I am at the moment trying to find a way, that users from WordPress can use workflows in n8n, without exposing user/application password and also, without creating credentials directly in n8n.
In WordPress I have my user and application password.
I have a REST API in WordPress, that is communicating with a HTTP Request to receive data.
With my credentials that I have in n8n, it works great and I dont expose my data.
But now - if I want another user to be able to use the workflow, I need to send the authentication over the headers - so I have a BAERER and also for testing, added my user/pass.
That works - but of course, at one point I have to encode in n8n to be able, to talk to the REST API in WordPress.
And exactly there I dont find a solution - how can I use for example WordPress credentials by giving them an activation key for n8n - but also, how to make sure, that in n8n I dont get any information of the user, when sending the data back to WordPress?
Maybe I am overcomplicating the things again - but I just want to make sure, that everything is 100% waterproof and there is zero chance, that anything of the private data from a wordpress user is exposed in n8n.
Thank you very much!
Edit: Only a direction what keywords to search for would help perfectly!
Sometimes just writing here already gives the solution.
Please correct me if I am wrong - but I solved it that way:
I en- and decrypt the user/pass directly in WordPress - means, instead of sending the real application password, I send an encrypted version.
The HTTP request node than is going to send the same encrypted password back to wordpress, where the password will be decrypted and thats it.
Means, in n8n I only see the encrypted version but never even once the real password.
At the moment I am building a workflow, that works insanly good.
And since there is a small group of people, who are interested to use that wokflow, I am at the moment actually just looking for a way, to make it available for them without exposing the workflow and without them, exposing any sensible data in the workflow.
Actually, I am looking for a best practuce way, how to first send and trigger data from WordPress to the n8n webhook - than manipulating these data and finally send it back to the REST API in WordPress - all that, without having any chance, to see personal data from the user and also, that the users cannot use the workflow without propper authentication.
Is JWT the way to go for that?
Or OAuth2? Or something else?
