Handling authentication is a critical part of any API integration, and when you're building workflows in n8n, it's no different. This n8n header auth guide will walk you through how to set up HTTP request nodes with custom headers for authentication purposes — whether you're using API keys, bearer tokens, or custom auth schemes. It’s beginner-friendly, hands-on, and will help you connect your workflows securely and efficiently.
Why Use Header Authentication in n8n?
Header authentication is one of the most common methods to secure API requests. Many services — such as CRM platforms, cloud tools, and even internal APIs — require HTTP headers like Authorization: Bearer your_token or x-api-key: your_key to verify your identity.
In n8n, the flexibility of the HTTP Request node allows you to manually set these headers, making it perfect for connecting to almost any third-party API.
Common Use Cases:
- Sending a request to a REST API that requires API keys.
- Integrating with services that use Bearer token authentication.
- Communicating with in-house APIs requiring custom headers.
How to Add Header Authentication in n8n
Setting up header authentication in n8n is straightforward with the HTTP Request node. Follow the steps below to get started.
Step 1: Drag in a New HTTP Request Node
- Open your n8n workflow editor.
- Click the "+" icon and search for “HTTP Request.”
- Add the node to your canvas and connect it to previous logic (if any).
Step 2: Configure the Request Basics
On the HTTP Request node:
- Method: Select
GET,POST,PUT, etc., depending on the API. - URL: Enter the full endpoint path (e.g.,
https://api.example.com/data). - Send Body (for POST or PUT): Add JSON/parameters under the “Body Parameters” section.
Step 3: Add Auth Headers
This is the key step in the n8n header auth guide.
- Scroll to the Headers section in the node config.
- Click “Add Header” and input the key-value pairs.
Example based on different schemes:
| Auth Type | Header Key | Example Value |
|---|---|---|
| API Key | x-api-key |
12345-ABCDE |
| Bearer Token | Authorization |
Bearer eyJhbGciOiJIUzI1... |
| Basic Auth (Manual) | Authorization |
Basic dXNlcm5hbWU6cGFzc3dvcmQ= |
💡 Use a Base64 encoder if you're creating Basic Auth headers manually.
If you're using credentials saved inside n8n, those will populate automatically. But manually managing headers gives you extra control.
Step 4: Test Your Request
Click “Execute Node” and monitor the output. If the headers are correct and the API is reachable, you’ll receive a successful response payload.
If not, double check:
- API URL and method
- Required headers and values
- Access token validity
Using Expressions for Dynamic Headers
You can make your headers dynamic by using n8n expressions. This is useful when tokens are generated via OAuth2 flows or pulled from previous nodes.
Example:
If a previous node (e.g. “Login”) returns a token and you want to pass that dynamically:
- In your HTTP Request node, under Headers:
- Key:
Authorization - Value:
=Bearer {{$json["token"]}}
- Key:
This indicates you're accessing a token from the JSON output of the prior node. Expression mode is enabled by using = in front.
Mini Use Case: Airtable With API Key
Suppose you want to send data to Airtable via its API, which uses an API key header.
Here's a basic flow:
- HTTP Method: POST
- URL:
https://api.airtable.com/v0/app123456/Table1 - Headers:
- Key: Authorization
- Value:
Bearer keyYOURAPIKEY
- Body Parameters:
- Use JSON mode and send a
fieldsobject as per Airtable's schema.
- Use JSON mode and send a
Once executed, new data is sent to your Airtable base.
Need help integrating with Airtable? Check the full Airtable and n8n integration guide.
Tips for Securing Your Auth Headers
- Use n8n Credentials Storage: For repeatable use and security, create credentials inside n8n rather than hardcoding keys.
- Avoid Saving Secrets in Plain Text: Especially if you're sharing workflows or using collaborated environments.
- Use Environment Variables when possible. You can reference these in expressions like
{{$env.API_KEY}}. - Rotate Tokens regularly and build alerts or token refresh logic if needed.
Supporting OAuth2? Use Built-In Credential Types
n8n allows you to use OAuth2 credentials natively without managing headers manually. But for APIs that don’t support OAuth or need just a key/token in the header, this guide applies perfectly.
For OAuth integration errors, like “Insufficient Parameters for OAuth2 Callback”, you can follow this troubleshooting guide.
Troubleshooting Tips
If your HTTP Request node using headers isn't working, consider:
- Double-checking headers' casing (e.g.,
authorizationwon’t work vsAuthorization) - Ensuring the token hasn't expired
- Testing with tools like Postman
- Watching the API provider's rate limits or usage logs
- Reviewing the API docs closely — some services use custom header keys
For general n8n errors, you might find value in our n8n error troubleshooting guide.
FAQ
How do I know which header key to use for authentication?
Refer to the official API documentation of the service you're integrating. Common ones include Authorization, x-api-key, or service-specific headers like X-Auth-Token.
Can I store authentication tokens securely in n8n?
Yes, using n8n’s built-in credentials manager, you can store tokens, API keys, usernames, and passwords securely. Then reference those in your HTTP Request node.
What if my token expires after a while?
You can create a sub-workflow to refresh the token periodically or automatically refresh it when you get a 401 response. Use n8n’s conditional or IF nodes to trigger reauth logic.
Is it better to use Basic Auth or header-based API key?
It depends on the API provider. Modern APIs typically prefer bearer tokens or API keys. Basic Auth is still common, but less secure without HTTPS.
Can I dynamically build the Authorization header in n8n?
Absolutely. Use expressions such as =Bearer {{$json["access_token"]}} to pull the token from another node and construct your headers dynamically.
Using header authentication in your n8n workflows unlocks powerful integrations with virtually any web service. Whether you're calling CRMs, databases, or AI models — mastering the HTTP Request node is essential for advanced n8n users.