My goal: Use an OpenAPI 3.1.0 JSON file as a Retool resource (Per documentation)
Issue: When attempting to connect to the resource, we get the following error in the Retool console:
Test connection failed (15.429s):Error: Could not establish a connection. Try checking your database firewall configuration and whitelisting Retool's IP Address.
HttpError {statusCode: 422, payload: Object}
statusCode: 422
payload: Object
statusCode: 422
error: "Unprocessable Entity"
message: "Could not establish a connection. Try checking your database firewall configuration and whitelisting Retool's IP Address."
data: null
Steps I've taken to troubleshoot: We're able to connect to and use the OpenAPI resource via Postman and CURL. We've reviewed our CORs and IP allowlist configuration as well, and confirmed that Retool should be able to connect.
Apologies for the issue. Very odd that even with the Retool IP whitelisted that the firewall is still catching and rejecting the incoming requests.
Can you confirm what IPs you have white listed? I have another user with a similar issue and I am checking internally if there is a unique quirk to how OpenAPI queries are sent
Are you able to query the routes via a REST API query?
What's confusing, though, is that the OpenAPI resource is not hosted behind a firewall; it's publicly available on the internet, requiring authentication via a username and password. There should be no allowlisting required, and I assume just a CORs validation.
I was just going through your org's logs in Datadog and it looks like at least one of the errors getting passed back to Retool from the server had an error code of 401.
Could you double check that the auth username and password are correct?
Thanks for the help, and apologies for the delayed response!
We investigated even further here and found:
We confirmed that the credentials we provided are correct
Via server logs on our end, we’ve confirmed that the Retool OpenAPI integration is not including the Basic Auth headers for authentication in the request.
When authentication is removed from our OpenAPI route, we can connect to and use the resource.
Great work figuring out that the Basic Auth headers were not being included in the request, that is very odd. I am curious as to what could have caused that to happen seems to definitely be the culprit.
Does your use case allow for authentication to be removed? I can check with our team to see if we can reproduce the auth headers not being included or if there are more details this either being a bug and hard limitation or if there is a known work around or anything that can be done to allow for auth to work as intended.
Unfortunately, we do, as it’s the OpenAPI specification for our own resources, which we’d prefer not to be public. If you wouldn’t mind checking with the team, that would be great! We’ll separately see if a different authentication method other than Basic authentication works here.
It's still an issue with the cached clear, in an Incognito window, new browser, etc.
seems to definitely be the culprit.