Skip to main content

Retool RPC quickstart

Retool RPC (Remote Procedure Call) is a fast, secure solution for connecting your own codebase to Retool. You define functions in your backend and then call them from Retool apps using a Retool RPC resource.

Features

With Retool RPC, you can:

Architecture and security

Retool RPC is an outbound-only architecture, which means the registered server only makes outbound requests to Retool and never receives inbound requests.

On every start up, the RPC server registers itself and the functions it exposes to Retool. After that completes, the RPC server continuously polls for new requests from Retool in the following flow:

RPC Architecture

Retool stores query requests and responses in a messaging queue. The direction of the arrows represents the direction of the request.

  • The blue arrows represent Pop Query requests, which poll for Run Query requests.
  • The black arrows are Run Query requests, which are made by calling functions in the Retool UI.

When a Pop Query request detects a Run Query request, it interacts with your codebase and then initiates the red flow. This sends a Post Query Response to respond to the original Run Query request.

Only making outbound requests ensures your codebase is never exposed to the internet, and that your data is secure.

Other security measures include:

  • Retool requires a valid access token and resource access for all RPC-related requests.
  • Each resource is given a different queue to ensure isolation between resources.