You’re already building in Claude, Cursor, Codex, or Kiro. When you receive a request to check on a connected resource in your Retool environment, leaving your preferred workspace is a disruption to your workflow.
Our MCP server, now available in public beta, brings Retool to wherever you work.
Instead of opening a browser, admins can interact with Retool directly through AI coding environments to:
- Write queries against resources to power data analysis.
- Bulk-invite users or manage pending invites.
- Audit the users who have access to their organization.
- Inspect organization and resource environment configurations.
- List all connected resources and see their configurations.
You can view the full list of supported tools in the MCP tools reference.
Soon, Retool’s MCP server will support building and editing apps. You’ll be able to describe an app in natural language, generate it through your agent, and deploy it directly onto Retool’s governed platform.
AI coding tools have given builders incredible optionality in how and where they work. Model Context Protocol (MCP) makes these tools even more powerful by connecting them to other agents, databases, and SaaS platforms.
As the building surface expands, the security perimeter must grow with it. When builders can ship from anywhere, organizations need to ensure that “anywhere” still means “securely,” which is difficult when model behavior fluctuates from agent to agent.
You can prompt “enforce SSO for my app” and “create an audit log feature within the admin dashboard,” but what happens when you ship multiple apps like this? And your coworker does the same. Your team feels productive, but what you’re actually doing is adding tech debt and security risk. The freedom to choose your own tools shouldn’t come with a tradeoff on governance.
This is the problem Retool is built to solve.
Whether you’re building in a terminal or visual UI, Retool ensures every builder’s output follows their organization’s security standards. Guardrails like access controls, audit trails, and data permissions aren’t configured per app or per prompt. Instead, they’re enforced at the platform level. A data connection updated for one app is updated for all. A bug fixed once is fixed everywhere.
Retool’s MCP server extends this security model to connected coding agents. Whether you’re improving an existing app or starting from scratch, your changes will inherit the security standards your organization has already approved and implemented.
Connect Retool’s MCP server to any MCP-compatible client using:
- URL: https://<your-retool-instance>/mcp
- Transport: HTTP
- Authentication: OAuth 2.0
After authenticating, you may need to restart your coding agent. Setup instructions for Claude, Cursor, Codex, ChatGPT, and Kiro are in the docs.
light Reader
