Configure a custom domain for Retool Cloud
Learn how to configure a custom domain for your Retool Cloud organization.
You can configure your Retool Cloud organization to use a custom domain. This enables your users to more easily navigate and improves the embedded app across browsers.
1. Configure DNS
DNS configuration needs to be completed with the tooling you use to manage your top level domain name. This is often the registrar where you registered the domain, or a DNS provider such as Cloudflare or AWS.
Create an A record mapping either the top level domain or subdomain to Retool’s IP addresses:
- 35.92.202.168
- 35.92.202.169
- 35.92.202.170
Retool recommends against using wildcard * DNS entries for your configuration as these can expose you to domain takeovers.
DNS changes can take up to 24 hours to propagate in some cases. To validate that your DNS is configured and propagated, you can use the dig command on the command line:
$ dig retool.example.com +nostats +nocomments +nocmd
; <<>> DiG 9.10.6 <<>> retool.example.com +nostats +nocomments +nocmd
;; global options: +cmd
;retool.example.com. IN A
retool.example.com. 120 IN A 35.92.202.168
2. Configure Retool
Navigate to /settings/branding in your organization's Retool settings. Under Add a custom domain, enter the domain name in the text box.
The domain briefly enters a pending state while Retool provisions HTTPS certificates and updates internal infrastructure to support the new domain. An error state likely indicates that the DNS wasn't updated to point to Retool. If this occurs, verify that your DNS is updated and that dig shows the correct IP addresses, and then retry verification.
3. Log in
The domain should be configured after a few minutes. Sign out of your organization and back in through your custom domain to confirm. Your new login page should be visible on <your_custom_domain>/auth/login.
Note that you can still log in through <your_subdomain>.retool.com/auth/login as well as <your_custom_domain>/auth/login.
Using Retool Embed
To embed Retool applications from your Retool-hosted organization into a website like https://example.com, ensure that Retool is on the root example.com domain or a subdomain like retool.example.com. Because Retool is the hosting provider, you need to make some changes to your DNS configuration.
Some web browsers, like Safari, block third party cookies by default. Since Retool sets cookies when authenticating users, attempting to authenticate the embedded Retool app across domains is not possible in these browsers, unless you change your browser's cookie privacy settings.
After a custom domain is set, Retool Embed works as described in the Embed apps with Retool Embed guide. As is the case with self-hosted instances, the API request to generate the embed URL should point to https://<your_custom_domain>/api/embed-url/external-user, and the signed embed URL will use the custom domain you set up.