Understanding qs custom credentials for HTTP GET node

hukel · September 15, 2025, 7:21pm

Describe the problem/error/question

I’m trying to use the custom auth credential type to send a SAS token via querystring to an Azure storage account.

Based on the docs, I created a custom auth credential like this:

{
	"qs": {
		"sp": "rl",
		"st": "2025-09-15T18:37:59Z",
		"se": "2030-09-16T02:52:59Z",
		"spr": "https",
		"sv": "2024-11-04",
		"sr": "c",
		"sig": "xxxxxxxxxxxxN2%2FNrywfX1DoM%3D"
	}
}

When I hit “Execute”, I don’t see those params appended to the querystring and the service returns a 403. I do see them listed with the other HTTP options under qs so I know they aren’t being entirely ignored.

If I disable n8n credential auth and put the querystring params at the end of the URL, it works fine.

What is the error message (if any)?

Forbidden - perhaps check your credentials? [item 0]
AuthenticationFailedServer failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.

HTTP 403

Please share your workflow

Share the output returned by the last node

HTTP 403
Browser debug logs shows “qs” params as

Information on your n8n setup

Debug info

core

n8nVersion: 1.108.1
platform: docker (self-hosted)
nodeJsVersion: 22.17.0
database: sqlite
executionMode: regular

jabbson · September 15, 2025, 7:33pm

You can check the request sent by the HTTP Request node in the web console. I tested your exact workflow and it does send qs:

You can also verify the functionality by sending the request to one of the echo or test servers, for instance I changed the URL and sent it to inspect the path:

hukel · September 15, 2025, 8:13pm

Thanks for confirming. When I use the qs option, I don’t even see an event in the storage account’s logs. Additionally, I get this text in the reply, so I’m thinking there is an Azure+qs disconnect that I must work through.

Error code

403

Full message

403 - "<?xml version=\"1.0\" encoding=\"utf-8\"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.\nRequestId:a18cd513-401e-005e-0d7b-2657a5000000\nTime:2025-09-15T20:03:33.2608952Z</Message><AuthenticationErrorDetail>Signature fields not well formed.</AuthenticationErrorDetail></Error>"

hukel · September 15, 2025, 8:21pm

For anyone else who is working with Azure SAS tokens, the Azure UI presents the token already-encoded for HTTP.

This encoding needs to be reversed so that npm qs doen’t double-encode.

For example:

Azure gives:

k0N2%2FNrywfX1DoM%3D

but the qs JSON in n8n must be:

{
	"qs": {
      "sig": "k0N2/NrywfX1DoM=",
     "sp": "rl",
      "se": "2030-09-16T02:52:59Z",
      "st": "2025-09-15T18:37:59Z",
.....
     }
}

system · September 23, 2025, 1:40pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.