--- title: Torii API Integration on Truto slug: torii category: SSO canonical: "https://truto.one/integrations/detail/torii/" --- # Torii API Integration on Truto **Category:** SSO **Status:** Beta ## Unified APIs ### Unified User Directory API - **Organizations** — Organizations are the top level entity in the source application. Users are associated with an organization. - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ### Unified Single Sign-On API - **App Users** — AppUsers represent the users assigned to an application. - **Apps** — Applications represent the applications that are registered with the SSO service. ## MCP-ready AI tools Truto exposes 26 tools for Torii that AI agents can call directly. - **list_all_torii_me** — Get the organization profile in Torii. Returns id, companyName, domain, and creationTime fields in the response. - **list_all_torii_users** — List users in Torii. Returns key fields such as id, firstName, lastName, email, lifecycleStatus, isDeletedInIdentitySources, isExternal, and activeAppsCount. - **get_single_torii_user_by_id** — Get user in Torii using id. Returns key fields such as id, firstName, lastName, email, role, lifecycleStatus, and creationTime to identify the user's state and access details. - **update_a_torii_user_by_id** — Update a specific user in Torii using id. Requires lifecycleStatus in the request body. Returns user details including id, email, role, lifecycleStatus, and creationTime. - **list_all_torii_application_users** — List application users in Torii for a specific application using id_app. Returns users with key fields such as email, fullName, status, appName, and user activity details including creationTime, lastVisitTime, and lifecycleStatus. - **list_all_torii_user_applications** — List user applications for a specific user in Torii. Requires id_user. Returns each application's id, name, isUserRemovedFromApp, and state fields indicating the user's association and app status. - **get_single_torii_user_application_by_id** — Get user application in Torii. Requires id_user and id. Returns app fields including id, name, isUserRemovedFromApp, and state. - **update_a_torii_user_application_by_id** — Update a user application in Torii using id_user and id. Returns app fields including id, name, isUserRemovedFromApp, and state to confirm the update result. - **list_all_torii_contracts** — List contracts in Torii for the organization. Returns an array of contract objects with fields such as id, name, status, and idApp. Multi-currency fields are returned in contract currency. - **create_a_torii_contract** — Create a new contract in Torii. Requires name, idApp, and status in the request body. Returns contract fields including id, name, and status. Dates must be in ISOString format; currency cannot be a top-level field. - **get_single_torii_contract_by_id** — Get contract in Torii using id. Returns contract fields including id (unique identifier), name (contract name), and status (contract status). Rate limit: 800 requests per minute. - **delete_a_torii_contract_by_id** — Delete a specific contract in Torii using id. Returns no content on success. Rate limit: 200 requests per minute. - **update_a_torii_contract_by_id** — Update a contract in Torii using id. Supports numeric or object-based amount fields for specifying currency values. Returns contract id, name, and status in the response. - **list_all_torii_roles** — List roles in Torii for the organization. Returns each role with fields id, systemKey, name, description, isAdmin, and usersCount. Rate limit: 100 requests per minute. - **list_all_torii_workflow_action_executions** — List workflow-action-executions in Torii sorted by creationTime in descending order. Returns fields like id, idWorkflow, idAction, isRun, isCompleted, and creationTime for each execution along with nextCursor, count, and total in the response. - **list_all_torii_apps** — List apps used in the organization in Torii. Returns each app’s id, name, state, category, description, tags, primaryOwner, and other relevant details. - **get_single_torii_app_by_id** — Get a specific app in Torii using id. Returns fields including id, name, state, category, url, description, and primaryOwner details for identification and ownership info. Rate limit: 400 requests per minute. - **create_a_torii_app** — Create a new app in Torii. Returns the created app's id, name, state, url, category, description, tags, and isHidden fields. Rate limit: 200 requests per minute. - **update_a_torii_app_by_id** — Update app in Torii by id. Updates app fields including custom fields defined via custom Application Details. Returns app fields: id, name, state, url, category, description, tags, and isHidden. - **torii_apps_search** — Search apps in Torii's catalog using the required parameter q. Returns an array of apps with fields: id, name, category, imageUrl, url, and isHidden. - **get_single_torii_file_by_id** — Get information about a specific file in Torii using id. Returns id, type, fileName, creationTime, and uploadedBy fields describing the file metadata. - **create_a_torii_file** — Create a new file record in Torii using parameters path and type. Returns id, a unique file identifier for the stored record. - **torii_files_upload** — Upload a small file (up to 3MB) to Torii. Requires file and type. Supported formats include .csv, .xls, .xlsx, .pdf, .doc, .docx, .png, .jpg, .jpeg, .xml, .json, .zip. Returns id representing the uploaded file. - **list_all_torii_audit_logs** — List admin audit logs in Torii. Returns performedBy, performedByEmail, idTargetOrg, creationTime, type, requestDetails, and properties fields in the response. Results are sorted by creationTime in descending order. - **list_all_torii_user_custom_fields** — List user custom fields in Torii for connected integrations. Returns fields with id, idOrg, sourceIdApp, name, type, key, and isDeleted. - **list_all_torii_user_field_metadata** — List user fields metadata in Torii including predefined and custom fields. Returns key details such as name, systemKey, type for predefinedFields and idField, name, systemKey, type for customFields. The list of dropdown options is not included. ## How it works 1. **Link your customer's Torii account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Torii.** The Proxy API is a 1-to-1 mapping of the Torii API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate employee offboarding across SaaS apps** — HRIS and HR platforms can update a user's lifecycle status in Torii via Truto, triggering Torii's native automation to revoke access across 100+ connected apps — ensuring zero lingering accounts after termination. - **Pull SaaS contract data for renewal management** — Procurement and vendor management platforms can sync Torii's contract records — including renewal dates, costs, and associated apps — to surface upcoming renewals and write back renegotiated terms, keeping IT's system of record in sync. - **Map application access for compliance audits** — GRC and compliance platforms can read Torii's user-to-application mappings and audit logs to generate automated access reviews and produce de-provisioning evidence required for SOC 2, ISO 27001, and similar frameworks. - **Detect and triage shadow IT in ITSM workflows** — IT service management tools can poll Torii's discovered app catalog to identify unsanctioned software, automatically generate security review tickets, and assign them to the app's primary owner for remediation. - **Centralize user directory data for identity governance** — Identity and security platforms can pull Torii's normalized user directory — including roles, custom fields, and lifecycle statuses — to enrich their own access-risk models without building direct connectors to every downstream SaaS app. ## What you can build - **Lifecycle-triggered SaaS deprovisioning** — Update a Torii user's lifecycle status from your product to automatically kick off cross-app offboarding workflows managed by Torii's automation engine. - **SaaS contract renewal dashboard** — Pull all active Torii contracts with renewal dates, costs, and linked apps to surface a native renewal calendar and write back updated terms after renegotiation. - **Application-level access review reports** — List all user-application assignments from Torii and cross-reference with user lifecycle status to generate access review evidence for auditors in a single view. - **Shadow IT discovery feed** — Continuously sync Torii's app catalog — including app state, category, and primary owner — into your product to flag unsanctioned tools and auto-create remediation workflows. - **Workflow execution status sync** — Poll Torii's workflow action executions to confirm automated onboarding or offboarding tasks have completed before closing corresponding tickets or tasks in your platform. - **Custom user field enrichment** — Read Torii's user custom fields and field metadata to enrich your own user profiles with organization-specific attributes like department, cost center, or manager without manual data entry. ## FAQs ### What authentication method does the Torii integration use? Torii uses API token-based authentication. Your end users generate an API token from their Torii admin console and provide it when connecting through Truto's managed auth flow. ### Which Truto Unified APIs does the Torii integration support? Torii maps to the Unified User Directory API (Organizations, Roles, Users) and the Unified Single Sign-On API (App Users, Apps), giving you standardized access to Torii's user and application data. ### Can I write data back to Torii, or is the integration read-only? The integration supports both read and write operations. You can update users, update user-application records, create/update/delete contracts, create apps, and upload files — in addition to all list and get operations. ### Does the integration support custom fields on Torii users? Yes. You can retrieve user custom fields via list_all_torii_user_custom_fields and their metadata via list_all_torii_user_field_metadata, allowing you to access organization-specific attributes beyond Torii's standard user schema. ### Can I search for specific apps in Torii's catalog? Yes. In addition to listing all apps, the integration exposes a dedicated torii_apps_search tool that lets you query Torii's app catalog by name or other criteria. ### How can I confirm that a Torii automation workflow has completed? Use list_all_torii_workflow_action_executions to poll the status of workflow actions, including completion state and associated workflow IDs, so you can verify offboarding or provisioning tasks finished before taking downstream action.