Creating a Secure Webhook - Must Have - n8n Workflow | Neura Market
Creating a Secure Webhook - Must Have
## How it works
This workflow demonstrates a fundamental pattern for securing a webhook by requiring an API key. It acts as a gatekeeper, checking for a valid key in the request header before allowing the request to proceed.
1. **Incoming Request:** The `Secured Webhook` node receives an incoming `POST` request. It expects an API key to be sent in the `x-api-key` header.
2. **API Key Verification:** The `Check API Key` node takes the key from the incoming request's header. It then makes an internal HTTP request to a second webhook (`Get API Key`) which acts as a mock database. This second webhook retrieves a list of registered API keys (from the `Registered API Keys` node) and filters it to find a match for the key that was provided.
3. **Conditional Response:** If a match is found, the `API Key Identified` node routes the execution to the success path, returning a `200 OK` response with the identified user's ID. If no match is found, it routes to the unauthorized path, returning a `401 Unauthorized` error.
This pattern separates the public-facing endpoint from the data source, which is a good security practice.
## Set up steps
**Setup time: ~2 minutes**
This workflow is designed to be a self-contained example.
1. **Set up Credentials:** This workflow uses Header Auth for its internal communication. Go to **Credentials** and create a new **Header Auth** credential. You can use any name and value (e.g., Name: `X-N8N-Auth`, Value: `my-secret-password`). Select this credential in all four webhook/HTTP Request nodes.
2. **Add Your API Keys:** Open the **`Registered API Keys`** node. This is your mock database. Edit the array to include the `user_id` and `api_key` pairs you want to authorize.
3. **Activate the workflow.**
4. **Test it:** Use the **`Test Secure Webhook`** node to send a request. Try it with a valid key from your list to see the success response. Change the `x-api-key` header to an invalid key to see the `401 Unauthorized` error.
**For Production:** Replace the mock database part of this workflow (the `Get API Key` webhook and `Registered API Keys` node) with a real database node like Supabase, Postgres, or Baserow to look up keys.
Platform
n8n
Category
IT & Development
Price
Free
Creator
Lucas Peyrin
if
set
filter
webhook
splitOut
stickyNote
httpRequest
respondToWebhook
How to import this workflow into n8n
1Purchase or download the workflow to get the n8n workflow JSON file.
2In your n8n instance, open Workflows and choose "Import from File" (or paste the JSON with Ctrl+V on the canvas).
3Open each node marked with a credential warning and connect your own accounts and API keys.
4Run the workflow once manually to verify the data flow, then toggle it to Active.