List Environment Integrations ​
List all environment integrations that belong to your environments. You have the flexibility to customize an Integration and its configuration to better suit your specific needs. Customizing integrations allows you to override default settings, add new functionalities, and tailor the integration to fit seamlessly within your environment. Read more about Installing Integrations
Endpoint ​
GET /environment-integrationQuery parameters ​
Refer Specifying query parameters in Truto APIs
Filter by integration ID.
4a4de828-f4db-4c9e-adfd-434e0864c3c7Filter by whether they are shown in catalog.
trueFilter by whether they are enabled.
trueFilter by name of the Integration (from base integration)
trueFilter by category of the Integration (from base integration)
trueResponse Body ​
The ID of the environment integration.
3fda2b4c-0516-41bc-8ae6-4927e42ecce9The ID of the integration this environment integration references.
4a4de828-f4db-4c9e-adfd-434e0864c3c7The ID of the environment in which this integration is installed.
8a2b104d-74a6-47f2-b93e-c6b611e82391Whether this integration is shown in the environment's catalog.
trueWhether this integration is enabled in the environment.
trueThe date and time when the environment integration was created.
2021-08-10T10:00:00.000ZThe date and time when the environment integration was last updated.
2021-08-10T10:00:00.000ZThe referenced integration object.
The ID of the integration.
4a4de828-f4db-4c9e-adfd-434e0864c3c7The name of the integration.
zendeskThe category of the integration.
helpdeskWhether the integration is in beta or not. Beta integrations might not have been tested completely and are not recommended for production environments.
The configuration object defining the underlying API of the integration.
{
"base_url": "https://api.example.com",
"label": "Example API Integration",
"logo": "https://example.com/logo.png",
"icon": "https://example.com/icon.png",
"headers": {
"Content-Type": "application/json",
"Accept": "application/json",
"User-Agent": "truto"
},
"query": {
"search": "{{search_query}}",
"filter": "{{filter_criteria}}"
},
"query_array_format": "comma",
"actions": {
"sync_users": {
"type": "request",
"config": {
"method": "post",
"path": "/sync/users",
"headers": {
"Authorization": "Bearer {{oauth.token.access_token}}"
},
"body": {
"users": "{{context.users}}"
}
}
}
},
"credentials": {
"oauth2": {
"format": "oauth2",
"config": {
"client": {
"id": "your-client-id",
"secret": "your-client-secret"
},
"auth": {
"tokenHost": "https://auth.example.com",
"tokenPath": "/oauth/token",
"refreshPath": "/oauth/refresh"
},
"options": {
"scopeSeparator": " ",
"authorizationMethod": "header",
"bodyFormat": "form"
},
"fields": [
{
"name": "client_id",
"label": "Client ID",
"type": "text",
"required": true
},
{
"name": "client_secret",
"label": "Client Secret",
"type": "password",
"required": true
}
],
"tokenParams": {
"grant_type": "client_credentials"
},
"refreshParams": {
"grant_type": "refresh_token"
},
"tokenExpiryDuration": "3600"
}
}
},
"authorization": {
"format": "bearer",
"config": {
"token": "{{oauth.token.access_token}}"
}
},
"pagination": {
"format": "page",
"config": {
"page_key": "page",
"limit_key": "per_page"
}
},
"rate_limit": {
"is_rate_limited": true,
"retry_after_header_expression": "Retry-After",
"rate_limit_header_expression": "X-RateLimit-Remaining"
},
"resources": {
"users": {
"list": {
"method": "get",
"path": "/users",
"response_path": "data.users",
"headers": {
"Authorization": "Bearer {{oauth.token.access_token}}"
},
"query": {
"page": "{{pagination.page}}",
"per_page": "{{pagination.per_page}}"
},
"pagination": {
"format": "page",
"config": {
"page_key": "page",
"limit_key": "per_page"
}
},
"authorization": {
"format": "bearer",
"config": {
"token": "{{oauth.token.access_token}}"
}
},
"rate_limit": {
"is_rate_limited": true,
"retry_after_header_expression": "Retry-After",
"rate_limit_header_expression": "X-RateLimit-Remaining"
},
"examples": {
"response": "{\n \"data\": {\n \"users\": [\n {\n \"id\": \"123e4567-e89b-12d3-a456-426614174000\",\n \"name\": \"John Doe\",\n \"email\": \"john.doe@example.com\"\n }\n ]\n }\n}\n"
}
}
},
"orders": {
"create": {
"method": "post",
"path": "/orders",
"body": {
"user_id": "{{context.user_id}}",
"items": "{{context.items}}"
},
"response_path": "data.order",
"headers": {
"Authorization": "Bearer {{oauth.token.access_token}}"
},
"authorization": {
"format": "bearer",
"config": {
"value": "{{oauth.token.access_token}}"
}
}
}
}
},
"webhook": {
"signature_verification": {
"format": "hmac",
"config": {
"secret": "{{environment_variables.WEBHOOK_SECRET}}",
"algorithm": "sha256",
"string_type": "hex",
"compare_with": "{{headers.x-signature}}",
"parts": [
"raw_body"
]
}
},
"handle_verification": "{ 'type': webhook_type = 'verify' ? 'verify' : 'payload', 'verification_response': webhook_type = 'verify' ? { 'body': { 'challenge': body.challenge } } }"
},
"error_expression": "status >= 400 ? { 'status': status, 'message': data.error.message }"
}Default base URL prepended to every resource method's path.
https://api.example.comHuman-readable name shown in the Truto Dashboard and Link UI.
Example APIURL to the integration logo (square, recommended 256x256).
URL to a smaller monochrome icon used in catalog listings.
Default HTTP headers merged into every outbound request. Values may be templated with JSONata placeholders.
Default query-string params merged into every outbound request.
commabracketsindicesrepeat
Named integration actions. Reserved keys (post_install, post_connect_user_form, refresh_token, validation) hook into specific platform lifecycle events; custom names are callable from the proxy/sync runtime.
Either a single credential definition (when the integration only supports one auth format) or a map keyed by auth format (when an integration supports multiple, e.g. api_key and oauth2). For multi-format integrations, the customer picks one in the Link UI.
How Truto applies the resolved credential to outbound HTTP requests. The format discriminator selects which config shape applies.
All string values support Truto placeholders ({{path}}) resolved against the runtime context. Common placeholder roots: {{api_key}} for fields collected at connect time, {{oauth.token.access_token}} for OAuth2 access tokens, {{environment_variables.MY_KEY}} for env-vars set at the environment-integration level.
Pagination strategy for an integration or a single resource method. The format discriminator selects which config shape applies.
How Truto detects and reacts to upstream rate-limiting. All fields are JSONata expressions evaluated against the upstream response.
JSONata expression returning a truthy value when the response should be treated as rate-limited. When omitted, Truto falls back to status === 429.
Input: IntegrationRateLimitExpressionContext. Output: boolean.
status = 429JSONata expression returning the seconds to wait before retrying. When omitted, Truto reads the standard Retry-After header.
Input: IntegrationRateLimitExpressionContext. Output: number (seconds).
$number(headers.`retry-after`)JSONata expression returning the current rate-limit window state. Truto forwards this as RateLimit-Limit / RateLimit-Remaining / RateLimit-Reset headers in the proxy response.
Input: IntegrationRateLimitExpressionContext. Output: IntegrationRateLimitHeaderValues.
{ "limit": headers.`x-ratelimit-limit`, "remaining": headers.`x-ratelimit-remaining`, "reset": headers.`x-ratelimit-reset` }
Resource → method tree (e.g. resources.users.list). The inner key is one of the canonical methods (list, get, create, update, delete) or a custom method name. Each method definition matches IntegrationResourceMethod.
Optional tag arrays per resource, surfaced via the Truto MCP tools listing.
How Truto receives and verifies inbound webhooks for this integration. Not to be confused with WebhookSchema elsewhere in this spec, which describes Truto's outbound webhook delivered to your application.
Strategy used to verify the webhook signature before accepting it. Runs after payload_transform and after handle_verification returns { type: 'payload' }.
JSONata expression evaluated on every inbound webhook before signature verification. Use to:
- Respond to handshake pings (return
{ type: 'verify', verification_response: { status_code, body, headers } }). - Surface meta-events that should not fan out (return
{ type: 'meta' }). - Update the integrated account context (return
{ type: 'verify' \| 'payload' \| 'meta', update_context: { ... } }). - Pass through to fan-out (return
{ type: 'payload' }or omit entirely — defaults topayload).
Input: IntegrationWebhookPayloadContext. Output: IntegrationWebhookHandleVerificationResult.
JSONata expression that transforms the raw inbound payload before handle_verification and signature_verification see it. Use to normalize vendor-specific envelopes (e.g. unwrap a Salesforce payloads[] array, decode a base64 body).
Input: IntegrationWebhookPayloadContext. Output: IntegrationWebhookPayloadContext (the same shape — what you return becomes the new payload).
Integration-wide JSONata expression evaluated on every response. Use to detect errors in successful (2xx) responses, normalize error messages, or transform "errors" with < 400 status into successful responses. Overridden by per-method IntegrationResourceMethod.error_expression when set.
Input: IntegrationErrorExpressionContext. Output: IntegrationErrorExpressionResult — return null/undefined to indicate "no error", or a { status, message?, headers?, metadata?, result? } object.
The ID of the team that owns this integration.
05daecaf-4365-42e8-8370-8127de5dd717The sharing policy of the integration.
allowaskdeny
allowThe date and time when the integration was created.
2021-08-10T10:00:00.000ZThe date and time when the integration was last updated.
2021-08-10T10:00:00.000ZA list of environment IDs where this integration is installed.
The team that owns this integration.
The ID of the team.
05daecaf-4365-42e8-8370-8127de5dd717The name of the team.
My Awesome TeamThe domain of the team.
example.comThe URL of the team's logo.
https://example.com/logo.pngWhether the team is verified or not.
trueWhether the team is white-labeled or not.
A link to the team's Terms of Service, if available.
https://example.com/tosWhether the team allows impersonation.
The date and time when the team was created.
2021-08-10T10:00:00.000ZThe date and time when the team was last updated.
2021-08-10T10:00:00.000ZAn optional config override applied for the integration at environment level. Deep-merged on top of the base integration.config at request time.
commabracketsindicesrepeat
How Truto applies the resolved credential to outbound HTTP requests. The format discriminator selects which config shape applies.
All string values support Truto placeholders ({{path}}) resolved against the runtime context. Common placeholder roots: {{api_key}} for fields collected at connect time, {{oauth.token.access_token}} for OAuth2 access tokens, {{environment_variables.MY_KEY}} for env-vars set at the environment-integration level.
Pagination strategy for an integration or a single resource method. The format discriminator selects which config shape applies.
How Truto detects and reacts to upstream rate-limiting. All fields are JSONata expressions evaluated against the upstream response.
JSONata expression returning a truthy value when the response should be treated as rate-limited. When omitted, Truto falls back to status === 429.
Input: IntegrationRateLimitExpressionContext. Output: boolean.
status = 429JSONata expression returning the seconds to wait before retrying. When omitted, Truto reads the standard Retry-After header.
Input: IntegrationRateLimitExpressionContext. Output: number (seconds).
$number(headers.`retry-after`)JSONata expression returning the current rate-limit window state. Truto forwards this as RateLimit-Limit / RateLimit-Remaining / RateLimit-Reset headers in the proxy response.
Input: IntegrationRateLimitExpressionContext. Output: IntegrationRateLimitHeaderValues.
{ "limit": headers.`x-ratelimit-limit`, "remaining": headers.`x-ratelimit-remaining`, "reset": headers.`x-ratelimit-reset` }
How Truto receives and verifies inbound webhooks for this integration. Not to be confused with WebhookSchema elsewhere in this spec, which describes Truto's outbound webhook delivered to your application.
Strategy used to verify the webhook signature before accepting it. Runs after payload_transform and after handle_verification returns { type: 'payload' }.
JSONata expression evaluated on every inbound webhook before signature verification. Use to:
- Respond to handshake pings (return
{ type: 'verify', verification_response: { status_code, body, headers } }). - Surface meta-events that should not fan out (return
{ type: 'meta' }). - Update the integrated account context (return
{ type: 'verify' \| 'payload' \| 'meta', update_context: { ... } }). - Pass through to fan-out (return
{ type: 'payload' }or omit entirely — defaults topayload).
Input: IntegrationWebhookPayloadContext. Output: IntegrationWebhookHandleVerificationResult.
JSONata expression that transforms the raw inbound payload before handle_verification and signature_verification see it. Use to normalize vendor-specific envelopes (e.g. unwrap a Salesforce payloads[] array, decode a base64 body).
Input: IntegrationWebhookPayloadContext. Output: IntegrationWebhookPayloadContext (the same shape — what you return becomes the new payload).
Environment-specific description shown in the catalog.
Environment-specific tags shown in the catalog.
Free-form key/value pairs available to JSONata as {{env.<key>}} for this integration in this environment. Values can be of any type (string, number, boolean, object, array).
bXljdXJzb3I=100