Retool · Capability

Retool Organization Administration

Unified workflow capability for managing a Retool organization through the Management API. Enables IT administrators and platform teams to automate user provisioning, group membership, app lifecycle, and resource management programmatically. Exposes both a REST API and MCP server for AI-assisted administration tasks.

Run with Naftiko RetoolAdministrationUser ManagementInternal ToolsLow Code

What You Can Do

GET
List users — List all users with pagination support.
/v1/users
POST
Create user — Create a new user and add to the organization.
/v1/users
GET
Get user — Retrieve a user by UUID.
/v1/users/{userId}
PUT
Update user — Update user profile or admin status.
/v1/users/{userId}
DELETE
Delete user — Permanently remove a user.
/v1/users/{userId}
GET
List groups — List all groups in the organization.
/v1/groups
POST
Create group — Create a new permission group.
/v1/groups
POST
Add group member — Add a user to a group.
/v1/groups/{groupId}/members
DELETE
Remove group member — Remove a user from a group.
/v1/groups/{groupId}/members/{userId}
GET
List apps — List all applications.
/v1/apps
POST
Create app — Create a new application.
/v1/apps
GET
Get app — Retrieve an application by ID.
/v1/apps/{appId}
PUT
Update app — Update an application's metadata.
/v1/apps/{appId}
DELETE
Delete app — Delete an application permanently.
/v1/apps/{appId}
GET
List resources — List all data source resources.
/v1/resources
GET
List folders — List all folders.
/v1/folders
POST
Create folder — Create a new folder.
/v1/folders

MCP Tools

list-users

List all users in the Retool organization with pagination.

read-only
get-user

Retrieve a specific user by their UUID.

read-only
create-user

Create a new user account in the Retool organization.

update-user

Update a user's name, admin status, or disable their account.

idempotent
delete-user

Permanently remove a user from the organization.

idempotent
list-groups

List all permission groups in the organization.

read-only
create-group

Create a new permission group for access control.

add-group-member

Add a user to a permission group.

remove-group-member

Remove a user from a permission group.

idempotent
list-apps

List all Retool applications in the organization.

read-only
get-app

Retrieve a specific Retool application by ID.

read-only
create-app

Create a new Retool application.

delete-app

Permanently delete a Retool application.

idempotent
list-resources

List all data source resource connections in the organization.

read-only
list-folders

List all organizational folders for apps, resources, and workflows.

read-only
create-folder

Create a new organizational folder.

APIs Used

retool

Capability Spec

Raw ↑ 
naftiko: "1.0.0-alpha1"

info:
  label: "Retool Organization Administration"
  description: >-
    Unified workflow capability for managing a Retool organization through
    the Management API. Enables IT administrators and platform teams to
    automate user provisioning, group membership, app lifecycle, and resource
    management programmatically. Exposes both a REST API and MCP server for
    AI-assisted administration tasks.
  tags:
    - Retool
    - Administration
    - User Management
    - Internal Tools
    - Low Code
  created: "2026-05-02"
  modified: "2026-05-02"

binds:
  - namespace: env
    keys:
      RETOOL_API_TOKEN: RETOOL_API_TOKEN

capability:
  consumes:
    - import: retool
      location: ./shared/retool-management-api.yaml

  exposes:
    - type: rest
      port: 8080
      namespace: retool-org-admin-api
      description: "Unified REST API for Retool organization administration."
      resources:
        - path: /v1/users
          name: users
          description: "Manage users in the Retool organization."
          operations:
            - method: GET
              name: list-users
              description: "List all users with pagination support."
              call: "retool.list-users"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: POST
              name: create-user
              description: "Create a new user and add to the organization."
              call: "retool.create-user"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/users/{userId}
          name: user-by-id
          description: "Manage a specific user."
          operations:
            - method: GET
              name: get-user
              description: "Retrieve a user by UUID."
              call: "retool.get-user"
              with:
                userId: "rest.userId"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: PUT
              name: update-user
              description: "Update user profile or admin status."
              call: "retool.update-user"
              with:
                userId: "rest.userId"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: DELETE
              name: delete-user
              description: "Permanently remove a user."
              call: "retool.delete-user"
              with:
                userId: "rest.userId"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/groups
          name: groups
          description: "Manage permission groups."
          operations:
            - method: GET
              name: list-groups
              description: "List all groups in the organization."
              call: "retool.list-groups"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: POST
              name: create-group
              description: "Create a new permission group."
              call: "retool.create-group"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/groups/{groupId}/members
          name: group-members
          description: "Manage group membership."
          operations:
            - method: POST
              name: add-group-member
              description: "Add a user to a group."
              call: "retool.add-group-member"
              with:
                groupId: "rest.groupId"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/groups/{groupId}/members/{userId}
          name: group-member-by-id
          description: "Remove a specific user from a group."
          operations:
            - method: DELETE
              name: remove-group-member
              description: "Remove a user from a group."
              call: "retool.remove-group-member"
              with:
                groupId: "rest.groupId"
                userId: "rest.userId"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/apps
          name: apps
          description: "Manage Retool applications."
          operations:
            - method: GET
              name: list-apps
              description: "List all applications."
              call: "retool.list-apps"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: POST
              name: create-app
              description: "Create a new application."
              call: "retool.create-app"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/apps/{appId}
          name: app-by-id
          description: "Manage a specific application."
          operations:
            - method: GET
              name: get-app
              description: "Retrieve an application by ID."
              call: "retool.get-app"
              with:
                appId: "rest.appId"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: PUT
              name: update-app
              description: "Update an application's metadata."
              call: "retool.update-app"
              with:
                appId: "rest.appId"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: DELETE
              name: delete-app
              description: "Delete an application permanently."
              call: "retool.delete-app"
              with:
                appId: "rest.appId"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/resources
          name: resources
          description: "View data source connections."
          operations:
            - method: GET
              name: list-resources
              description: "List all data source resources."
              call: "retool.list-resources"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/folders
          name: folders
          description: "Manage organizational folders."
          operations:
            - method: GET
              name: list-folders
              description: "List all folders."
              call: "retool.list-folders"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: POST
              name: create-folder
              description: "Create a new folder."
              call: "retool.create-folder"
              outputParameters:
                - type: object
                  mapping: "$."

    - type: mcp
      port: 9090
      namespace: retool-org-admin-mcp
      transport: http
      description: "MCP server for AI-assisted Retool organization administration."
      tools:
        - name: list-users
          description: "List all users in the Retool organization with pagination."
          hints:
            readOnly: true
            openWorld: false
          call: "retool.list-users"
          outputParameters:
            - type: object
              mapping: "$."
        - name: get-user
          description: "Retrieve a specific user by their UUID."
          hints:
            readOnly: true
            openWorld: false
          call: "retool.get-user"
          with:
            userId: "tools.userId"
          outputParameters:
            - type: object
              mapping: "$."
        - name: create-user
          description: "Create a new user account in the Retool organization."
          hints:
            readOnly: false
            destructive: false
            idempotent: false
          call: "retool.create-user"
          with:
            email: "tools.email"
            firstName: "tools.firstName"
            lastName: "tools.lastName"
            isAdmin: "tools.isAdmin"
            userType: "tools.userType"
          outputParameters:
            - type: object
              mapping: "$."
        - name: update-user
          description: "Update a user's name, admin status, or disable their account."
          hints:
            readOnly: false
            destructive: false
            idempotent: true
          call: "retool.update-user"
          with:
            userId: "tools.userId"
          outputParameters:
            - type: object
              mapping: "$."
        - name: delete-user
          description: "Permanently remove a user from the organization."
          hints:
            readOnly: false
            destructive: true
            idempotent: true
          call: "retool.delete-user"
          with:
            userId: "tools.userId"
          outputParameters:
            - type: object
              mapping: "$."
        - name: list-groups
          description: "List all permission groups in the organization."
          hints:
            readOnly: true
            openWorld: false
          call: "retool.list-groups"
          outputParameters:
            - type: object
              mapping: "$."
        - name: create-group
          description: "Create a new permission group for access control."
          hints:
            readOnly: false
            destructive: false
            idempotent: false
          call: "retool.create-group"
          with:
            name: "tools.name"
          outputParameters:
            - type: object
              mapping: "$."
        - name: add-group-member
          description: "Add a user to a permission group."
          hints:
            readOnly: false
            destructive: false
            idempotent: false
          call: "retool.add-group-member"
          with:
            groupId: "tools.groupId"
            userId: "tools.userId"
          outputParameters:
            - type: object
              mapping: "$."
        - name: remove-group-member
          description: "Remove a user from a permission group."
          hints:
            readOnly: false
            destructive: true
            idempotent: true
          call: "retool.remove-group-member"
          with:
            groupId: "tools.groupId"
            userId: "tools.userId"
          outputParameters:
            - type: object
              mapping: "$."
        - name: list-apps
          description: "List all Retool applications in the organization."
          hints:
            readOnly: true
            openWorld: false
          call: "retool.list-apps"
          outputParameters:
            - type: object
              mapping: "$."
        - name: get-app
          description: "Retrieve a specific Retool application by ID."
          hints:
            readOnly: true
            openWorld: false
          call: "retool.get-app"
          with:
            appId: "tools.appId"
          outputParameters:
            - type: object
              mapping: "$."
        - name: create-app
          description: "Create a new Retool application."
          hints:
            readOnly: false
            destructive: false
            idempotent: false
          call: "retool.create-app"
          with:
            name: "tools.name"
            description: "tools.description"
            folderId: "tools.folderId"
          outputParameters:
            - type: object
              mapping: "$."
        - name: delete-app
          description: "Permanently delete a Retool application."
          hints:
            readOnly: false
            destructive: true
            idempotent: true
          call: "retool.delete-app"
          with:
            appId: "tools.appId"
          outputParameters:
            - type: object
              mapping: "$."
        - name: list-resources
          description: "List all data source resource connections in the organization."
          hints:
            readOnly: true
            openWorld: false
          call: "retool.list-resources"
          outputParameters:
            - type: object
              mapping: "$."
        - name: list-folders
          description: "List all organizational folders for apps, resources, and workflows."
          hints:
            readOnly: true
            openWorld: false
          call: "retool.list-folders"
          with:
            folderType: "tools.folderType"
          outputParameters:
            - type: object
              mapping: "$."
        - name: create-folder
          description: "Create a new organizational folder."
          hints:
            readOnly: false
            destructive: false
            idempotent: false
          call: "retool.create-folder"
          with:
            name: "tools.name"
            folderType: "tools.folderType"
          outputParameters:
            - type: object
              mapping: "$."