Skip to main content
RapidDev - Software Development Agency
retool-integrationsDevelopment Workflow

How to Integrate Retool with JFrog Artifactory

Connect Retool to JFrog Artifactory using a REST API Resource with your Artifactory instance URL as the base URL and an API key or access token for authentication. Build artifact management dashboards that browse repositories, search packages using AQL (Artifactory Query Language), view download statistics, and manage user permissions across your artifact repositories.

What you'll learn

  • How to create a JFrog Artifactory REST API Resource in Retool with API key authentication
  • How to query repositories, artifacts, and package metadata using Artifactory's REST API
  • How to use Artifactory Query Language (AQL) from Retool to search artifacts with complex filters
  • How to build an artifact management dashboard with repository browser, download stats, and permission controls
  • How to use JavaScript transformers to reshape Artifactory API responses for Retool Tables and Charts
Book a free consultation
4.9Clutch rating
600+Happy partners
17+Countries served
190+Team members
Intermediate16 min read20 minutesDevOpsLast updated April 2026RapidDev Engineering Team
TL;DR

Connect Retool to JFrog Artifactory using a REST API Resource with your Artifactory instance URL as the base URL and an API key or access token for authentication. Build artifact management dashboards that browse repositories, search packages using AQL (Artifactory Query Language), view download statistics, and manage user permissions across your artifact repositories.

Quick facts about this guide
FactValue
ToolJFrog Artifactory
CategoryDevOps
MethodDevelopment Workflow
DifficultyIntermediate
Time required20 minutes
Last updatedApril 2026

Build an Artifact Repository Admin Panel in Retool

JFrog Artifactory is the central hub for most enterprise CI/CD pipelines, storing Docker images, npm packages, Maven jars, Python wheels, and virtually every other build artifact format. Managing these artifacts through Artifactory's native UI can be cumbersome for DevOps engineers who need to query across repositories, audit download patterns, or bulk-update artifact properties. Retool provides a faster, more customizable interface by connecting directly to Artifactory's REST API.

With a Retool-Artifactory integration, you can build a repository browser that shows storage consumption by repo, an artifact search panel using AQL queries with complex property filters, a download statistics dashboard that surfaces which packages are most heavily consumed, and a permission management panel for administering user and group access. Because Retool proxies all requests server-side, your Artifactory API key is never exposed to the browser, even in shared internal tools accessed by your entire DevOps team.

Artifactory's AQL endpoint is particularly powerful in this context — it allows you to write MongoDB-style queries that search artifacts by name, path, repository, properties, and statistics in a single request, returning structured JSON that Retool can immediately bind to Table and Chart components. For organizations running Artifactory self-hosted behind a VPN, self-hosted Retool can connect directly without any IP whitelisting required.

Integration method

Development Workflow

JFrog Artifactory exposes a comprehensive REST API for repository management, artifact operations, and user administration. In Retool, you configure a REST API Resource pointing to your Artifactory instance (cloud or self-hosted) with API key or Bearer token authentication. All queries execute server-side through Retool's proxy, so credentials never reach the browser and CORS is not an issue. You can also leverage Artifactory's AQL (Artifactory Query Language) via a dedicated POST endpoint to run sophisticated searches across artifacts, properties, and repositories.

Prerequisites

  • A JFrog Artifactory instance (Cloud or self-hosted) with Admin or Deploy/Read access
  • An Artifactory API key or access token (generated from your user profile in Artifactory's UI)
  • Your Artifactory base URL (e.g., https://yourcompany.jfrog.io/artifactory or https://artifactory.internal.company.com/artifactory)
  • A Retool account with permission to create Resources
  • Basic familiarity with Retool's Query Editor and REST API Resources

Step-by-step guide

1

Generate an Artifactory API key or access token

Before configuring Retool, you need an Artifactory API key or access token with appropriate permissions. Log in to your Artifactory instance as an admin user. Click your username in the top-right corner and select 'Edit Profile' from the dropdown menu. On your profile page, scroll to the 'Authentication Settings' section. Here you have two options: generate an API Key by clicking 'Generate API Key' (a legacy method still widely supported), or create an Access Token by navigating to the 'Access Tokens' section and clicking 'Generate Token'. Access Tokens are the recommended modern approach — when generating one, set an expiration (or select 'Never expires' for long-lived service accounts), assign a username/service ID, and select the appropriate scope (admin scope for full resource management, or reader scope for read-only dashboards). Copy the generated token immediately as it is shown only once. For self-hosted Artifactory behind a corporate VPN, ensure the Retool server (or Retool Cloud's IP range) has network access to your Artifactory hostname on the relevant port. Store the token securely before proceeding to the Retool configuration step.

Pro tip: Create a dedicated service account in Artifactory (e.g., retool-readonly@company.com) with the minimum required permissions rather than using a personal admin account. This keeps the integration functional if an employee leaves.

Expected result: You have an Artifactory API key or access token copied, and you know your Artifactory base URL.

2

Create the Artifactory REST API Resource in Retool

In Retool, navigate to the Resources tab in the left sidebar (or visit your Retool instance's /resources page). Click the Add Resource button in the top-right corner. From the resource type list, scroll to REST API and click it. Name the resource descriptively, such as 'JFrog Artifactory'. In the Base URL field, enter your Artifactory URL including the /artifactory path segment — for example: https://yourcompany.jfrog.io/artifactory for Artifactory Cloud, or https://artifactory.internal.company.com/artifactory for self-hosted. Do not include a trailing slash. Scroll to the Headers section and add a default header. If you are using an API Key, set the header key to X-JFrog-Art-Api and the header value to your API key. If you are using an Access Token, set the header key to Authorization and the value to Bearer YOUR_ACCESS_TOKEN. Add a second default header: Content-Type with value application/json — this is required for AQL POST requests and other write operations. Leave the Authentication dropdown set to None since you are handling authentication via headers. Click Save Changes. Retool will verify the configuration — if you see an error, double-check the base URL ends with /artifactory and that the header name matches exactly (Artifactory is case-sensitive on X-JFrog-Art-Api).

Pro tip: Store your Artifactory API key in Retool's Configuration Variables (Settings → Configuration Variables, mark as secret) and reference it in the resource header as {{ retoolContext.configVars.ARTIFACTORY_API_KEY }}. This makes key rotation easier without editing the resource.

Expected result: A JFrog Artifactory resource appears in your Resources list. You can test it by creating a quick query with GET method and path /api/repositories to confirm the connection.

3

Query repositories and browse artifacts

Open or create a Retool app. In the Code panel at the bottom, click the + button to create a new query. Select your JFrog Artifactory resource. Set the Method to GET. In the Path field, enter /api/repositories to list all repositories. This endpoint returns an array of repository objects including rkey, type (LOCAL, REMOTE, VIRTUAL), packageType, and description. Name this query 'getRepositories' and enable 'Run query when app loads' so the repository list loads immediately. In the app canvas, drag a Table component and set its Data property to {{ getRepositories.data }}. Next, create a second query named 'getArtifactsInRepo' that fetches artifacts in a selected repository. Set Method to GET and Path to /api/storage/{{ repoTable.selectedRow.key }} — this queries the storage info for the selected repository's root. To browse folder contents within a repository, use the path /api/storage/{{ repoTable.selectedRow.key }}/{{ folderPath.value }} where folderPath is a Text Input component. In the query's Advanced tab, add a transformer to extract and flatten the children array from the API response, adding columns for name, type (file vs folder), size, and lastModified. Set this query to run when the row selection on the repository table changes, using the Event Handler 'On row click → Trigger query → getArtifactsInRepo'.

artifact_browser_transformer.js
1// Transformer for Artifactory storage/folder response
2const children = data.children || [];
3return children.map(item => ({
4 name: item.uri.replace('/', ''),
5 type: item.folder ? 'Folder' : 'File',
6 path: (data.path || '') + item.uri,
7 repo: data.repo || '',
8 lastModified: data.lastModified ? new Date(data.lastModified).toLocaleDateString() : 'N/A',
9 size: data.size ? `${(data.size / 1024).toFixed(1)} KB` : 'N/A'
10}));

Pro tip: Use the /api/storage endpoint with the ?list&deep=1&depth=2 query parameters to get a recursive listing of artifacts in a folder without building a multi-level browser. This is useful for quick package inspection dashboards.

Expected result: The Repositories table shows all Artifactory repositories, and selecting a row populates the Artifacts table with the contents of that repository's root.

4

Implement AQL-powered artifact search

Artifactory Query Language (AQL) is a powerful domain-specific language for searching artifacts with complex filters across repositories. In Retool, create a new query named 'searchArtifacts' targeting your Artifactory resource. Set the Method to POST and the Path to /api/search/aql. Set the Body Type to Raw and the Content-Type to text/plain (AQL queries are sent as plain text, not JSON). In the Body field, write an AQL query that incorporates values from Retool UI components. AQL syntax uses a dot-notation structure starting with 'items.find()'. The query shown in the code example searches artifacts matching a name pattern, within a specific repository, created after a date provided by Retool UI inputs. Add URL Parameter components for repository selection (a Select component named 'repoSelect' populated from getRepositories.data), a Text Input for name pattern (named 'nameSearch'), and a Date Picker for created-after date (named 'dateFilter'). Set the query to Manual trigger (not auto-run) since it requires user input. Add a Search button in the app UI that triggers this query. In the transformer, extract the results array from the AQL response and format it into table-friendly rows with artifact name, path, repository, size, created date, and download count from the stats sub-field.

aql_search_query.aql
1// AQL query body — set as the POST body (Body Type: Raw, Content-Type: text/plain)
2items.find(
3 {
4 "repo": {"$match": "{{ repoSelect.value || '*' }}"},
5 "name": {"$match": "*{{ nameSearch.value || '' }}*"},
6 "created": {"$gt": "{{ dateFilter.value || '2020-01-01' }}"}
7 }
8)
9.include("repo", "path", "name", "size", "created", "modified", "stat")
10.sort({"$desc": ["created"]})
11.limit(100)

Pro tip: AQL supports complex property filtering using the '@property_key' syntax. To filter by a custom build property, add {"@build.number": {"$match": "{{ buildInput.value }}"}} inside the items.find() block. This is useful for finding all artifacts from a specific CI build.

Expected result: Submitting the search form triggers the AQL query and populates a Table with matching artifacts including their repository path, size, and creation date.

5

Build a download statistics and storage dashboard

To build a storage and usage analytics dashboard, create a query named 'getStorageInfo' targeting your Artifactory resource with GET method and path /api/storageinfo. This endpoint returns aggregate storage statistics for all repositories including used space, file count, and percentage of quota consumed. Create a second query named 'getArtifactStats' with GET method and path /api/storage/{{ repoSelect.value }}/{{ artifactsTable.selectedRow.path }}/{{ artifactsTable.selectedRow.name }}?stats to get download statistics for a selected artifact. In the app canvas, add a Stats component row at the top showing total storage used, total artifact count, and total repository count pulled from getStorageInfo.data. Below the stats row, add a Chart component configured with Bar type to visualize the top repositories by storage consumption — set the Chart's data to a JavaScript transformer that extracts repositoriesSummaryList from the storageinfo response and sorts by usedSpace descending. Add a second Chart showing artifact type distribution (Docker vs Maven vs npm, etc.) by mapping packageType from the repositories list. For artifact-level download stats, bind a separate statistics panel to the selectedRow of your artifact table, showing total downloads, last download date, and last downloaded-by user from the stats response. Include a Retool Workflow setup note: for scheduled reports of storage growth over time, consider building a Retool Workflow that runs nightly, fetches storageinfo, and inserts the results into Retool Database for historical trending. For complex multi-repository analytics, custom transformers, and automated reporting Workflows, RapidDev's team can help architect and build your Retool artifact management solution.

storage_chart_transformer.js
1// Transformer: format repository storage summary for Chart component
2const repos = data.repositoriesSummaryList || [];
3const sorted = [...repos]
4 .filter(r => r.repoKey !== 'TOTAL')
5 .sort((a, b) => (b.usedSpace || 0) - (a.usedSpace || 0))
6 .slice(0, 10);
7
8return {
9 datasets: [{
10 label: 'Storage Used (MB)',
11 data: sorted.map(r => Math.round((r.usedSpace || 0) / (1024 * 1024) * 10) / 10)
12 }],
13 labels: sorted.map(r => r.repoKey)
14};

Pro tip: The /api/storageinfo endpoint can be slow on large Artifactory installations with many repositories. Enable Retool's query caching for this query (Advanced tab → Cache responses for 300 seconds) to reduce load on your Artifactory instance when multiple team members use the dashboard simultaneously.

Expected result: The dashboard shows aggregate storage statistics, a bar chart of top repositories by size, and per-artifact download statistics when a row is selected.

6

Add artifact property management and permission controls

To enable artifact property editing from Retool, create a query named 'setArtifactProperties' with PUT method, path /api/storage/{{ repoSelect.value }}/{{ artifactsTable.selectedRow.path }}?properties={{ encodeURIComponent(propertyString.value) }}, where propertyString is a Text Input component where users type key=value;key2=value2 pairs in Artifactory's property syntax. For a more user-friendly interface, add a Form component with two Text Inputs (for property key and value), build the property string in a JavaScript transformer, and trigger the PUT request on form submit. To manage repository-level permissions, create a query named 'getPermissionTargets' with GET method and path /api/security/permissions to list all permission targets defined in Artifactory. Select a permission target from a dropdown to load its details via /api/security/permissions/{{ permSelect.value }}, which returns which repositories the permission covers and which users and groups are assigned. Display this in a two-column layout: the left column shows repositories included in the permission, the right shows users and groups with their privilege levels (r=read, d=delete, w=deploy, m=manage, managedXrayMeta, distributeMeta). Add validation before triggering any write operations — use a Confirm Modal component in the button's event handler to require explicit confirmation before updating permissions or setting artifact properties. Set query Event Handlers to show a success notification and refresh the relevant data queries on success.

set_property_config.json
1{
2 "method": "PUT",
3 "path": "/api/storage/{{ repoSelect.value }}/{{ artifactsTable.selectedRow.path }}",
4 "params": {
5 "properties": "{{ propertyKey.value + '=' + propertyValue.value }}"
6 }
7}

Pro tip: Artifactory's PATCH /api/security/permissions/{name} endpoint allows you to update just the users or groups section of a permission target without resending the full configuration. Use this for incremental user additions to avoid accidentally removing existing assignments.

Expected result: DevOps engineers can set artifact properties and view permission targets directly from the Retool panel, with confirmation modals preventing accidental changes.

Common use cases

Build a repository storage and artifact browser

Create a Retool dashboard showing all Artifactory repositories with their storage consumption, artifact count, and last-modified timestamps. Include a drill-down panel where DevOps engineers can browse into a specific repository, view artifacts with their sizes and checksums, and trigger artifact deletion or property updates directly from the table.

Retool Prompt

Build a Retool admin panel showing all JFrog Artifactory repositories in a Table with columns for repo key, package type, storage used (MB), artifact count, and last modified date. Include a drill-down Table for artifacts in the selected repository with checksum, size, and a Delete button.

Copy this prompt to try it in Retool

Build an AQL-powered artifact search panel

Create a Retool search interface where engineers can query artifacts using Artifactory Query Language filters — searching by repository, artifact name pattern, custom properties (like build number or environment tag), and date ranges. Display results with download counts and a link to open the artifact in Artifactory's native UI for teams that need ad-hoc artifact discovery.

Retool Prompt

Build a Retool panel with Text Input fields for repository filter, artifact name pattern, and property key/value. On search, POST an AQL query to Artifactory and display matching artifacts in a Table with name, path, repo, size, created date, and download count columns.

Copy this prompt to try it in Retool

Build a download statistics and audit dashboard

Create a Retool analytics dashboard that tracks which artifacts are downloaded most frequently, by which users or CI systems, over configurable time windows. Use Chart components to visualize download trends, and a Table to show the top 20 most-downloaded packages with their consumer breakdown — useful for identifying critical shared libraries and planning deprecation cycles.

Retool Prompt

Build a Retool dashboard querying Artifactory's stats API for download counts across repositories, showing a Chart of daily downloads over the last 30 days and a Table of top artifacts by download count with columns for artifact path, total downloads, last downloaded by, and last download date.

Copy this prompt to try it in Retool

Troubleshooting

401 Unauthorized error when testing the Artifactory resource

Cause: The API key or token is missing, expired, or specified in the wrong header. Artifactory expects X-JFrog-Art-Api for API keys and Authorization: Bearer for access tokens. Using the wrong header name results in a 401 even if the credential is valid.

Solution: In your Retool Resource settings, verify the header name matches your authentication method exactly: use X-JFrog-Art-Api (with that exact casing) for API keys, or Authorization with value Bearer YOUR_TOKEN for access tokens. Regenerate the key or token in Artifactory if you suspect it has expired or was rotated.

AQL POST query returns 400 Bad Request with 'AQL parsing error'

Cause: AQL queries must be sent as plain text (Content-Type: text/plain), not JSON. Sending the AQL body as application/json causes Artifactory to fail parsing the query syntax. Additionally, dynamic Retool {{ }} expressions inside the AQL body may inject unquoted values that break AQL syntax.

Solution: In the query editor, set the Body Type to Raw and explicitly set the Content-Type override to text/plain. Ensure string values inside AQL expressions are properly quoted — wrap {{ retool_component.value }} in escaped quotes within the AQL body: {"name": {"$match": "*{{ nameInput.value }}*"}}. Preview the rendered query body in Retool's query editor before running.

typescript
1// Correct AQL POST body (Body Type: Raw, Content-Type: text/plain)
2items.find({"repo": {"$match": "{{ repoSelect.value }}"}, "name": {"$match": "*{{ nameInput.value }}*"}})
3.include("repo", "path", "name", "size", "created")
4.limit(50)

Connection timeout or 'Failed to fetch' when connecting to self-hosted Artifactory

Cause: Self-hosted Artifactory is typically deployed behind a corporate VPN or firewall. Retool Cloud's outbound IPs are not whitelisted on the Artifactory server, or the hostname is not resolvable from Retool Cloud's network.

Solution: For Retool Cloud: whitelist Retool's published IP ranges (35.90.103.132/30 and 44.208.168.68/30 for us-west-2) on your Artifactory server's firewall. Alternatively, use SSH tunneling in the Retool resource configuration. For self-hosted Retool: deploy Retool within the same VPC or network as your Artifactory instance for direct connectivity without IP whitelisting.

Transformer throws 'Cannot read property of undefined' when processing AQL results

Cause: The AQL response wraps results in a 'results' key inside the response body. If the query returns no results or an error, this key may be absent, causing the transformer to fail when attempting to map over it.

Solution: Add a null-safe fallback in your transformer: const results = data.results || []. Also check for data.errors — if the AQL query itself has a syntax error, Artifactory returns errors in an errors array rather than results. Log the raw data object in the transformer to inspect the actual response shape before mapping.

typescript
1const results = data.results || [];
2if (data.errors && data.errors.length > 0) {
3 console.log('AQL errors:', JSON.stringify(data.errors));
4 return [];
5}
6return results.map(item => ({
7 name: item.name || '',
8 path: item.path || '',
9 repo: item.repo || '',
10 size: item.size ? `${(item.size / 1024).toFixed(1)} KB` : 'N/A',
11 created: item.created ? new Date(item.created).toLocaleDateString() : 'N/A'
12}));

Best practices

  • Create a dedicated Artifactory service account for Retool integration with the minimum required permissions (read-only for dashboards, deploy for write panels), separate from personal accounts to avoid disruption if an employee leaves
  • Store the Artifactory API key or access token in Retool Configuration Variables as a secret (Settings → Configuration Variables), never hardcoded in resource or query settings, to enable token rotation without resource reconfiguration
  • Use AQL for complex artifact searches instead of calling multiple REST endpoints — AQL can filter by repository, name, properties, and statistics in a single request, reducing the number of API calls and improving dashboard performance
  • Enable query caching (Advanced tab → Cache responses) for expensive read-only queries like /api/storageinfo and repository listings, since storage statistics change infrequently and caching reduces load on your Artifactory instance
  • Use Retool Workflows for scheduled artifact cleanup jobs — schedule a Workflow to query AQL for artifacts older than a configurable threshold, present results in Retool Database, and require human approval via a Retool app before triggering deletion
  • Add Confirm Modal event handlers to all destructive operations (artifact deletion, property removal, permission changes) to prevent accidental modifications in production Artifactory repositories
  • When connecting to self-hosted Artifactory, prefer deploying Retool within the same VPC rather than IP whitelisting Retool Cloud IPs — this provides direct connectivity and eliminates the maintenance burden of keeping IP allowlists current as Retool updates its egress ranges

Alternatives

Frequently asked questions

Does Retool have a native JFrog Artifactory connector?

No, Retool does not have a native JFrog Artifactory connector. You connect via a REST API Resource using your Artifactory base URL and an API key or access token in the request headers. Despite being a manual setup, this approach gives you access to Artifactory's full REST API including AQL queries, storage info, and permission management endpoints.

Can I use Retool with JFrog Artifactory Cloud and self-hosted?

Yes, Retool works with both Artifactory Cloud (hosted at yourcompany.jfrog.io) and self-hosted Artifactory instances. For Artifactory Cloud, use the full URL including your subdomain. For self-hosted instances behind a VPN, you may need to whitelist Retool Cloud's IP ranges or use self-hosted Retool deployed in the same network. The REST API structure is identical across both deployment models.

What is AQL and why should I use it from Retool instead of the REST search endpoints?

AQL (Artifactory Query Language) is a domain-specific query language that lets you search artifacts by repository, name pattern, custom properties, creation date, download statistics, and more in a single POST request. Unlike REST search endpoints which typically filter by one dimension at a time, AQL supports complex multi-condition queries with sorting and pagination. From Retool, you POST the AQL query as plain text to /api/search/aql and receive structured JSON results directly bindable to Table components.

How do I handle Artifactory API authentication for users with SSO?

If your Artifactory instance uses SSO (SAML or OIDC), individual user API keys may not be generated in the standard profile page. In this case, generate a long-lived access token using the /access/api/v1/tokens endpoint with admin credentials, or create a dedicated non-SSO service account in Artifactory specifically for the Retool integration. Store the resulting token in Retool's Configuration Variables as a secret.

Can I delete artifacts or manage repositories from Retool?

Yes, Retool can perform any operation available through Artifactory's REST API, including deleting artifacts (DELETE /api/storage/{repo}/{path}), creating repositories (PUT /api/repositories/{repoKey} with a JSON body), and updating repository configurations. Use Retool's Confirm Modal component in button event handlers before triggering destructive operations to prevent accidental deletions in production repositories.

RapidDev

Talk to an Expert

Our team has built 600+ apps. Get personalized help with your project.

Book a free consultation

Integrations are where projects stall

We wire Retool integrations like this one every week — auth, webhooks, edge cases included. Fixed-price builds from $13K, delivered in 6–10 weeks.

Talk to an integration engineer

We put the rapid in RapidDev

Need a dedicated strategic tech and growth partner? Discover what RapidDev can do for your business! Book a call with our team to schedule a free, no-obligation consultation. We'll discuss your project and provide a custom quote at no cost.