n8nauto
Get Started
Back to Blog
n8ntutorialsecuritycredentialsguide

n8n Credentials: Complete Setup & Security Guide for 2026

n8nautomation TeamApril 26, 2026
TL;DR: n8n credentials let you securely connect to external services like Google, Slack, or databases. This guide covers how to create credentials for OAuth, API keys, and basic auth, plus security best practices and troubleshooting tips for common authentication issues in 2026.

n8n credentials are the secure authentication method that connects your workflows to external services. Whether you're pulling data from Google Sheets, sending Slack messages, or querying a PostgreSQL database, you'll need properly configured credentials to make those connections work.

Understanding how to set up and manage n8n credentials correctly is essential for building reliable automations. This guide walks through every credential type, setup process, and security consideration you need to know.

What Are n8n Credentials?

In n8n, credentials are reusable authentication profiles that store the information needed to connect to external services. Instead of entering API keys or OAuth tokens directly in each workflow, you create a credential once and reference it across multiple nodes and workflows.

When you add a node like Google Sheets or Slack to your workflow, n8n prompts you to select or create credentials. These credentials handle the authentication process behind the scenes, whether that's OAuth 2.0, API keys, basic authentication, or other methods.

On managed hosting platforms like n8nautomation.cloud, your credentials are encrypted at rest and only accessible within your dedicated instance. This separation ensures that your authentication data stays isolated from other users.

Types of n8n Credentials

n8n supports several authentication methods, each suited to different service requirements. Here's what you'll encounter most often:

OAuth 2.0 Credentials

OAuth credentials are used by services like Google, Microsoft, Slack, and HubSpot. Instead of sharing your password, you grant n8n permission to access specific resources through an authorization flow.

  • Google OAuth2 API: Used for Gmail, Google Sheets, Google Drive, Google Calendar
  • Microsoft OAuth2: Used for Outlook, Excel, Teams
  • Slack OAuth2 API: Used for Slack integrations
  • GitHub OAuth2 API: Used for GitHub repository access

API Key Credentials

Many services use API keys for authentication. You generate a key in the service's dashboard and paste it into n8n.

  • OpenAI API: Requires an API key from OpenAI platform
  • Stripe API: Uses publishable and secret keys
  • SendGrid API: Requires a generated API key
  • Airtable API: Personal access token or API key

Basic Authentication

Basic auth uses a username and password combination. It's common for HTTP APIs, databases, and internal tools.

  • HTTP Basic Auth: Username and password for custom APIs
  • Postgres/MySQL: Database username and password
  • FTP/SFTP: Server authentication

Custom Header Authentication

Some APIs require custom headers for authentication, like X-API-Key or Authorization: Bearer token.

Tip: Always check the API documentation of the service you're connecting to. It will specify which authentication method to use and where to find your credentials.

How to Set Up OAuth Credentials

OAuth credentials require a few extra steps because they involve an authorization flow. Here's how to set them up correctly:

  1. Open your n8n workflow and add a node that requires OAuth (like Google Sheets or Slack).
  2. Click on the Credential dropdown and select Create New.
  3. Choose the OAuth credential type (e.g., Google OAuth2 API).
  4. n8n will display an authorization URL. Click Connect my account or the OAuth connection button.
  5. You'll be redirected to the service's authorization page. Log in and grant the requested permissions.
  6. After authorization, you'll be redirected back to n8n. The credential is now saved and ready to use.

Using Your Own OAuth App (Advanced)

By default, n8n uses shared OAuth applications for common services. For production workflows or higher rate limits, you should create your own OAuth app:

  1. Go to the service's developer console (e.g., Google Cloud Console, Slack API Dashboard).
  2. Create a new OAuth application and note the Client ID and Client Secret.
  3. Set the redirect URI to your n8n instance's OAuth callback URL (usually https://yourname.n8nautomation.cloud/rest/oauth2-credential/callback).
  4. In n8n, create the OAuth credential and enter your custom Client ID and Client Secret.
  5. Complete the authorization flow as described above.
Note: Using your own OAuth app prevents rate limiting issues that can occur with shared credentials. It's recommended for any production workflow on n8nautomation.cloud.

How to Set Up API Key Credentials

API key setup is more straightforward than OAuth. Here's the process:

  1. Log into the service you want to connect (e.g., OpenAI, Stripe, Airtable).
  2. Navigate to the API settings or developer section (usually under Settings → API Keys or similar).
  3. Generate a new API key. Copy it immediately—many services only show it once.
  4. In n8n, add the node that requires this API (e.g., OpenAI node).
  5. Click on CredentialCreate New.
  6. Paste your API key into the credential form.
  7. Give the credential a descriptive name (e.g., "OpenAI Production Key").
  8. Click Save.

Example: Setting Up OpenAI Credentials

  1. Go to platform.openai.com/api-keys.
  2. Click Create new secret key.
  3. Copy the key (it starts with sk-).
  4. In n8n, add an OpenAI node to your workflow.
  5. Create a new OpenAI API credential.
  6. Paste the key into the API Key field.
  7. Save and test the connection by executing a simple prompt.

Security Best Practices

Credentials give access to sensitive data and systems. Following security best practices prevents unauthorized access and data breaches:

Use Least Privilege Access

Only grant the minimum permissions necessary for your workflow. If you're only reading Google Sheets data, don't grant write or delete permissions.

Create Separate Credentials for Production and Testing

Use different API keys or OAuth apps for development and production workflows. This prevents test workflows from affecting live data.

  • Label credentials clearly: "Stripe Test Key" vs "Stripe Production Key"
  • Use different accounts when possible (e.g., separate Gmail accounts for testing)

Rotate Credentials Regularly

Change API keys and OAuth tokens periodically, especially for high-value services like payment processors or databases.

  1. Generate a new API key in the service dashboard.
  2. Update the credential in n8n.
  3. Test workflows to ensure they still function.
  4. Revoke the old API key.

Never Hardcode Credentials in Workflows

Always use n8n's credential system. Never paste API keys directly into Code nodes, HTTP Request nodes, or workflow parameters. This prevents accidental exposure when sharing workflows.

Enable Two-Factor Authentication

For services that support it, enable 2FA on the accounts you're using for OAuth. This adds an extra layer of protection if your account password is compromised.

Use Environment Variables for Self-Hosted Instances

If you're self-hosting n8n, store sensitive configuration in environment variables rather than in the n8n interface. This is especially important for database credentials and encryption keys.

Tip: Managed hosting platforms like n8nautomation.cloud handle encryption and secure storage automatically. Credentials are encrypted at rest and isolated to your dedicated instance.

Troubleshooting Common Issues

"Invalid Credentials" or "Authentication Failed"

This usually means the credential is expired, revoked, or incorrectly configured.

  • For OAuth: Delete the credential and re-authorize. OAuth tokens can expire or be revoked.
  • For API Keys: Check that the key is still active in the service dashboard. Regenerate if necessary.
  • For Basic Auth: Verify username and password are correct. Check for typos or special characters.

"Insufficient Permissions" or "Access Denied"

The credential doesn't have the required permissions to perform the action.

  1. Check the service's permission settings. For OAuth, you may need to re-authorize with broader scopes.
  2. In Google services, verify that the API is enabled in Google Cloud Console.
  3. For database credentials, ensure the user has the necessary privileges (SELECT, INSERT, UPDATE, etc.).

"Redirect URI Mismatch" (OAuth)

This happens when the OAuth callback URL doesn't match what's configured in the service's developer settings.

  1. Go to the service's OAuth app settings.
  2. Add your n8n instance's callback URL (e.g., https://yourname.n8nautomation.cloud/rest/oauth2-credential/callback).
  3. Try the authorization flow again.

Credentials Not Appearing in Dropdown

If you've created a credential but it doesn't show in the node's dropdown:

  • Verify you created the correct credential type (e.g., "Google Sheets OAuth2 API" not "Google OAuth2 API").
  • Refresh the workflow editor page.
  • Check that the credential was saved successfully (look in Settings → Credentials).

Rate Limiting Issues

When using shared OAuth apps, you may hit rate limits. The solution is to create your own OAuth application (as described in the OAuth setup section).

Sharing Credentials Across Workflows

One of the biggest advantages of n8n credentials is reusability. Once you create a credential, you can use it across multiple workflows without re-entering authentication details.

Using Existing Credentials

When you add a node that requires authentication:

  1. Click the Credential dropdown.
  2. Select an existing credential from the list instead of creating a new one.
  3. The node will use that credential's authentication.

Credential Naming Best Practices

Use clear, descriptive names for credentials so you can identify them easily:

  • Bad: "OAuth", "API Key", "Credential 1"
  • Good: "Google Sheets - Marketing Account", "Stripe Production Key", "PostgreSQL - Analytics DB"

Team Credential Sharing (n8n Cloud/Self-Hosted with Projects)

If you're using n8n Cloud or a self-hosted instance with project features, you can share credentials with team members:

  1. Go to SettingsCredentials.
  2. Select the credential you want to share.
  3. Click Share and choose team members or projects.
  4. Set permission levels (view, use, edit).

This prevents duplicate credentials and ensures everyone on the team uses the same authentication source.

Note: On individual managed instances from providers like n8nautomation.cloud, credentials are isolated to your instance by default. If you need team access, consider upgrading to a plan that supports multiple users.

Final Thoughts

n8n credentials are the foundation of secure workflow automation. Understanding how to set them up correctly—whether OAuth, API keys, or basic authentication—ensures your workflows run reliably and securely.

The key takeaways:

  • Always use n8n's credential system instead of hardcoding keys
  • Follow security best practices: least privilege, regular rotation, separate test/production credentials
  • Create your own OAuth apps for production workflows to avoid rate limits
  • Use descriptive credential names for easy identification
  • Troubleshoot authentication issues by checking permissions, expiration, and API status

Whether you're self-hosting or using managed n8n hosting, proper credential management protects your data and keeps your automations running smoothly. Start by securing your most critical connections first—databases, payment processors, and customer data platforms—then expand to other integrations as you build out your automation infrastructure.

Ready to automate with n8n?

Get affordable managed n8n hosting with 24/7 support.