Retool Auth Problem with Cloud Run

aniket_s · March 18, 2025, 3:00am

Problem:

A Cloud Run service hosting authenticated REST APIs is inaccessible from Retool, resulting in an "Unauthorized" error despite using a service account.

Error Message:

Your client does not have permission to the requested URL.

Outcome:

Attempts to authenticate using a service account from Retool consistently fail, regardless of whether OAuth scopes are included.

( )

Reference Material:

An attempt was made to follow the instructions in this Retool community article, but the issue persisted: https://community.retool.com/t/authenticating-a-cloud-run-service-with-a-service-account-key/49154/2.

Service Account Permissions:

The service account used by Retool possesses the following IAM roles:

Cloud Run Invoker
Cloud Run Admin

Any help would be greatly appreciated. Thanks in advance for your time and expertise.

Jack_T · March 20, 2025, 11:20pm

Hi @aniket_s,

This sounds like an issue on the Cloud Run service side of things, you may want to check their docs or their support page to see if they can look at how your service account is set up to ensure that the permissions are proper for accepting the requests from Retool.

I see you linked to another forum post on this issue, where you able to complete all the steps that Mark listed in his solution? Did you finish all those steps and still get the same error?

Is there any middleware like a firewall or load balancer on the Cloud Run server, as often times that is the reason why requests are blocked.

aniket_s · March 27, 2025, 6:36am

Yes indeed i followed the same steps but was getting the same error.

No, there is no firewall or any load balancer being utilized.

Jack_T · March 28, 2025, 5:15pm

@aniket_s,

Thank you for the info!

That is very odd that it continues to give you an error saying the Retool Client is not authorized

@gasperblk I saw you were able to correctly get this issue figured out in your post that @aniket_s linked above. Do you have any ideas about steps for testing/resolving or questions I could ask about the Cloud Run or resource/query set up?

If the error is coming into Retool, we should be able to see it in a HAR file, if you can export that we can see what server is throwing the error and this can help direct us. Follow these instructions for the chrome browser to extract that HAR file!

Jack_T · April 23, 2025, 9:59pm

Hi @aniket_s,

Just wanted to double check if you are still having this issue and if you have been able to access via a service account outside of Retool.

Topic		Replies	Views
How do I give Retool access to a Cloud Functions endpoint that requires authentication? 💬 Queries and Resources	25	8401	October 5, 2023
REST API - Google Service Account Authentication Issue 💬 Queries and Resources resource-connection	6	28	April 14, 2025
Failure for Establish connection between Retool and Google ServiceAccount for BigQuery Integration 🤝 Discussion bigquery , firestore	3	780	March 20, 2024
Fetch Failed - JIRA Resource 💬 Self Hosted Retool	2	172	October 10, 2024
Unable to authenticate account 💬 Queries and Resources bug	1	323	April 25, 2024

Retool Auth Problem with Cloud Run

Related topics