Retool RPC quickstart
Retool RPC (Remote Procedure Call) is a fast, secure solution for connecting your own codebase to Retool. You define functions in your backend and then call them from Retool apps using a Retool RPC resource.
Features
With Retool RPC, you can:
- Register functions from your codebase and use them in Retool apps.
- Configure function permissions to control access to exposed functions within your organization.
- Use schema versioning to ensure your exposed functions are always up-to-date.
- Ensure customer safety with its outbound-only architecture.
Architecture and security
Retool RPC is an outbound-only architecture, which means the registered server only makes outbound requests to Retool and never receives inbound requests.
On every start up, the RPC server registers itself and the functions it exposes to Retool. After that completes, the RPC server continuously polls for new requests from Retool in the following flow:
Retool stores query requests and responses in a messaging queue. The direction of the arrows represents the direction of the request.
- The blue arrows represent Pop Query requests, which poll for Run Query requests.
- The black arrows are Run Query requests, which are made by calling functions in the Retool UI.
When a Pop Query request detects a Run Query request, it interacts with your codebase and then initiates the red flow. This sends a Post Query Response to respond to the original Run Query request.
Only making outbound requests ensures your codebase is never exposed to the internet, and that your data is secure.
Other security measures include:
- Retool requires a valid access token and resource access for all RPC-related requests.
- Each resource is given a different queue to ensure isolation between resources.