Use of CUSTOM_API_KEY results in HTTP 401

We are using self hosted (stable 3.33 right now) and trying to use the Retool API to manage our groups and permissions.

We can access the API if we use the UI to manually create an API key with the right permissions however we are trying to automate our deployments and therefore we have been trying to make use of the CUSTOM_API_KEY environment variable.

When using the CUSTOM_API_KEY we always get a 401 Not Authorized HTTP status.

It is also not clear to us how to set the permissions of the CUSTOM_API_KEY - this may be related to the above.

Has anyone successfully used the CUSTOM_API_KEY?

Hey @CPU! Welcome to the community forums. :slight_smile: And nice username.

This one definitely had me stumped for a bit, as there is minimal documentation and the /api/v2 endpoint didn't like my custom key, no matter how I formatted it. All of which led me to think about where else an API key may be used... :thinking:

The answer being workflows! I confirmed that this custom key can be used to trigger workflows when added to the request as a x-api-key or x-workflow-api-key header.

It's possible that other API endpoints will accept this custom key but I doubt that it is compatible with the v2 endpoint, as there is no way to encode granular permissions. @Evan_Keith is reaching out internally to figure out whether this is the intended behavior.