Share your apps externally
Share your apps with users outside your organization.
If you've built internal apps in Retool, you can share those tools with customers, partners, or other external users. Retool offers three primary ways to do so. These options let you securely expose Retool apps to end users while maintaining full control over the user experience. This guide covers all approaches and helps you determine which best fits your use case.
Public links
Available on Team, Business, and Enterprise plans.
If your app does not contain any restricted information, and you want it to be easily accessible, you can generate a public link to the app. This makes the app available, without authentication, to anyone who has the URL.
When to choose public links:
- You want anyone on the internet to be able to view your app.
- Your app doesn’t expose any user-specific data.
For more information, refer to Preview and share web apps with users.
Embedded apps
You can embed your Retool apps directly into your existing web applications. Retool supports both React and JavaScript SDKs to simplify the integration process.
With embedded apps, users can authenticate through the existing authentication system in which your app is embedded, so they don’t need to log in twice. The backend of your app uses the Retool API to generate a secure, single-use embed URL that grants access to the app. You can also pass metadata into each session to personalize the experience and manage access centrally.
Choose embedded apps when:
- You have an existing customer-facing product or web app, and you want to enhance it with new functionality.
- You want to ship new features fast, without building them from scratch.
- You want to modernize a legacy system.
- You want to bring multiple internal workflows into a single interface.
For more information, explore the embedded apps conceptual overview, or follow the guide to get started.
External apps
Available on Business and Enterprise plans.
Retool also lets you fully white-label the Retool experience to deliver web applications to end users in a controlled, branded environment, like a custom portal. You can create a standalone experience that reflects your brand, complete with custom domains, themes, and customizable product pages like login and user invites. Built-in navigation and permission controls make it easy to link multiple apps together into a unified, seamless interface.
External users are billed separately and at lower prices. Find out more on the external user page.
Choose external apps when:
- You want to launch a customer-facing portal with full control over the end-to-end user journey.
- You need to deliver multiple tools within a single, cohesive, branded interface.
- You don’t have an existing product or want to launch a new standalone experience for your end users.
- You want to pay a lower amount for external users.
For more information, explore the external apps conceptual overview, or follow the guide to get started.
App sharing options comparison
Use the following table to compare the available options for sharing your app:
| Sharing mechanism | Authentication method | Plan availability |
|---|---|---|
| Public links | No authentication supported. | Team, Business, and Enterprise plans. |
| Embedded apps | Authentication for internal and external users through parent window. | All plans. Business and Enterprise plans only when using the Retool API for authentication. |
| External apps | Custom, white-labeled authentication for internal and external users. | Business and Enterprise plans. |
Frequently asked questions
Can my embedded app users log in with their existing username and password from the parent app?
Yes, you can authenticate users through your existing system using one of the following methods.
- Using the Embed SDK: Pass your user's authentication into Retool via the Platform API.
- Using SSO: Connect Retool to the same identity provider.
- Other setups: If you're not using the SDK or SSO, it depends on your architecture and whether authentication can be coordinated between systems. Contact Retool to discuss your options.
Can I embed Retool apps without using the JavaScript or React SDKs?
Yes, simple iFrame embeds are supported, but they’re not compatible with authentication via the Retool API. To avoid double login and provide a secure user experience, Retool recommends using SSO with a shared identity provider when embedding with an iFrame.
How do I embed a public Retool app that doesn't require a login?
If your apps don’t expose any user-specific data, use a public link in an iFrame.
Does Retool support connecting to multiple SSO providers?
Yes, Retool supports multiple SSO provider connections for external apps using Spaces or a multi-instance self-hosted deployment. Contact the Retool team to learn more.
What are the best practices for environments with external apps?
Please refer to Retool's environment best practices.
How do I set up permission groups for external apps?
Retool recommends removing all access (Edit, Use, Own) from the All Users group and using the External User group as the primary permission group.
You can also specify a Retool app as a landing page. Once set, users in that permission group will be directed to that landing page app after they log in.
How do I hide internal organizational information from external users?
To prevent external users from seeing internal information, go to the Permissions page for the relevant permission group. Under Additional > Settings page visibility, uncheck options like View account details, View users page with emails, Audit logs, and Usage analytics. This ensures sensitive internal organizational data remains hidden from external users.
Can I see examples of customer-facing apps built by Retool customers?
You can explore several examples on the Customer Stories page, which includes samples of external apps, including portals, net-new customer-facing features, and other interfaces designed for external users.