Hi @apoorv-2204 ,
Yes — Retool can support both of those requirements, with a few clarifications.
1) Use your existing authentication mechanism (no vendor-managed auth)
Yes. Retool does not require vendor-managed authentication.
You can use your existing backend auth in two main ways:
- Resource-level Custom Auth (recommended if your backend issues a bearer/JWT token). Retool runs your auth workflow, extracts the token, and automatically reuses it for future requests to that Resource.
- App-level login flow, where your login page calls your GraphQL signIn, stores the token using Retool’s storage APIs, and attaches it to subsequent queries.
Important note: Resource auth is designed to obtain and manage credentials.
Redirects/navigation should be handled in the app (e.g., in a query success handler), not inside the auth workflow.
2️) Call your GraphQL backend directly from the CRM
Yes. Retool can call your GraphQL backend directly.
In Retool Cloud, requests are executed by Retool’s backend infrastructure (i.e., they originate from Retool’s servers).
Best-practice approach
The simplest, cleanest pattern is:
- Create a GraphQL Resource pointing to your backend.
- Configure Custom Auth:
- Login mutation
- Extract the bearer token into a variable (e.g., bearer_token)
In the Resource headers: Authorization: Bearer {{ bearer_token }}
- In your app:
- Trigger a query using that resource (which will initiate auth if needed)
- Redirect in the query’s Success handler using utils.openApp() or utils.openPage()
This keeps:
- Auth logic in the Resource
- Navigation logic in the App
- No manual token plumbing in Preloaded JS
If it would help to walk through your exact flow and make sure the pieces are aligned correctly, Office Hours might be the fastest way to do that. There’s one today from 11am–12pm PST.
@pyrrho , @Tess (I see you were following the other thread). Anything you can add/edit or help clarify?