Skip to main content

Connect to REST APIs

Learn how to connect REST APIs to Retool.

You can connect to any REST API and make it available as a resource in Retool. Once complete, your users can write queries that interact with any REST API data.

Requirements and settings

The following requirements for a REST API resource depend on whether you are creating a resource on a cloud-hosted Retool organization or a self-hosted deployment.

Requirements for cloud-hosted Retool

The following requirements must be met to successfully create REST API resources.

RequirementDescription
Sufficient user permissions to create resources

All users for Retool organizations on Free or Team plans have global Edit permissions and can add, edit, and remove resources. If your organization manages user permissions for resources, you must be a member of a group with Edit all permissions.

Resource configuration settings

You must be able to provide the settings needed to create a resource. This may require you to perform actions, such as generating access credentials or creating a client application.

Resource authentication settings

You must have access to the data source and sufficient permissions to perform the actions needed, and be able to provide valid authentication settings.

Allow Retool access to the data source

If the data source is behind a firewall or restricts access based on IP address then you must ensure that your Retool organization can access it. If necessary, configure your data source to allow access from Retool's IP addresses.

Configuration settings for cloud-hosted Retool

Cloud-hosted Retool organizations support the following configuration settings.

SettingDescription
Exclude default headers

Whether to include the default User-Agent header that identifies the request as coming from Retool.

Sanitize custom headers

Whether to sanitize additional custom headers.

Use self-signed certificates

Whether to allow self-signed certificates.

Cloud-hosted Retool organizations can also optionally configure the following advanced options.

SettingDescription
Override default outbound Retool region

Specify a different outbound region from which Retool connects. This can improve performance if your resource is located in a different region to us-west-2.

Authentication settings for cloud-hosted Retool

Cloud-hosted Retool organizations can authenticate with this resource using the following methods. You must be able to provide the necessary credentials for the method you wish to use.

Auth0

Authentication is performed using an Auth0 client application. You must create this application and then provide the details.

SettingDescription
Domain

The domain URL.

Client ID

The client ID.

Client secret

The client secret.

Audience

The audience URL.

Basic

Authentication is performed using Basic HTTP authentication with the provided credentials.

SettingDescription
Username

The username with which to authenticate.

Password

The password with which to authenticate

Bearer

Authentication is performed using Bearer HTTP authentication with the provided token.

SettingDescription
Bearer

The token with which to authenticate.

Digest

Authentication is performed using Digest HTTP authentication with the provided credentials.

SettingDescription
Username

The username with which to authenticate.

Password

The password with which to authenticate

Session-based

Authentication is performed using session-based authentication.

SettingDescription
Cookies to forward

The cookies to forward.

Enable an auth verification endpoint

whether to use a verification endpoint to determine if the user needs to authenticate.

URL to link to for logging in

The URL with which users can authenticate.

OAuth 1.0

Authentication is performed using an OAuth 1.0 client application. You must create this application and then provide the details.

SettingDescription
Consumer key

The consumer key with which to authenticate.

Consumer secret

The consumer secret with which to authenticate.

Access token

The access token with which to authenticate.

Token secret

The access token secret.

Realm

The realm to use.

Signature method

The signature method to use. Either HMAC-SHA1, HMAC-SHA256, or PLAINTEXT.

OAuth 2.0

Authentication is performed using an OAuth 2.0 client application. You must create this application and then provide the details.

SettingDescription
Use client credentials flow

Whether to obtain an access token as an app that shares authentication with all users.

Authorization URL

The authorization endpoint URL.

Access token URL

The access token endpoint URL.

Client ID

The client ID with which to authenticate.

Client secret

The client secret with which to authenticate.

Scopes

Space-separated list of scopes for which to request access.

Prompt

The authentication prompt to use.

Audience

The audience for authentication.

Enable an auth verification endpoint

Whether to use a verification endpoint to determine if the user needs to authenticate.

Share credentials between users

Whether the authenticated credentials should be shared across all users. If enabled, all users share the same credentials and do not need to complete authentication themselves. All queries from Retool are made on behalf of the same authenticated user. Not all resources allow credential sharing so this option may not be available.

Access token lifespan

The lifespan of the access token in seconds. Retool attempts to refresh the access token before the lifespan expires.

1. Create a resource

Sign in to your Retool organization and navigate to the Resources tab. Click Create new > Resource, then select REST API.

2. Configure the resource

Specify a name and location for your REST API resource. Retool displays the resource name and type in query editors to help users identify them. Next, provide the required information to create the resource. Depending on how your data source is configured, you may also need to provide optional settings for Retool to connect.

3. Save the resource

Click Create resource to complete the setup. You can then click either Create app to immediately start building a Retool app or Back to resources to return to the list of resources.

Wrap up

Your REST API resource is now ready to use. To start querying REST API data:

  1. Add a Resource query to an app or a Resource query block to a workflow.
  2. Select the new REST API resource from the resources dropdown.
  3. Write and run a query.