac to AI Agents: Automate Data Redaction and Proxying](https://truto.one/blog/connect-strac-to-ai-agents-automate-data-redaction-and-proxying/) — Learn how to connect Strac to your AI agents to automate data redaction, secure tokenization, and third-party proxying using Truto's /tools endpoint.