HumationHuman + Automation
Back to Catalog

Secure API endpoint with bearer token authentication and field validation

AudunAudun
1180 views
2/3/2026
Lead ManagementWebhookData TransformationNotionDatabaseAPICRM
Official Page

A reusable and production-ready n8n workflow that secures public webhooks using Bearer Token authentication and dynamic request validation.

✨ What It Does

  • Verifies Bearer Token
    Compares the Authorization header with a configured secret token.

  • Validates Required Fields
    Checks that all expected fields are present in the incoming request body.

  • Returns Standardized JSON Responses

    • 401 Unauthorized if token is missing or invalid
    • 400 Bad Request if required fields are missing
    • 200 OK with a custom success payload

πŸ‘€ Who It’s For

  • Developers exposing n8n workflows as APIs
  • No-code/low-code builders integrating with external forms or tools
  • Anyone needing simple authentication and validation on incoming webhooks

πŸ’‘ Why Use It

  • πŸ”’ Secure: Prevents unauthorized access to your public workflows
  • 🧼 Clean: Centralized configuration for token and required fields
  • βš™οΈ Flexible: Easy to extend and customize for any use case

πŸ›  Setup Instructions

  1. Configure Values in the Configuration Node

    • Set your secret token:
      config.bearerToken = YOUR_TOKEN
    • Define required request fields by key:
      Example: 
      config.requiredFields.message = true;
config.requiredFields.email = true;
      βœ… Only the keys matter – values can be anything.

  2. Plug in Your Business Logic
    Replace the "Add workflow nodes here" with your own logic.

  3. Customize the Success Response
    Edit the Create Response node to shape your success payload.

πŸ§ͺ Use Cases

  • Securing public form submissions
  • Creating internal API endpoints
  • Validating data from external services

πŸ“Œ Use this as a base for building secure, API-style workflows in n8n.

πŸ‘‹ Hello! I'm Audun / xqus

If my n8n workflows saved you time or sparked ideas, consider sending a little support my way. It helps me keep building cool stuff β€” and maybe grab a coffee β˜• along the way!

Secure API Endpoint with Bearer Token Authentication and Field Validation

This n8n workflow provides a secure API endpoint that enforces Bearer Token authentication and performs essential field validation on incoming requests. It's designed to protect your backend services from unauthorized access and ensure data integrity by rejecting requests that do not meet specified security and data requirements.

What it does

This workflow simplifies the creation of secure API endpoints by:

  1. Listening for incoming HTTP requests: It acts as a webhook, ready to receive POST requests.
  2. Validating Bearer Token: It checks if the Authorization header contains a valid Bearer Token. If the token is missing or incorrect, it immediately responds with a 401 Unauthorized error.
  3. Validating Required Fields: It ensures that the incoming request body contains specific mandatory fields. If any required field is missing, it responds with a 400 Bad Request error, detailing the missing fields.
  4. Processing Valid Requests: If both authentication and field validation pass, the workflow proceeds to a placeholder "No Operation" node, indicating where your actual business logic would begin.
  5. Responding to the client: It sends appropriate HTTP responses (200 OK, 400 Bad Request, or 401 Unauthorized) back to the client based on the validation results.

Prerequisites/Requirements

  • n8n Instance: An active n8n instance to host and run the workflow.
  • Bearer Token: A pre-defined secret Bearer Token that clients must include in their Authorization header for successful authentication. This token should be configured within the "Code" node.

Setup/Usage

  1. Import the workflow:
    • Copy the provided JSON code.
    • In your n8n instance, click on "Workflows" in the left sidebar.
    • Click "New" and then "Import from JSON".
    • Paste the JSON and click "Import".
  2. Configure the Webhook Trigger:
    • The "Webhook" node is already configured to listen for POST requests.
    • Activate the workflow to get its unique URL. This URL will be your secure API endpoint.
  3. Configure the Secret Bearer Token:
    • Open the "Code" node named "Validate Bearer Token".
    • Locate the line const expectedToken = 'YOUR_SECRET_BEARER_TOKEN';.
    • Replace 'YOUR_SECRET_BEARER_TOKEN' with your actual secret token.
  4. Configure Required Request Body Fields:
    • Open the "Code" node named "Validate Required Fields".
    • Locate the line const requiredFields = ['field1', 'field2', 'field3'];.
    • Modify the array to include the actual field names that are mandatory for your API endpoint.
  5. Add your Business Logic:
    • The "No Operation, do nothing" node after successful validation is a placeholder.
    • Replace this node with your actual business logic (e.g., saving data to a database, calling another API, sending notifications, etc.).
  6. Activate the Workflow:
    • Ensure the workflow is active by toggling the "Active" switch in the top right corner of the workflow editor.

Example Request

To test the endpoint, send a POST request to the webhook URL with the configured Bearer Token in the Authorization header and the required fields in the JSON body.

Successful Request Example:

curl -X POST "YOUR_WEBHOOK_URL" \
-H "Authorization: Bearer YOUR_SECRET_BEARER_TOKEN" \
-H "Content-Type: application/json" \
-d '{
    "field1": "value1",
    "field2": "value2",
    "field3": "value3"
}'

Response (200 OK):

{
  "status": "success",
  "message": "Request processed successfully."
}

Unauthorized Request Example (Missing/Incorrect Token):

curl -X POST "YOUR_WEBHOOK_URL" \
-H "Content-Type: application/json" \
-d '{
    "field1": "value1",
    "field2": "value2",
    "field3": "value3"
}'

Response (401 Unauthorized):

{
  "status": "error",
  "message": "Unauthorized: Bearer token missing or invalid."
}

Bad Request Example (Missing Fields):

curl -X POST "YOUR_WEBHOOK_URL" \
-H "Authorization: Bearer YOUR_SECRET_BEARER_TOKEN" \
-H "Content-Type: application/json" \
-d '{
    "field1": "value1"
}'

Response (400 Bad Request):

{
  "status": "error",
  "message": "Bad Request: Missing required fields: field2, field3."
}

Related Templates

Generate song lyrics and music from text prompts using OpenAI and Fal.ai Minimax

Spark your creativity instantly in any chatβ€”turn a simple prompt like "heartbreak ballad" into original, full-length lyrics and a professional AI-generated music track, all without leaving your conversation. πŸ“‹ What This Template Does This chat-triggered workflow harnesses AI to generate detailed, genre-matched song lyrics (at least 600 characters) from user messages, then queues them for music synthesis via Fal.ai's minimax-music model. It polls asynchronously until the track is ready, delivering lyrics and audio URL back in chat. Crafts original, structured lyrics with verses, choruses, and bridges using OpenAI Submits to Fal.ai for melody, instrumentation, and vocals aligned to the style Handles long-running generations with smart looping and status checks Returns complete song package (lyrics + audio link) for seamless sharing πŸ”§ Prerequisites n8n account (self-hosted or cloud with chat integration enabled) OpenAI account with API access for GPT models Fal.ai account for AI music generation πŸ”‘ Required Credentials OpenAI API Setup Go to platform.openai.com β†’ API keys (sidebar) Click "Create new secret key" β†’ Name it (e.g., "n8n Songwriter") Copy the key and add to n8n as "OpenAI API" credential type Test by sending a simple chat completion request Fal.ai HTTP Header Auth Setup Sign up at fal.ai β†’ Dashboard β†’ API Keys Generate a new API key β†’ Copy it In n8n, create "HTTP Header Auth" credential: Name="Fal.ai", Header Name="Authorization", Header Value="Key [Your API Key]" Test with a simple GET to their queue endpoint (e.g., /status) βš™οΈ Configuration Steps Import the workflow JSON into your n8n instance Assign OpenAI API credentials to the "OpenAI Chat Model" node Assign Fal.ai HTTP Header Auth to the "Generate Music Track", "Check Generation Status", and "Fetch Final Result" nodes Activate the workflowβ€”chat trigger will appear in your n8n chat interface Test by messaging: "Create an upbeat pop song about road trips" 🎯 Use Cases Content Creators: YouTubers generating custom jingles for videos on the fly, streamlining production from idea to audio export Educators: Music teachers using chat prompts to create era-specific folk tunes for classroom discussions, fostering interactive learning Gift Personalization: Friends crafting anniversary R&B tracks from shared memories via quick chats, delivering emotional audio surprises Artist Brainstorming: Songwriters prototyping hip-hop beats in real-time during sessions, accelerating collaboration and iteration ⚠️ Troubleshooting Invalid JSON from AI Agent: Ensure the system prompt stresses valid JSON; test the agent standalone with a sample query Music Generation Fails (401/403): Verify Fal.ai API key has minimax-music access; check usage quotas in dashboard Status Polling Loops Indefinitely: Bump wait time to 45-60s for complex tracks; inspect fal.ai queue logs for bottlenecks Lyrics Under 600 Characters: Tweak agent prompt to enforce fuller structures like [V1][C][V2][B][C]; verify output length in executions

Daniel NkenchoBy Daniel Nkencho
601

Automate Dutch Public Procurement Data Collection with TenderNed

TenderNed Public Procurement What This Workflow Does This workflow automates the collection of public procurement data from TenderNed (the official Dutch tender platform). It: Fetches the latest tender publications from the TenderNed API Retrieves detailed information in both XML and JSON formats for each tender Parses and extracts key information like organization names, titles, descriptions, and reference numbers Filters results based on your custom criteria Stores the data in a database for easy querying and analysis Setup Instructions This template comes with sticky notes providing step-by-step instructions in Dutch and various query options you can customize. Prerequisites TenderNed API Access - Register at TenderNed for API credentials Configuration Steps Set up TenderNed credentials: Add HTTP Basic Auth credentials with your TenderNed API username and password Apply these credentials to the three HTTP Request nodes: "Tenderned Publicaties" "Haal XML Details" "Haal JSON Details" Customize filters: Modify the "Filter op ..." node to match your specific requirements Examples: specific organizations, contract values, regions, etc. How It Works Step 1: Trigger The workflow can be triggered either manually for testing or automatically on a daily schedule. Step 2: Fetch Publications Makes an API call to TenderNed to retrieve a list of recent publications (up to 100 per request). Step 3: Process & Split Extracts the tender array from the response and splits it into individual items for processing. Step 4: Fetch Details For each tender, the workflow makes two parallel API calls: XML endpoint - Retrieves the complete tender documentation in XML format JSON endpoint - Fetches metadata including reference numbers and keywords Step 5: Parse & Merge Parses the XML data and merges it with the JSON metadata and batch information into a single data structure. Step 6: Extract Fields Maps the raw API data to clean, structured fields including: Publication ID and date Organization name Tender title and description Reference numbers (kenmerk, TED number) Step 7: Filter Applies your custom filter criteria to focus on relevant tenders only. Step 8: Store Inserts the processed data into your database for storage and future analysis. Customization Tips Modify API Parameters In the "Tenderned Publicaties" node, you can adjust: offset: Starting position for pagination size: Number of results per request (max 100) Add query parameters for date ranges, status filters, etc. Add More Fields Extend the "Splits Alle Velden" node to extract additional fields from the XML/JSON data, such as: Contract value estimates Deadline dates CPV codes (procurement classification) Contact information Integrate Notifications Add a Slack, Email, or Discord node after the filter to get notified about new matching tenders. Incremental Updates Modify the workflow to only fetch new tenders by: Storing the last execution timestamp Adding date filters to the API query Only processing publications newer than the last run Troubleshooting No data returned? Verify your TenderNed API credentials are correct Check that you have setup youre filter proper Need help setting this up or interested in a complete tender analysis solution? Get in touch πŸ”— LinkedIn – Wessel Bulte

Wessel BulteBy Wessel Bulte
247

AI-powered code review with linting, red-marked corrections in Google Sheets & Slack

Advanced Code Review Automation (AI + Lint + Slack) Who’s it for For software engineers, QA teams, and tech leads who want to automate intelligent code reviews with both AI-driven suggestions and rule-based linting β€” all managed in Google Sheets with instant Slack summaries. How it works This workflow performs a two-layer review system: Lint Check: Runs a lightweight static analysis to find common issues (e.g., use of var, console.log, unbalanced braces). AI Review: Sends valid code to Gemini AI, which provides human-like review feedback with severity classification (Critical, Major, Minor) and visual highlights (red/orange tags). Formatter: Combines lint and AI results, calculating an overall score (0–10). Aggregator: Summarizes results for quick comparison. Google Sheets Writer: Appends results to your review log. Slack Notification: Posts a concise summary (e.g., number of issues and average score) to your team’s channel. How to set up Connect Google Sheets and Slack credentials in n8n. Replace placeholders (<YOURSPREADSHEETID>, <YOURSHEETGIDORNAME>, <YOURSLACKCHANNEL_ID>). Adjust the AI review prompt or lint rules as needed. Activate the workflow β€” reviews will start automatically whenever new code is added to the sheet. Requirements Google Sheets and Slack integrations enabled A configured AI node (Gemini, OpenAI, or compatible) Proper permissions to write to your target Google Sheet How to customize Add more linting rules (naming conventions, spacing, forbidden APIs) Extend the AI prompt for project-specific guidelines Customize the Slack message formatting Export analytics to a dashboard (e.g., Notion or Data Studio) Why it’s valuable This workflow brings realistic, team-oriented AI-assisted code review to n8n β€” combining the speed of automated linting with the nuance of human-style feedback. It saves time, improves code quality, and keeps your team’s review history transparent and centralized.

higashiyama By higashiyama
90