--- title: ThoughtSpot API Integration on Truto slug: thoughtspot category: Analytics canonical: "https://truto.one/integrations/detail/thoughtspot/" --- # ThoughtSpot API Integration on Truto **Category:** Analytics **Status:** Generally available ## Unified APIs ### Unified User Directory API - **Groups** — Groups are a collection of users in the source application. In some applications, they might also be called Teams. - **Organizations** — Organizations are the top level entity in the source application. Users are associated with an organization. - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ## How it works 1. **Link your customer's ThoughtSpot account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach ThoughtSpot.** The Proxy API is a 1-to-1 mapping of the ThoughtSpot API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate multi-tenant user provisioning for embedded analytics** — SaaS platforms embedding ThoughtSpot need to replicate their tenant hierarchy — orgs, groups, users, and roles — inside ThoughtSpot to enforce row-level security. Truto's Unified User Directory API lets you sync this identity layer programmatically without building custom glue code against ThoughtSpot's REST API. - **Enforce HIPAA and SOC 2 compliant data isolation across customer tenants** — Healthcare and fintech SaaS companies must guarantee that each customer's users only see their own data in embedded dashboards. By syncing groups, roles, and org assignments through Truto, platforms can dynamically apply row-level security attributes as part of their standard user lifecycle — without maintaining a separate identity pipeline. - **Streamline onboarding when new customers connect their ThoughtSpot instance** — When your end users bring their own ThoughtSpot deployment, your product needs to read their existing org structure, groups, and roles to map permissions correctly. Truto handles the auth handshake and normalizes the user directory data so your onboarding flow works regardless of ThoughtSpot API version quirks. - **Centralize identity management across multiple analytics backends** — SaaS companies that support several BI tools alongside ThoughtSpot can use Truto's Unified User Directory API to manage users, groups, and roles through a single interface — reducing integration surface area and keeping permissions consistent across every connected analytics platform. ## What you can build - **Automated tenant org and group creation on signup** — When a new customer signs up for your SaaS, automatically create a corresponding ThoughtSpot Org and Group via Truto's unified Users, Groups, and Organizations resources — no direct API wiring needed. - **Role-based access sync from your app to ThoughtSpot** — Map your application's permission tiers (admin, viewer, analyst) to ThoughtSpot Roles through Truto so embedded dashboard access stays in lockstep with your product's entitlements. - **User lifecycle management dashboard** — Build an internal admin panel that lists all synced ThoughtSpot users, their group memberships, and assigned roles — powered by Truto's normalized User Directory data — so your support team can troubleshoot access issues instantly. - **Just-in-time user provisioning for embedded analytics sessions** — Create or update a ThoughtSpot user with the correct group and RLS attributes the moment they launch an embedded Liveboard, ensuring zero-friction first-time access without pre-provisioning. - **Bulk user deprovisioning on churn** — When a customer churns or a user is deactivated in your platform, cascade the change to ThoughtSpot by removing users from groups and orgs through Truto — closing security gaps automatically. ## FAQs ### What ThoughtSpot resources can I manage through Truto today? Truto maps ThoughtSpot to its Unified User Directory API, covering Users, Groups, Organizations, and Roles. These are the normalized resources available out of the box. Additional ThoughtSpot-specific tools (e.g., TML management, search data, AI agent endpoints) can be built on request. ### How does authentication work for connecting a ThoughtSpot instance? ThoughtSpot's REST API v2.0 supports bearer token authentication and trusted authentication tokens. Truto manages the auth lifecycle — token generation, refresh, and secure storage — so your application never handles raw credentials directly. ### Does Truto handle pagination and rate limits for ThoughtSpot's API? Yes. Truto abstracts away cursor-based pagination and respects ThoughtSpot's rate limits internally, so your application receives complete, normalized result sets without building retry or pagination logic. ### Can I sync custom user attributes used for row-level security? ThoughtSpot uses group membership and user properties to drive RLS. Through Truto's Unified User Directory, you can manage group assignments and user metadata that ThoughtSpot evaluates for security rules. For highly custom RLS attribute workflows, Truto can build tailored tools on request. ### What if I need ThoughtSpot capabilities beyond the Unified User Directory? Truto builds integration tools on request. If you need support for ThoughtSpot's search data API, TML import/export, connection management, or the Spotter AI agent endpoints, reach out and Truto will scope and deliver those tools for your use case. ### Does this work with both ThoughtSpot Cloud and Software (on-prem) deployments? ThoughtSpot's REST API v2.0 is available on both Cloud and Software editions. As long as the instance exposes the API and your end user provides valid credentials, Truto can connect to either deployment model.