Connect to Google Drive

Connect Google Drive to Retool to read, write, and manage files and folders using the Drive API.

Google Drive is a cloud storage service for files, folders, and shared documents across users and teams. Retool connects to Google Drive through the Drive API v3 using either OAuth 2.0 or a Google service account.

After you create a Google Drive resource in Retool, you can:

• List, search, and read files and folders shared with the authenticated account.
• Upload new files, update existing files, and replace file contents.
• Move, rename, copy, and delete files and folders.
• Manage file permissions and share files with users or groups.
• Read and write metadata such as descriptions, properties, and labels.

Before you begin

To connect Google Drive to Retool, you need the following:

Cloud instances

• Google account: A Google account or Google Workspace user with access to the files and folders you want to query.
• Retool permissions: Edit all permissions for resources in your organization.

Self-hosted instances

• Google account: A Google account or Google Workspace user with access to the files and folders you want to query.
• Custom OAuth 2.0 client: A Google OAuth 2.0 client configured for your Retool instance. Self-hosted instances cannot use Retool's hosted OAuth app and must provide their own client ID and secret. Service account authentication does not require an OAuth client.
• Network access: Your Retool instance must be able to reach accounts.google.com, oauth2.googleapis.com, and www.googleapis.com over HTTPS.
• Retool permissions: Edit all permissions for resources in your organization.

Create a Google Drive resource

Follow these steps to create a Google Drive resource in your Retool organization.

1. Create a new resource

In your Retool organization, navigate to Resources in the main navigation and click Create new → Resource. Search for Google Drive and click the Google Drive tile to begin configuration.

Use folders to organize your resources by team, environment, or data source type. This helps keep your resource list manageable as your organization grows.

2. Configure general settings

Specify a name and description for the resource that indicates which Google account or workspace it connects to. The description provides more context to users and Assist about how to use the resource.

Example name	Example description
Google Drive	Default Google Drive resource for the engineering team. Read and write access scoped to shared engineering folders.
Google Drive (read only)	Read-only Google Drive resource for displaying marketing assets in internal apps.

When using Retool's hosted OAuth app (Cloud) or a custom OAuth app (self-hosted), you typically only need one resource. Each user authenticates individually and can only access their own files. Creating multiple resources is usually unnecessary unless you need to support multiple OAuth applications or mix OAuth with service account authentication.

3. Configure authentication

Configure the connection settings for your Google Drive resource under the Credentials section of the resource configuration form.

Google Drive resource configuration form.

Authentication

Google Drive supports two authentication methods. Choose based on whether queries should run as the signed-in user or as a non-interactive service identity.

Authentication method	Use cases
OAuth 2.0	Interactive apps where each user authenticates with their own Google account. Each user only sees the files they have access to in Drive.
Google Service Account	Automated workflows, scheduled queries, and shared internal apps that need to act as a non-interactive service identity. Files must be explicitly shared with the service account's email address.

Cloud instances

option A: OAuth 2.0 with Retool's hosted app (recommended)

Retool provides a hosted OAuth 2.0 client for Cloud organizations, so no external configuration is required.

1. Select OAuth 2.0 as the Authentication method.
2. Choose the Type:
   • Read only—queries can read files and metadata only.
   • Read and write—queries can read, modify, and delete files.
3. Optionally enable Share credentials between users to allow all users of the resource to share a single set of credentials. By default, each user authenticates individually.
4. Click Connect with OAuth and authorize Retool to access your Google Drive.
5. Click Create resource to save.

option B: Google service account

Use a service account when queries should run as a non-interactive service identity rather than as the signed-in user.

1. Create a service account in the Google Cloud Console and generate a JSON key.
2. In Google Drive, share the files and folders the service account needs to access with the service account's email address.
3. In Retool, select Google Service Account as the Authentication method.
4. Choose the Type: Read only or Read and write.
5. Paste the JSON contents of your service account key into the Service account key field.
6. Click Create resource to save.

Refer to Google's service account documentation for setup details and key rotation guidance.

Self-hosted instances

option A: OAuth 2.0 with a custom app (recommended)

Self-hosted instances must provide their own Google OAuth 2.0 client. Retool's hosted OAuth app is only available for Cloud organizations.

1. Create an OAuth 2.0 client in the Google Cloud Console and configure the authorized redirect URI for your Retool instance.
2. In Retool, select OAuth 2.0 as the Authentication method.
3. Enter the Client ID and Client secret from your OAuth 2.0 client.
4. Choose the Type:
   • Read only—queries can read files and metadata only.
   • Read and write—queries can read, modify, and delete files.
5. Optionally enable Share credentials between users to allow all users of the resource to share a single set of credentials.
6. Click Connect with OAuth and authorize Retool to access your Google Drive.
7. Click Create resource to save.

option B: Google service account

Use a service account when queries should run as a non-interactive service identity rather than as the signed-in user. Service accounts do not require a custom OAuth client.

1. Create a service account in the Google Cloud Console and generate a JSON key.
2. In Google Drive, share the files and folders the service account needs to access with the service account's email address.
3. In Retool, select Google Service Account as the Authentication method.
4. Choose the Type: Read only or Read and write.
5. Paste the JSON contents of your service account key into the Service account key field.
6. Click Create resource to save.

Type

The Type setting controls the OAuth scope used for Drive API calls. Choose the most restrictive option that still supports your apps.

Type	Scope	API access
Read only	https://www.googleapis.com/auth/drive.readonly	Read files and metadata. Use for apps that only display, search, or download Drive content.
Read and write	https://www.googleapis.com/auth/drive	Full read and write access, including delete. Use for apps that upload, update, move, share, or delete files.

To change the Type after a resource has been created, update the authentication settings and re-authorize the resource. Users are prompted to re-consent on the next query.

Outbound region

Cloud instances

By default, requests originate from your organization's outbound region (for example, us-west-2). Enable Override default outbound Retool region to route requests through a different region. This is useful when Drive API access is restricted by IP or when you need to align with data residency requirements.

Self-hosted instances

Self-hosted instances do not have the outbound region field.

4. Save the resource

Click Create resource to save your Google Drive resource.

Google Drive resources cannot be tested from the resource configuration screen. Save the resource and verify the connection by running a query—for example, list files at https://www.googleapis.com/drive/v3/files?pageSize=1.

Query Google Drive data

Once you've created a Google Drive resource, you can query it in apps, workflows, and agent tools. Google Drive queries call the Drive API v3 directly. Retool provides an Operation field for the endpoint path and HTTP method, plus a request body, headers, and URL parameters scoped to that endpoint.

Create a query

You can create a Google Drive query using Assist to generate queries with natural language, or manually by selecting an operation.

Assist

Use Assist to generate queries from natural language prompts.

To create a query with Assist:

1. In the Retool app IDE, click the Assist button at the bottom of the left toolbar to open the Assist panel.
2. Write a prompt describing the data you want to retrieve, referencing your resource using @.
3. Press Enter to submit the prompt.
4. Select your Google Drive resource when prompted.
5. Review the generated query and click Run query to add it to your app.

list files in {{ folderInput.value }} modified in the last 7 days using @Google Drive

find all PDFs shared with me using @Google Drive

upload {{ fileInput1.value[0] }} to {{ folderSelect.value }} using @Google Drive

Code

To manually create a Google Drive query in a Retool app:

1. In the Retool app IDE, open the Code tab, then click + in the page or global scope.
2. Select Resource query.
3. Choose your Google Drive resource.
4. In the Operation field, enter the endpoint path and HTTP method (for example, /files GET).
5. Configure any URL parameters, request body, or headers required by the endpoint, then run the query.

Query configuration fields

The Google Drive query editor exposes a small set of fields. The fields below describe the Retool-side configuration—for the full list of available endpoints and parameters, refer to the Drive API reference.

Operation

Specify the endpoint path and HTTP method as a single value. The base URL https://www.googleapis.com/drive/v3 is prepended automatically—provide everything after that. The path can include path parameters such as a file ID.

Examples

# List files
/files GET

# Get a single file's metadata
/files/{{ fileIdInput.value }} GET

# Copy a file
/files/{{ fileIdInput.value }}/copy POST

# Create a permission on a file
/files/{{ fileIdInput.value }}/permissions POST

# Delete a file
/files/{{ fileIdInput.value }} DELETE

URL parameters

Add URL parameters in the URL parameters section of the query editor to pass query-string arguments to the endpoint. Path parameters (like a file ID) belong in the Operation path, not here. Common URL parameters include:

Parameter	Description	Example
q	A Drive search query string. Supports operators for name, mime type, parents, modified time, and trashed status.	name contains 'report' and mimeType = 'application/pdf'
fields	A comma-separated list of fields to include in the response. Reduces payload size for list operations.	files(id,name,mimeType,modifiedTime)
pageSize	Maximum number of files to return per page (max 1000).	100
pageToken	Pagination token returned from a previous list call.	{{ listFilesQuery.data.nextPageToken }}
supportsAllDrives	Set to true to include shared drives in results and operations.	true
addParents / removeParents	Folder IDs to add or remove when patching a file's location.	{{ newFolderInput.value }}

Request body

For write operations (POST, PATCH), provide a JSON body matching the Drive API resource schema. Use embedded expressions to interpolate values from app state.

Example: create a folder

{
  "name": {{ textInput1.value }},
  "mimeType": "application/vnd.google-apps.folder",
  "parents": ["{{ parentFolderInput.value }}"]
}

Advanced

Use the Advanced section to add request headers or URL parameters not covered by the operation's defaults. The Authorization header is set automatically from the resource's authentication.

Google Drive query examples

These examples demonstrate the most common Google Drive operations in Retool apps. For a complete reference of available operations and parameters, refer to the Drive API documentation.

list files in a folder

Create a query named listFilesQuery to list the files in a specific folder.

Configure the query:

Field	Value
Operation	/files GET
URL parameters	q='{{ folderIdInput.value }}' in parents and trashed = false fields=files(id,name,mimeType,modifiedTime,size,webViewLink) pageSize=100 orderBy=modifiedTime desc

Add a Table component and set its Data property to {{ listFilesQuery.data.files }}.

Format the table columns:

• Modified time: Use a date/time formatter to display timestamps in the user's local timezone.
• MIME type: Map values to human-readable labels (for example, application/vnd.google-apps.spreadsheet → "Sheet").
• Web view link: Render as a clickable link to open the file in Google Drive.

search files by name and type

Create a query named searchFilesQuery to find files matching a user-provided name and MIME type.

Configure the query:

Field	Value
Operation	/files GET
URL parameters	q=name contains '{{ searchInput.value }}' and mimeType = '{{ typeSelect.value }}' and trashed = false fields=files(id,name,mimeType,owners,modifiedTime,webViewLink) pageSize=50

Add a Text Input (searchInput) and a Select (typeSelect) with options for common MIME types (Docs, Sheets, Slides, PDFs).

Add an event handler to the Submit event of the text input that runs searchFilesQuery. Display results in a Table component bound to {{ searchFilesQuery.data.files }}.

move a file to a different folder

Create a query named moveFileQuery to move a file from one folder to another using addParents and removeParents.

Configure the query:

Field	Value
Operation	/files/{{ table1.selectedRow.data.id }} PATCH
URL parameters	addParents={{ targetFolderInput.value }} removeParents={{ currentFolderInput.value }} fields=id,parents

Leave the request body empty—Drive resolves the move purely from the URL parameters. Add an event handler that runs the query and refreshes the folder's file list on success.

File uploads use the https://www.googleapis.com/upload/drive/v3/files base URL, which is not the prefix this resource targets. To upload binary content, create a separate REST API resource pointing at the upload endpoint.

create a folder

Create a query named createFolderQuery to create a new folder under a parent folder.

Configure the query:

Field	Value
Operation	/files POST

Set the Request body to:

{
  "name": {{ folderNameInput.value }},
  "mimeType": "application/vnd.google-apps.folder",
  "parents": ["{{ parentFolderInput.value }}"]
}

Add an event handler to a form's Submit event that runs createFolderQuery and shows a success notification with the new folder ID from {{ createFolderQuery.data.id }}.

share a file with a user

Create a query named shareFileQuery to grant a user access to a file.

Configure the query:

Field	Value
Operation	/files/{{ table1.selectedRow.data.id }}/permissions POST

Set the Request body to:

{
  "type": "user",
  "role": {{ roleSelect.value }},
  "emailAddress": {{ emailInput.value }}
}

Where roleSelect is a Select component with options reader, commenter, and writer.

Add an event handler to the form's Submit event that runs shareFileQuery and shows a success notification on completion.

Best practices

Follow these best practices to optimize performance, maintain security, and ensure data integrity when working with REST APIs.

Performance

• Cache responses: For data that doesn't change frequently, enable query caching to reduce API calls and improve response times.
• Use pagination: Implement pagination for endpoints that return large datasets to reduce payload size and improve performance.
• Batch requests: When available, use batch API endpoints to combine multiple operations into a single request.
• Minimize payload size: Request only the fields you need using query parameters or API-specific field selection features.
• Set appropriate timeouts: Configure query timeouts based on expected API response times to prevent hung requests.

Security

• Use configuration variables: Store API keys and tokens in configuration variables or secrets rather than hardcoding them.
• Use HTTPS only: Always connect to APIs over HTTPS to encrypt data in transit and protect authentication credentials.
• Rotate credentials regularly: Follow your API provider's recommendations for credential rotation and key management.
• Validate SSL certificates: Keep SSL certificate verification enabled unless absolutely necessary for development environments.
• Use resource environments: Configure multiple resource environments to maintain separate API configurations for production, staging, and development.
• Apply least privilege: Use API keys with minimal required permissions. Create separate keys for different environments.

Data integrity

• Validate user input: Sanitize and validate all user input before including it in API requests to prevent injection attacks.
• Handle errors gracefully: Configure error notifications and fallback behavior for failed API calls to improve user experience.
• Use idempotency keys: For APIs that support idempotency keys, include them in POST/PATCH requests to prevent duplicate operations.
• Verify responses: Check response status codes and validate response data structure before using it in your app.
• Implement retry logic: For transient failures, use Retool's automatic retry settings or implement custom retry logic with exponential backoff.

Google Drive-specific considerations

• Choose the narrowest scope: Use the drive.readonly scope unless your app needs to upload, update, or delete files. Switching from a broader scope to a narrower one later forces every user to re-consent.
• Cache file listings: Drive list operations count against your daily API quota. For folder views that don't change frequently, enable query caching and refresh on user action rather than polling.
• Store file IDs, not paths: Drive identifies files by ID, not path. Persist file IDs in your database or app state rather than file names or links—names can change and links can be revoked.
• Handle large files with resumable uploads: For files larger than 5 MB, use the resumable upload protocol rather than multipart upload. Refer to Google's upload guide for details.
• Include supportsAllDrives=true for shared drives: Operations on files in shared drives require the supportsAllDrives parameter set to true. Without it, requests fail with a permission error.

Related resources

Google OAuth credentials

Set up a custom Google OAuth 2.0 client for self-hosted Retool.

Connect to Google Sheets

Read and write spreadsheet data alongside Drive files.

Create a resource

Learn how to create and manage resources in Retool.

Resource environments

Configure separate credentials for production and non-production environments.

Google Drive API reference

Full reference for the Drive API v3 endpoints and parameters.

Retool community: Google Drive

Community discussions and solutions for Google Drive integrations.