--- title: Twingate API Integration on Truto slug: twingate category: Application Development canonical: "https://truto.one/integrations/detail/twingate/" --- # Twingate API Integration on Truto **Category:** Application Development **Status:** Generally available ## Unified APIs ### Unified User Directory API - **Users** — The User object represents a User. ## How it works 1. **Link your customer's Twingate account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Twingate.** The Proxy API is a 1-to-1 mapping of the Twingate API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate identity governance across zero-trust network access** — IGA and compliance platforms can pull Twingate user and group data to detect orphaned accounts, enforce least-privilege access policies, and generate audit-ready reports — helping their customers maintain SOC 2 and HIPAA compliance without manual reconciliation. - **Power just-in-time access provisioning for privileged networks** — Privileged access management tools can programmatically add and remove users from Twingate groups to grant temporary, scoped network access — enabling time-bound SSH or database access workflows that automatically revoke permissions after a defined window. - **Centralize user visibility for MSP administration dashboards** — Platforms built for managed service providers can aggregate Twingate user directories across multiple client tenants into a single view, enabling MSPs to monitor active accounts, detect security drift, and streamline onboarding/offboarding at scale. - **Sync user lifecycle events from HR systems to network access** — Workforce management and HR platforms can cross-reference employee records with Twingate's user directory to automatically suspend network access for terminated employees and provision access for new hires — closing the gap between HR actions and infrastructure security. - **Enrich security posture dashboards with network identity data** — Security and observability platforms can ingest Twingate user and group membership data to correlate network access patterns with identity context, surfacing over-privileged users or anomalous access across zero-trust environments. ## What you can build - **Ghost account detection and auto-remediation** — Cross-reference Twingate's active user list with your HR or IdP data to flag and automatically suspend accounts belonging to former employees or inactive contractors. - **Unified user directory with Twingate network context** — Display Twingate user roles, states, and group memberships alongside identities from other connected platforms in a single, normalized view for compliance teams. - **Automated onboarding group assignment** — When a new employee is detected in your system, automatically add them to the appropriate Twingate groups based on department or role to grant day-one network access. - **Scheduled access review campaigns** — Generate periodic access review reports that list every Twingate user, their group memberships, and role assignments so managers can certify or revoke access in your product's UI. - **Multi-tenant Twingate user aggregation for MSPs** — Let MSP customers connect multiple Twingate accounts and view all users across client environments in a consolidated dashboard with filtering and alerting. - **Real-time offboarding workflow trigger** — Trigger immediate Twingate user suspension or role downgrade from your platform when an offboarding event fires — ensuring network access is revoked in lockstep with identity lifecycle changes. ## FAQs ### How does authentication work for the Twingate integration? Twingate uses API keys scoped to a specific network. End users generate an API key from their Twingate Admin Console, which Truto securely stores and manages. Truto handles token injection on every request so your application never touches raw credentials. ### What data can I access through the Unified User Directory API for Twingate? Through the Unified User Directory API, you can access Twingate user records including user roles, user states (active, suspended), and group memberships. This covers the core identity data needed for governance, compliance, and lifecycle management workflows. ### Twingate uses a GraphQL API — does that affect how I interact with it through Truto? No. Truto abstracts Twingate's GraphQL API behind a normalized REST interface via the Unified User Directory API. You work with consistent REST endpoints and JSON payloads — Truto handles the GraphQL query construction, pagination cursors, and response normalization. ### Are Twingate-specific tools available today, or are they built on request? Twingate tools beyond the Unified User Directory API (Users) are built on request. If you need access to resources, connectors, devices, or security policies, Truto can scope and build those tools based on your specific use case — typically within days. ### How does Truto handle pagination for Twingate's GraphQL API? Truto manages cursor-based pagination natively. When you query users or groups, Truto automatically follows pagination cursors across multiple GraphQL requests and returns a complete, unified result set — so you don't need to implement pagination logic yourself. ### Can I write data back to Twingate, or is this read-only? Twingate's API supports full CRUD operations on users and groups. The specific write operations available through Truto depend on the tools configured for your integration. Contact Truto to scope write capabilities like user suspension, role updates, or group membership changes for your use case.