Skip to main content

Overview

This lab walks through configuring provider-specific AI resources in Retool. As of February 2026, Retool replaced the single Retool AI resource with individual integrations per provider (e.g., OpenAI, Anthropic, and Amazon Bedrock), so they behave like any other resource in your organization.

This approach gives admins finer-grained control: multiple API keys per provider, granular permissions, environment-specific configurations, and cleaner auditability.

Requirements

  • Retool Administrator permission (Admin permission group or Role)
  • An API key for at least one AI provider (OpenAI, Anthropic, or AWS credentials for Bedrock)

What Changed

Previously, AI capabilities were enabled through a single Retool AI toggle in Settings > Retool AI, using a Retool-managed API key. This has been replaced with provider-specific resources that you create and govern like any other Retool data source.

BeforeAfter
Single Retool AI resourcePer-provider resources (OpenAI, Anthropic, Bedrock)
Configured in Settings > Retool AIConfigured in Resources
One API key for the organizationMultiple keys per provider (by team, environment, use case)
Limited permission controlsFull Retool permissions model
AI Action query typeNative resource queries per provider

NOTE: All existing apps, workflows, and agents continue to function based on their current configuration. No migration is required.

Steps

Create an OpenAI Resource

The following steps configure OpenAI as a resource in your organization.

  • From the Retool Home Page, select Resources > Create new > Resource.
  • In the search bar, type OpenAI and select the OpenAI integration.
  • In the resource configuration panel, provide the following:
    • Name: A descriptive name such as OpenAI - Production or OpenAI - Engineering Team.
    • Description: More detailed description if appropriate.
    • Key Source: Select Retool Managed or Bring Your Own Key. For BYOK, the following parameters are available.
      • Base URL: The URL that you are posting requests to, leave this as default if you do not have a proxy.
      • API Key: Paste your OpenAI API key. Keys can be generated in the OpenAI Platform.
      • Headers: Add required headers if necessary.
  • Select Create resource to save.

The resource now appears in the Resources list alongside your other data sources.

Create an Anthropic Resource

Follow the same process to configure an Anthropic resource.

  • Select Resources > Create new > Resource.
  • Search for Anthropic and select the Anthropic integration.
  • Provide the following:
    • Name: For example, Anthropic - Claude 3.7 or Anthropic - Agents.
    • Description: More detailed description if appropriate.
    • Key Source: Select Retool Managed or Bring Your Own Key. For BYOK, the following parameters are available.
      • Base URL: The URL that you are posting requests to, leave this as default if you do not have a proxy.
      • API Key: Paste your Anthropic API key from the Anthropic Console.
      • Headers: Add required headers if necessary.
  • Select Create resource to save.

(Optional) Create an Amazon Bedrock Resource

Amazon Bedrock supports AWS IAM Role-based authentication, which avoids storing long-lived credentials directly in Retool. See the AWS IAM Role lab to configure the IAM Role first, then follow the steps below.

  • Select Resources > Create new > Resource.
  • Search for Bedrock and select the Amazon Bedrock integration.
  • Provide the following:
    • Name: For example, Bedrock - Production.
    • Description: More detailed description if appropriate.
    • Credentials: Select
      • AWS access key ID: Generated in IAM Key Credentials
      • AWS secret key ID: Generated in IAM Key Credentials
      • Role to assume(ARN): Specify the Role ARN configured in the IAM lab that you want Retool to assume other than default.
      • Session Token: AWS Session Token (for temporary credentials) when not using Role to assume.
      • Region: Select the AWS region where Bedrock is enabled for your account (e.g., us-east-1).
  • Select Create resource to save.

Configure Permissions

One of the key advantages of provider-specific resources is that you can control who can create, view, or modify each one using Retool's standard permissions model.

You will need to be a Retool Admin or have a permissive Role to modify the following settings.

  • Select the Settings > User management > Groups tab.
  • Select the Group that you are using to manage permissions for your members.
  • Select Resources.
  • Grant Use access to the groups or users who should be able to query this resource in apps, workflows, and agents.
  • Grant Edit access only to builders who should be allowed to manage queries using the resource.
  • Grant Own access to the team or individual responsible for the resource.

Repeat this process for each provider resource. For example, you may want different teams to access different API keys, or restrict Bedrock access to a specific group while allowing broader OpenAI access.

Configure Environments

If your organization uses Retool Environments, you can configure separate API keys per environment — for example, a development key with lower rate limits for Sandbox and a production key for Production.

  • Open a resource (e.g., OpenAI - Production).
  • In the Environments section, select + to assign an environment configuration.
  • Select an environment and enter the development API key for that environment.
  • Select Save changes.

When developers switch their Retool environment, queries automatically use the corresponding API key.

Verify by Running a Query

To confirm the resource is configured correctly, create a quick test query.

  • Select Apps > Create > App and name it ai-resource-test.
  • Select Code > + > Resource query and choose one of your AI resources (e.g., OpenAI - Production).
  • Set the Action to Chat completion.
  • In the Messages section, add a user message:
What is Retool used for? Answer in one sentence.
  • Select Run and confirm a response is returned in the query panel.

A successful response confirms the resource is correctly configured and accessible to developers.

Summary

This lab walked through replacing the legacy Retool AI single-resource model with per-provider AI Resource Integrations. With this approach, organizations gain:

  • Multiple API key configurations per provider for team or environment isolation
  • Standard Retool permission controls governing who can use or modify each resource
  • Environment-specific keys for separating development and production workloads
  • Full auditability of which apps and workflows use which provider and key