Help clarify: Rest API calls vs retool users

For my organization I created an Application in retool, which among other things makes a "REST API" call to pdf.co, and specifies an API Key in the header

All good, as long as I use it as my "owner-of-all-resources-and-app" user.

Then I have another user, say "Anthony", which has "Use" permission on this specific App. No permissions on other "Resources" since this is just a REST api, there shouldn't be any Resource associated with it (right?).

Well for Anthony the app doesn't work, at the step where the REST API Call is made, it gets an error.

The only way I found to make it work is to put Anthony in the group "editor" which gives them edit permission and probably something I'm not aware of, that makes this work.

What am I doing wrong? Should I create a resource instead, and assign it to them?

its unclear to me what's the "right" way to add HTTP api calls inside a retool app...

What's the difference between adding them as "REST API" vs "create new REST API resource" ?

Hello! You should definitely try to setup the REST API you are using a resource. This is the preferred way to setup your commonly used APIs across apps. When you set up an API resource adhoc in the way you have you are providing full route and header data (like the x-api-key) which can allow for your credentials to leak out into the wild.

The Use/Edit distinction seems odd to have to make in this case as the basic REST API functionality shouldn't be affected, AKAIK. Are you able to share the error that "Anthony" is seeing?

1 Like

I second Pyrrho!

You likely need to give users edit permission for resources, Resources will hold specific details and queries interact with resources as the resources are a type of "middle-man connector".

Read more about resources here!

And REST APIs here!

nothing, I couldn't make it work. I created the resource, gave access to the user (tried both use and edit permission), but they still receive an error "Invalid Input". Lost already more than a full working day debugging and try to make it work

Can you share a screenshot of this error?

Is the invalid input coming up when testing this resource? Or when using a query to make a call with the resource?

Is the new resource you created working for anyone or no one at all?

We might need to have you come to office hours to live debug, as it sounds like you did everything correctly but we will likely need to see the resource and query set up.

is there a way for me to share a screencast/loom with the team in private? to show this in public i'll have to work with real production file and sensitive user data, i'd rather send this to retool team only

Yes there is!

You can send me a video in a private DM to my account here on this forum. We make sure to take the highest degree of confidentiality with all videos that users share with us and it is a very common practice.

As lots of our users have sensitive data they are working with. It will definitely help give us as more context to trouble shoot. Make sure to sure the resource set up and the query set up along with the permissions page with the different levels for different users!

While recording a 10+ minute loom for you I realized the problem: I was using the "retool storage" retool and the user group did not have access to it.

thanks :duck:

2 Likes

now that I think about it: feature request > SHOW A NOTIFICATION to the user!! "You don't have Retool Storage Permissions"

I had to go into the state of the fileDrop component to see that something was not right and it took me and my colleagues probably multiple days of work

Ahhh I see, glad you caught that and got things working!

I 100% can make a feature request for that. It would be very useful for avoiding permission issues to flash a message for users to let them know if they do not have Retool DB storage permissions!

Apologies for the inconvenience, thank you for sharing that you had to look into the component state to track down the information, this thread will hopefully be helpful for anyone else running into similar issues!