When we create form with Retool (Apps -> Form) and then publish it the URL is publicly available to anyone on the Internet, even if they are not part of our Retool org. How can we protect this form so it is only available to our internal admin users on Retool? We don't want the form available to anyone with the link. Is there a way to password protect the form?
Hii @ddsgadget ,
You can use the role like admin, users using retool Auth.
You can also check this docs for more details
Yeah, I have tried all of this. It does not apply to Forms. There is no information about this in the docs. Once you publish a form, it is public and accesible by anyone with the URL. This is strange. It's' the opposite with workflows. By default they are private and require the Key to be sent in order in to work and you need to specifically make them "public".
You can build the app and share it with your internal team or add validation on the form workflows to allow specific user emails.
Yeah, I know we can build an app, but that is a sort of pain to do with one off forms. I see you can attach a workflow to a form, but then again, if someone who is not permitted to use the form, gets access to it, they can spam it and kick off our workflow unnecessarily. Seems like Forms is missing a basic feature: Authentication. Workflows have this out of the box. By default, Workflows are private and require a key to work. But, Forms are public by default. This shouldn't be the case, and/or provide an easy way to make a form private to just the team.
BTW, a good solution to copy is the one offered by Jotforms where they have a setting to password protect the form. See here: How to Password Protect Your Form
Really, Retool needs this. I tried implementing this manually with some code, but couldn't get it to work at all. Please allow us to password protect forms like Jotforms.
Thanks @ddsgadget,
Once published, the form is accessible to any user given the unique URL. I made a feature request asking for password protected forms! Will post an update here if there's any movement on this.
Thanks. I think this is a critical request, because it's a lot easier to use standalone forms internally and share those links, then to add forms to an app. But, these are internal forms, and we don't them to be publicly accessible for security reasons. So password protected forms are the only solution. This is standard out of the box on other form platforms. As we use Retool for everything else, we really don't want or need any other platform for forms, but this inability to password protect a form is really holding us back. Thanks!
1 Like
BTW, in case anyone else requires this feature, the "hacky" solution I came up with is to make the first field in my form a password field, make it required, then make a custom rule in the Advanced tab that looks something like this: {{ password.value === "YOURPASSWORDHERE" ? "" : "Invalid Password" }}
That way the form can't be submitted unless the password entered in the field matches. It's not the best solution, as I'd like to gate the entire form behind a password (see how Jostform does it), but it works OK for now.
1 Like