Best way to handle auth with refresh tokens

I have a workflow that uses the Bank Account Data API from GoCardless ( to fetch card payments into a Notion database.
The authentication process is described here:

I generate a secret_key and secret_id from the interface that I then use to get a pair of access and refresh tokens. The access token expires after 24h and the refresh token after 30 days. So I’m supposed to generate a new access token every day thanks to the refresh token and a new refresh token every month with my secret_id and secret_key.

Right now, I did the simplest setup possible, which is to re-generate a refresh token every time I make an API call (so every 10 minutes) which the documentation asks not to do and warns about an upcoming rate limit to prevent this.

I wonder how you would go about doing it properly. Would you have error handling, checking for the type of error you get and refresh the token only on an error ? Or is there simply a way to have three workflows in one: one which triggers every 10 minutes for the API calls, one that triggers every day to get a new access token and one that triggers every month for the refresh token ?
I don’t see a way to do the latter, and the former seems quite complicated. Do you have a better idea?

The resulting access token is stored in a Header Auth credential.

I will finish by saying that it would really be awesome to have a node for GoCardless’s Bank Account API because it would allow anyone using n8n to easily automate their banking data’s retrieval. If there is an alternative already present that I missed, please do share!

It looks like your topic is missing some important information. Could you provide the following if applicable.

  • n8n version:
  • Database (default: SQLite):
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • Running n8n via (Docker, npm, n8n cloud, desktop app):
  • Operating system:

Proper setup is to use the OAuth2 API credentials.

When you have an application, you have to set the access_token only once in the beginning. The application then receives a session token along with the refresh token to work with. If the acces_token gets expired, it requests for the new access_token with it’s refresh_token.

See more details there Refresh Tokens - OAuth 2.0 Simplified

It does look like OAuth2 in many ways but it seems like it’s not OAuth2 if you pay attention.
I tried anyway but failed, they don’t have any OAuth redirect or anything. The response of the payload also differs from the response I see in the link you sent.

Have I missed something?

I see that they have OAuth: API reference - GoCardless Developers

So this is their GoCardless API and they have another API: Bank Account Data (that is the one I use). And this one doesn’t seem to use OAuth.

I couldn’t get auth with Zoho Mail to work. Does anyone have suggestions? It would be nice to have a node for this.

What I have for now:

It’s making use of getWorkflowStaticData() which I hope had a better alternative because it makes it impossible to test the workflow.

You can store the token in the credentials with n8n API (dunno if it’s possible to update the existing credentials, or you will need to delete > create new one every time).
You can also store it locally in the file
or you can store it in the external storage (database, s3, azure blob, etc)

I didn’t know you could create a credential with the API, good to know! Thanks for your help :slight_smile:
I’m probably not going to change it though as you only can create, and not update, a credential, it seems like, as you said.

I’m pretty okay with the current state. I hope for future improvements on getWorkflowStaticData(). Even maybe it’s own node who knows.

There is a simple way to receive the content of the staticData. You will need a schedule trigger and a code node that will return the static data. Or you can receive the staticdata with the Postgres node, if you have set the db to it.