How to authenticate API requests in n8n?

[deleted]

In n8n, you can authenticate API requests in multiple ways using the HTTP Request node or built-in integrations. Here's how to do it:

🔐 Authentication Methods in n8n

1. No Auth (Public API)

Just use the HTTP Request node with the API URL.
No additional setup required.

2. Basic Auth

Use when an API requires a username and password.

Steps:

In the HTTP Request node, go to Authentication.
Choose "Basic Auth".
Enter:
- Username
- Password

3. API Key

For APIs that use keys in headers or query parameters.

Steps:

In HTTP Request node:
- Set Authentication to "Predefined Credential Type" → Select API Key (or choose "None" if you manually handle it).
Or manually add in:
- Headers: e.g., Authorization: Bearer YOUR_API_KEY
- Query Params: e.g., api_key: YOUR_API_KEY

4. OAuth2

Use for services like Google, GitHub, etc.

Steps:

Go to n8n Credentials section (top menu > Credentials).
Create a new OAuth2 Credential (select the service).
Set:
- Client ID
- Client Secret
- Auth URL, Token URL, and Scope
In the HTTP Request node:
- Set Authentication to OAuth2.
- Choose your created credential.
Run the node. It may redirect you for login & consent.

5. Header-Based Auth (Custom Token, Bearer, JWT, etc.)

If you want full control, manually set headers:

Example:

In the HTTP Request node > Headers section:
- Key: Authorization
- Value: Bearer YOUR_TOKEN

✅ Tip: Use Environment Variables or Secrets

To avoid hardcoding keys/tokens:

Use n8n Secrets like:
{{ $env.MY_API_KEY }}
Or set values in .env file.

Need a Real Example?

Let me know which API you’re integrating with, and I’ll walk you through the exact authentication setup.

[deleted]

n8n provides several authentication methods for API requests, from simple to advanced. Here's how to implement each type:

Built-in Authentication Methods

1. API Key Authentication

For Header-based API Keys:

In HTTP Request node, go to Authentication section
Select "Header Auth"
Set header name (e.g., X-API-Key, Authorization)
Set header value to your API key

For Query Parameter API Keys:

Select "Query Auth"
Set parameter name (e.g., api_key, token)
Set parameter value

2. Bearer Token

Select "Bearer Token" in authentication
Enter your token value
n8n automatically adds Authorization: Bearer {token} header

3. Basic Authentication

Select "Basic Auth"
Enter username and password
n8n handles the Base64 encoding automatically

4. OAuth2

For services supporting OAuth2:

Select "OAuth2 API"
Configure authorization URL, token URL, client ID, and client secret
n8n handles the OAuth flow and token refresh

Using Credentials Manager

Best Practice: Store sensitive authentication data in n8n's credential manager:

Go to Settings > Credentials
Create new credential with your auth details
In HTTP Request node, select your saved credential
Reference it in authentication fields using expressions

Manual Header Authentication

For custom authentication schemes:

In HTTP Request node, go to Headers
Add custom headers manually:
- Authorization: API_KEY your_key_here
- X-Custom-Auth: your_custom_token
- Cookie: session_id=abc123

Advanced Authentication Patterns

Token Refresh Workflows

For APIs requiring token refresh:

Create a workflow that refreshes tokens
Store new tokens in credentials
Schedule periodic token refresh
Use refreshed tokens in main workflows

Multi-step Authentication

Some APIs require multiple authentication steps:

First HTTP Request: Login and get session token
Set node: Extract token from response
Subsequent requests: Use token in headers

Environment Variables

For deployment across environments:

Use $env.API_KEY expressions
Set environment variables in your n8n deployment
Reference them in credential fields

Security Best Practices

Never hardcode API keys in workflows
Use the Credentials Manager for all sensitive data
Enable credential encryption in n8n settings
Regularly rotate API keys and update credentials
Use least privilege principle for API permissions

Common Authentication Examples

REST API with API Key:

Headers: Authorization: Bearer sk-1234567890abcdef

GraphQL with Token:

Headers: Authorization: token ghp_1234567890abcdef

Custom Header:

Headers: X-RapidAPI-Key: your_rapidapi_key_here

The key is matching n8n's authentication method to what your target API expects, and always using the credentials manager for secure storage of sensitive authentication data.