If I understand correctly, you want a user to login to ReTool, and then login to an App?
If you are on business plan, why not just apply groups and permissions so Apps are only available to the authorized users?
Also, it's worth noting, you cannot use the ReTool API unless you are on Enterprise.