Based on the spec, Retool should send the API key via the key query parameter on all requests. Unfortunately, I can see from my server request logs that Retool isn't sending the key at all, so the requests are denied.
I've also tried adding the key to the Custom Query Parameters section of the Open API resource definition, but that has no effect either. In both cases, Retool is making the requests without sending any query parameters at all.
Anyone know how to get auth working with an Open API resource?
Alright @rohan, this is definitely a bug. I’ll file a ticket and hopefully get this fixed soon - in the meanwhile, you can work around it by adding your key to the URL manually, like ?key=myAPIKeyHere. Would that work?
Unfortunately I don’t think there’s any way to manually specify a query parameter in an Open API spec. The spec has a base URL (eg., my-api.com), and then a list of “paths” for different resources. The final URL’s are constructed by the client by combining those.
That said, I have managed to create a REST API resource and added the key as a URL parameter in there. That works as expected for now!
This workaround is a bit of a pain since I have to manually type in the URL’s and things that are defined in the Open API spec, so it would be nice to get the Open API bug fixed. But for now I can make queries to our backend and get some stuff done. Thanks again!
Thank you for writing in. Unfortunately, it looks like the bug is still being worked on. I wish I had better news! Hoping it gets done soon. I will also see if I can get some more eyes on it!