# Torq

SureCloud connects to Torq to retrieve security orchestration workflow inventory, execution status, and integration health data. This allows SureCloud to verify that Torq's no-code security automation workflows are active and running — confirming that automated evidence collection, alert response, and security operations workflows are executing as expected and contributing to your continuous compliance evidence pipeline.

## Authentication and setup

Torq authenticates API requests using an API token. SureCloud uses a read-only token generated within your Torq workspace.

{% stepper %}
{% step %}
**Generate an API token in Torq**

Log in to the Torq console at [torq.io](https://torq.io/). Navigate to **Settings → API Keys** and click **Create API Key**. Name it `SureCloud CCM` and assign it read-only permissions. Copy the token — it is only shown once.
{% endstep %}

{% step %}
**Enter the token in SureCloud**

Navigate to **SureCloud → Integrations → Torq → Connect**. Paste the API token and click **Save**.
{% endstep %}

{% step %}
**Test the connection**

Click **Test Connection**. SureCloud will verify the token and confirm access to workflow and execution data.
{% endstep %}
{% endstepper %}

{% hint style="warning" %}
Store the API token securely — it is only shown once at generation. SureCloud encrypts it at rest, but treat it as a sensitive credential. Rotate it every 90 days in **Torq → Settings → API Keys** and update it in **SureCloud → Integrations → Torq → Edit Connection**.
{% endhint %}

## Endpoints

| API Call                                | Use Case                                                                  |
| --------------------------------------- | ------------------------------------------------------------------------- |
| `GET /api/v1/workflows`                 | Enumerate automation workflows and their active/inactive status           |
| `GET /api/v1/workflows/{id}`            | Retrieve individual workflow detail including trigger type and step count |
| `GET /api/v1/workflows/{id}/executions` | Retrieve execution records for a workflow to confirm it is running        |
| `GET /api/v1/integrations`              | List connected integrations and their authentication status               |
| `GET /api/v1/workspace`                 | Retrieve workspace configuration and access settings                      |

## Pagination

`GET /api/v1/workflows` and `GET /api/v1/workflows/{id}/executions` use cursor-based pagination. SureCloud uses the `next_cursor` value from each response as the `cursor` parameter in the next request, continuing until no cursor is returned.

```bash
GET /api/v1/workflows/{id}/executions?limit=100&cursor=<value_from_previous_response>
```

## Required permissions

SureCloud requires a Torq API token with read-only access to:

* Workflow inventory and configuration
* Workflow execution history
* Integration connection status
* Workspace settings

No workflow creation, trigger, or modification permissions are required.

## Polling frequency

| Data Type                     | Interval       |
| ----------------------------- | -------------- |
| Workflow inventory and status | Every 24 hours |
| Workflow execution history    | Every 6 hours  |
| Integration health status     | Every 24 hours |

## Troubleshooting

<details>

<summary>Connection test returns 401 Unauthorized</summary>

The API token is invalid or has been revoked. Navigate to **Torq → Settings → API Keys**, confirm the token is active, and regenerate it if necessary. Update it in **SureCloud → Integrations → Torq → Edit Connection**.

</details>

<details>

<summary>Workflow execution history is empty for active workflows</summary>

Execution records are only available for workflows that have been triggered within the collection window. If a workflow is active but uses an infrequent trigger (e.g. weekly schedule), there may be no executions within the default lookback period. Confirm the workflow is being triggered as expected in the Torq console.

</details>

<details>

<summary>Some workflows are missing from SureCloud</summary>

Torq workflows may be scoped to specific teams or projects. If the API token account does not have access to all teams, workflows in inaccessible teams will not appear. Confirm the API token has workspace-wide read access in **Torq → Settings → API Keys**.

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://surecloud.gitbook.io/surecloud-docs/integrations/ccm-and-evidence-collection-integrations/torq.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.