Two-Legged Authentication


I'm trying to interface with Netsuite in Retool. I've got things working in Postman using OAuth 1.0

I don't think the one-legged OAuth1 in Retool will work. Any ideas on how to make it work?



Hey there @smithandrewc, have you already looked at setting it up with custom auth? Did you run into any particular problems there?

Thank you for the response @Kabirdas, I looked at setting up a custom auth but it still didn't seem to fit.

It appears as though there have been some changes on the Retool Authentication area


I'm now able to set up all the parameters as they are in Postman. However, when I try the same GET command that is successful in Postman, Retool generates an InvalidSignature error in Netsuite. I'm guessing this is an issue with the Authorization field in the request header. I'd like to compare the Authorization field from the Retool call to the successful one from Postman. However, Retool blocks it out with "Authorization": "---sanitized---". Anyone know a way to look at this data?



Hey! :wave:

If you preview the query instead of running it you should be able to see the unsanitized values that are sent.

Otherwise, you can try making a request to an endpoint like or one set up on a service like pipedream that allows you to see the full value of the request.

Thanks @Kabirdas, those sound like great suggestions. I'll give them a shot and report back. Thanks.

Hi @smithandrewc did you have any luck? Facing the same problem.

@smithandrewc wondering if you were able to get this to work? I'm hoping to do something similar. Thanks!

@lbwsl @Sofia_Archuleta Mind sharing what errors you are getting when attempting to set this up?

I'm having a similar issue with NetSuite and Retool using OAuth1. I can make my requests via Postman, and everything works.

I can make GET requests via Retool using a NetSuite (restapi) resource I created, however no POST requests work. They all fail with a 401 Unauthorized error. I can make the exact same POST request via Postman (same endpoint, same payload) and it works. But anything other than a GET in Retool fails. The logs in NetSuite are no help. Does retool possibly do something different for assembling the Auth header for GET and POST requests?

If the headers are configured on the resource setup page, then there shouldn't be any difference between requests using different HTTP request methods. If you Preview the POST query from the app editor, you should be able to see the plaint-text headers sent. Do they appear different? Is there something that is not set properly?