Curl works but REST API doesn't

💬 Queries and Resources
1

1) My goal:
Connect Retool to a FastAPI backend using JWT Bearer token authentication to display a human review queue dashboard. The API requires:

Initial authentication via API key to get JWT tokens
Use JWT tokens in Authorization header to access protected endpoints
Display queue data in Retool tables and components

2) Issue:
REST API queries in Retool return 401 "Could not validate credentials" errors, despite the authentication working correctly:

Authentication succeeds: Token generation endpoint returns valid JWT tokens
REST API queries fail: All queries using Retool's REST API resource get 401 errors
JavaScript queries work: The exact same API calls work perfectly using JavaScript fetch()
External tools work: curl requests with the same token succeed

Error pattern:
API Response: 401 Unauthorized - {"detail": "Could not validate credentials"}
Retool Internal: POST /api/pages/uuids/[uuid]/query?queryName=getQueue 400 (Bad Request)

3) Steps I've taken to troubleshoot:
API Verification:

:white_check_mark: Confirmed API endpoints are accessible and healthy
:white_check_mark: Verified JWT tokens are valid (decoded and checked expiration)
:white_check_mark: Tested with curl using identical headers - works perfectly
:white_check_mark: CORS properly configured (requests pass preflight checks)

Retool Configuration Attempts:

Created fresh REST API resource with minimal configuration
Tested different Authorization header formats:

Bearer {{ token }}
{{ "Bearer " + token }}
Direct token value insertion

Removed all optional headers to isolate the issue
Verified token is correctly stored in Retool state variables

Workaround Success:

JavaScript queries using fetch() work flawlessly:

javascriptconst response = await fetch('https://api.domain.com/api/v1/review/queue', {
headers: {
'Authorization': Bearer ${token},
'Content-Type': 'application/json'
}
});
// Returns 200 OK with correct data

4) Additional info:

Retool Environment: Cloud (retool.com)
API Framework: FastAPI with standard OAuth2PasswordBearer
Authentication Flow: API Key → JWT Token → Bearer Authorization
What Works: JavaScript queries, curl, Postman
What Fails: Only Retool's REST API resource queries
Key Observation: The issue appears to be with how Retool's REST API resource handles/sends the Authorization header, as identical requests work through every other method tested.

The data available showing:

  1. Successful token generation
  2. Failed REST API query with 401 error
  3. Successful JavaScript query with same token
  4. Network tab showing request headers (Authorization sanitized by Retool)

Looking for guidance on whether this is a known issue with REST API resources and Bearer tokens, and if JavaScript queries are an acceptable long-term solution.

3

Hi @nnkiimplementor,

Thanks for reaching out!

The REST API should work, and it is generally recommended over the Javascript approach. Can you share some screenshots? How is token being defined here?

This is generally what I'd expect the set up to look like:

*Note that the base url doesn't include the endpoint review/queue; you can add the endpoint manually for each query in your app/workflow/agent

CleanShot 2025-07-15 at 10.35.05@2x
CleanShot 2025-07-15 at 10.35.05@2x2188×1602 222 KB

The initial token generation endpoint can be added on the resource set up for your fast api. You'll define your token as a variable, which can be referenced in the resource's headers:

CleanShot 2025-07-15 at 10.32.34@2x
CleanShot 2025-07-15 at 10.32.34@2x2174×1584 334 KB