Describe the problem/error/question
Hello,
I am looking for a way to securely (encrypted) save the credentials for an HTTP node request that uses header authentication.
I can add credentials to the HTTP node’s headers, but they won’t be encrypted. My goal is to save them securely (similar to how the credentials work).
Please share your workflow
I want the HTTP request to look like this (with encrypted credentials):
Can I do this without creating a custom node using my custom header auth?
I believe the question is similar to: HTTP Request Node - Body Auth - How to save Credentials and Token
Thank you!
Information on your n8n setup
**n8n version:1.29.1
**Database (default: SQLite): SQLite
**n8n EXECUTIONS_PROCESS setting (default: own, main): main
**Running n8n via (Docker, npm, n8n cloud, desktop app): Docker
**Operating system: Ubuntu Linux
Jon
March 11, 2024, 5:11pm
2
Hey @CristianG ,
In the node if you select Authentication you can set it to Generic > Header and add your API key there this will then keep the header value encrypted like other credentials.
2 Likes
Thanks @Jon ,
But in addition to the X-API-KEY I would also need to add the X-Requested-By to the headers. Is there a way to include this in the credential as well?
Right now, I can only add a single value to the credentials.
I am backing up these workflows in GitHub and wouldn’t want any secrets in plain text in there, if possible.
barn4k
March 11, 2024, 8:36pm
4
I suppose for that you will have to use the Custom Auth type
Thanks for your reply, @barn4k , but I’m not sure how to set the ‘Custom Auth’ type to be sent as part of the headers.
When making this request, I don’t see any of my ‘Custom Auth’ credentials as part of the request.
When using the ‘Header Auth’ type (shown earlier), I can see the X-API-KEY variable as part of the request (in the header).
barn4k
March 11, 2024, 11:24pm
6
You should specify it inside the headers key:
{
"headers":{
"X-API-KEY":"xxx",
"X-Requested-By": "yyy",
"operator": "zzz"
}
}
1 Like
Thanks so much, @barn4k , that did it!
1 Like
Jon
March 12, 2024, 4:04pm
8
You only really need to add the API key unless the requested by and operator is also considered secret.
2 Likes