SH
SHELL
AI Powered Learning Portal
Module 6 Lesson 2: API Authentication
·Automation

Module 6 Lesson 2: API Authentication

The two keys to the city. Understand the difference between simple API Keys (Header/Query) and the secure OAuth2 flow, and how to manage them in n8n.

n8nsecurityauthenticationoauth2api-keys

Module 6 Lesson 2: API Authentication

You can't just talk to Google or Slack; you have to prove who you are. n8n handles the "Boring" part of security for you.

1. API Keys (The Simple Way)

  • A single string (e.g., sk_test_12345).
  • You put it in a Header (usually Authorization: Bearer KEY) or a Query Parameter (?api_key=KEY).
  • Risk: If the key is stolen, the attacker has permanent access.

2. OAuth2 (The Modern Way)

  • You don't get a "Key." You get a "Grant."
  • n8n takes you to the app (e.g., Google), you click "Authorize," and n8n receives an Access Token.
  • Self-Healing: n8n automatically "Refreshes" the token if it expires, meaning your automation never stops.

Visualizing the Process

graph TD
    Start[Input] --> Process[Processing]
    Process --> Decision{Check}
    Decision -->|Success| End[Complete]
    Decision -->|Retry| Process

3. The n8n "Credentials" Vault

Never paste an API key directly into a node's script.

  1. Go to Credentials -> New.
  2. Create an "HTTP Header Auth" or the specific App Auth.
  3. Link that credential to your node.
  • The Benefit: If you change your password, you only update it in the Credentials vault once.

4. Redirect URLs (For OAuth2)

When setting up OAuth2 in a Google/GitHub dev portal, it asks for a "Redirect URL."

  • You MUST provide: https://your-n8n-domain.com/rest/oauth2-callback
  • If this is wrong, the "Authorize" button will fail.

Exercise: The Access Control

  1. Get a free API key from OpenWeatherMap.
  2. Create an "Header Auth" credential in n8n.
  3. Use and link it to an HTTP Request node.
  4. Why is OAuth2 safer for the end-user than giving a developer their username and password?
  5. Research: What is "Basic Auth" and why is it rarely used in 2025?
  6. Search: How do you "Export" credentials? (Hint: You can't, for security reasons. You must move the database!).

Summary

Authentication is the foundation of trust. By using n8n's Credential management and mastering OAuth2 flows, you build automations that are not only powerful but also comply with the highest standards of cloud security.

Next Lesson: Your own API: Building your own Webhook Endpoints.

Previous LessonModule 6 Lesson 1: Professional API Requests
Next LessonModule 6 Lesson 3: Building Webhooks

Subscribe to our newsletter

Get the latest posts delivered right to your inbox.

Subscribe on LinkedIn