Skip to main content

Connect to gRPC

Learn how to connect your gRPC database to Retool.

You can connect to gRPC and make it available as a resource in Retool. Once complete, your users can write queries that interact with gRPC data.

Requirements and settings

The following requirements for a gRPC resource depend on whether you are creating a resource on a cloud-hosted Retool organization or a self-hosted deployment.

For more information on how to obtain the necessary information from gRPC, refer to its documentation.

Requirements for cloud-hosted Retool

The following requirements must be met to successfully create gRPC resources.

Sufficient user permissions to create resources

All users for Retool organizations on Free or Team plans have global Edit permissions and can add, edit, and remove resources. If your organization manages user permissions for resources, you must be a member of a group with Edit all permissions.

Resource configuration settings

You must be able to provide the settings needed to create a resource. This may require you to perform actions, such as generating access credentials or creating a client application.

Resource authentication settings

You must have access to the data source and sufficient permissions to perform the actions needed, and be able to provide valid authentication settings.

Allow Retool access to the data source

If the data source is behind a firewall or restricts access based on IP address then you must ensure that your Retool organization can access it. If necessary, configure your data source to allow access from Retool's IP addresses.

Configuration settings for cloud-hosted Retool

Cloud-hosted Retool organizations support the following configuration settings.


The host server address.


The host server connection port.

Database name

The name of the database to use.

Service definition source

Whether to use Server Reflection or provide a URL to import a Proto file.

Proto file URL

The URL of the Proto file.

Proto file URL authentication headers

Custom headers when using the Proto file URL.


Key-value pairs with which to customize the connection.

Cloud-hosted Retool organizations can also optionally configure the following advanced options.

Override default outbound Retool region

Specify a different outbound region from which Retool connects. This can improve performance if your resource is located in a different region to us-west-2.

Maximum incoming message size

Maximum incoming message size, in bytes.

Maximum outgoing message size

Maximum outgoing message size, in bytes.

Authentication settings for cloud-hosted Retool

Cloud-hosted Retool organizations can authenticate with this resource using the following methods. You must be able to provide the necessary credentials for the method you wish to use.


Authentication is performed using an Auth0 client application. You must create this application and then provide the details.


The domain URL.

Client ID

The client ID.

Client secret

The client secret.


The audience URL.


Authentication is performed using Bearer HTTP authentication with the provided token.


The token with which to authenticate.

OAuth 2.0

Authentication is performed using an OAuth 2.0 client application. You must create this application and then provide the details.

Use client credentials flow

Whether to obtain an access token as an app that shares authentication with all users.

Authorization URL

The authorization endpoint URL.

Access token URL

The access token endpoint URL.

Client ID

The client ID with which to authenticate.

Client secret

The client secret with which to authenticate.


Space-separated list of scopes for which to request access.


The authentication prompt to use.


The audience for authentication.

Enable an auth verification endpoint

Whether to use a verification endpoint to determine if the user needs to authenticate.

Share credentials between users

Whether the authenticated credentials should be shared across all users. If enabled, all users share the same credentials and do not need to complete authentication themselves. All queries from Retool are made on behalf of the same authenticated user. Not all resources allow credential sharing so this option may not be available.

Access token lifespan

The lifespan of the access token in seconds. Retool attempts to refresh the access token before the lifespan expires.

Custom authentication flow

You define a custom authentication flow with which Retool uses to authenticate. This can contain multiple steps and is best suited for complex authentication flows.


1. Create a resource

Sign in to your Retool organization and navigate to the Resources tab. Click Create new > Resource, then select gRPC.

2. Configure the resource

Specify a name and location for your gRPC resource. Retool displays the resource name and type in query editors to help users identify them. Next, provide the required information to create the resource. Depending on how your data source is configured, you may also need to provide optional settings for Retool to connect.

3. Test the connection

Click Test Connection to verify that Retool can successfully connect to gRPC. If the test fails, check the resource settings and try again.

Testing only verifies connection

Testing a connection only checks whether Retool can successfully connect to the resource. It cannot check whether the provided credentials have sufficient privileges or can perform every supported action.

4. Save the resource

Click Create resource to complete the setup. You can then click either Create app to immediately start building a Retool app or Back to resources to return to the list of resources.

Wrap up

Your gRPC resource is now ready to use. To start querying gRPC data:

  1. Add a Resource query to an app or a Resource query block to a workflow.
  2. Select the new gRPC resource from the resources dropdown.
  3. Write and run a query.