How to connect to Google APIs

A quick-and-dirty how-to, since this can be tricky!

  1. Generate Oauth2 credentials. You can follow this blog post until you get a hold of you client_id and client_secret
  2. Decide the scopes you want to use. I recommend including, and then whatever else you want to use. For example, if you to use a Gmail API, you'll want to include the scope. see the full list here
  3. Make a REST API resource in retool, and fill out the form like this:

    For your copy-paste convenience:
  • Authorization URL:
  • Access Token URL:
  • Login Test URL:
    You can leave the rest of the fields blank (e.g. Base URL, Audience, etc.)
  1. That's it! Now the resource is ready to use. For any app that uses this new google resource, when a user isn't authenticated in presentation mode, they'll see the following auth modal prompting them to authenticate:

Additional References

1 Like

hey ! I’ve created a more up to date guide for generating oauth credentials.

1 Like

hey i am not getting this to work, i am getting an error like this {"success":false,"message":"Authentication failure. Missing xsrf token"}

@dr-b did you figure out how to fix this?

@sindhu Did you include Bearer OAUTH2_TOKEN as a header with the key Authorization?

I did but I still see the same XSRF token missing message.

Where do you get the error? Are you able to run through the workflow in the “Test Authentication” button at the bottom of the resource setup page?

I don't see a Test Authentication button in the resource setup page.

I got the Google OAuth client ID used by our IT team as well. Yet I see the above error message.

@sindhu Would you mind messaging in on intercom with permission for us to look at your account?

Were you able to solve this?
I get the same issue.
It works in the resource screen when I want to authenticate against the google OAuth but when I create an auth button then I also get

{"success":false,"message":"Authentication failure. Missing xsrf token"}

Hey @Philipp_Keller1!

Would you mind sharing a screenshot of your resource setup page with any sensitive information redacted? If you rather share it privately you can also feel free to reach out to or send it in a DM.

Curious to know too if this error shows up immediately after refreshing your app and if you've seen any other errors during the testing process :thinking:

Hi @Kabirdas
Thanks for replying.
I figured it out in the meantime.

My mistake was that I was setting up OAuth for prod in the resource window and it all worked.
Then I was switching to staging, even though OAuth for staging was not configured (IMO that's a bug on retools side, the UI should not have let me switch to staging).
Then when I was on staging and clicked the oauth button I got the message above.

Once I configured the OAuth resource for staging also, then everything worked