Hi all, I’m experiencing a persistent issue where Retool workflows that rely on a Salesforce REST API resource fail when triggered automatically, but succeed when run manually.
Context:
- I’m using a REST API resource in Retool to connect to Salesforce
- The resource is configured with:
- OAuth 2.0 (Authorization Code Grant)
- Scopes:
api refresh_token offline_access - Refresh token policy in Salesforce: “Valid until revoked”
- IP Relaxation: “Relax IP restrictions”
- The resource is marked “Connected” in Retool and successfully re-authenticated using
Prompt=consent
- Manual workflow runs execute Salesforce API calls just fine
- Trigger-based runs fail with
INVALID_SESSION_IDandUNAUTHENTICATED
Error details from triggered workflow:
json
CopyEdit
{
"status": 401,
"statusText": "Unauthorized",
"error": "Bad Request",
"message": "[{\"message\":\"Session expired or invalid\",\"errorCode\":\"INVALID_SESSION_ID\"}]",
"authenticationStatus": "UNAUTHENTICATED",
"request": {
"url": "https://sportsrecruits.lightning.force.com/services/data/v57.0/limits",
"headers": {
"Authorization": "---sanitized---",
"User-Agent": "Retool/2.0",
"X-Retool-Forwarded-For": "35.90.103.133"
}
}
}
What I’ve Already Tried:
- Re-authenticated the resource with
Prompt=consentto ensure a new refresh token - Verified that the resource is using OAuth2 with proper scopes and config
- Confirmed that the Salesforce Connected App:
- Allows refresh tokens
- Has relaxed IP restrictions
- Is correctly linked to a user with API access
- All requests work manually, and fail only when the workflow is run from a trigger
What I’m Looking For:
- Has anyone encountered issues where OAuth2 tokens are not reused/refreshed during background (triggered) runs in Retool?
- Is there a known workaround or configuration adjustment to make background triggers use the stored refresh token properly?
- Would switching to Retool’s native Salesforce resource avoid this?
Happy to share screenshots of the resource config or logs if helpful. Appreciate any guidance!