Credentials - Authentication Management
What are Credentials
Section titled “What are Credentials”A secure storage system for authentication data such as API keys, tokens, passwords, and database connections. Credentials are stored encrypted in the database and loaded on demand by modules that need authentication with external services. They are stored in the servicecredentials table.
How They Work
Section titled “How They Work”- They are created and managed from the administration panel.
- They are stored as JSON in the
credentialscolumn of theservicecredentialstable. - Modules load them via
getCredentials(config.credentials_id). - The identifier can be numeric (ID) or string (service_name).
- Each credential is associated with a
client_id.
Common Credential Types
Section titled “Common Credential Types”API Key
Section titled “API Key”For services such as OpenAI, Telegram, among others:
{ "apiKey": "sk-xxxx..." }Basic Auth
Section titled “Basic Auth”For HTTP, REST APIs:
{ "username": "user", "password": "pass123" }OAuth2 / Token
Section titled “OAuth2 / Token”For Shopify, Amazon, Google, among others:
{ "access_token": "token_xxx", "refresh_token": "refresh_xxx" }Database
Section titled “Database”For PostgreSQL, MySQL, MSSQL, Oracle:
{ "host": "db.example.com", "port": 5432, "user": "admin", "password": "secret", "database": "mydb", "ssl": true}SMTP (Email)
Section titled “SMTP (Email)”For SendMail:
{ "host": "smtp.gmail.com", "port": 465, "secure": true, "auth_user": "user@gmail.com", "auth_pass": "app_password"}Webhook URL
Section titled “Webhook URL”For Slack:
{ "webhookUrl": "https://hooks.slack.com/services/xxx", "username": "Bot" }Bot Token
Section titled “Bot Token”For Telegram:
{ "botToken": "123456:ABC-DEF..." }E-commerce
Section titled “E-commerce”For Shopify:
{ "shop_domain": "mitienda.myshopify.com", "access_token": "shpat_xxx..."}For WooCommerce:
{ "url": "https://mitienda.com", "consumer_key": "ck_xxx", "consumer_secret": "cs_xxx"}Using Credentials in a Module
Section titled “Using Credentials in a Module”In the visual editor, the credentials_id field displays a selector of available credentials. The module’s metadata.json file defines the field with "type": "credentials". Optionally, "provider": "stripe" can be included to filter credentials by service type.
In the module code, they are accessed as follows:
const credentials = await getCredentials(config.credentials_id);// credentials.apiKey, credentials.host, etc.Security and Best Practices
Section titled “Security and Best Practices”- Never include credentials directly in the node configuration.
- Always use the
credentials_idfield to reference stored credentials. - Credentials are not exposed in logs or execution traces.
- Each client has their own isolated credentials via
client_id. - Rotate tokens and passwords periodically to maintain security.
Service Reference Table
Section titled “Service Reference Table”| Service | Required Fields | Where to Obtain Them |
|---|---|---|
| OpenAI | apiKey | platform.openai.com/api-keys |
| Stripe | secret_key | dashboard.stripe.com/apikeys |
| Telegram | botToken | @BotFather on Telegram |
| Shopify | shop_domain, access_token | Shopify Admin Panel > Apps |
| OAuth2 tokens (automatic) | Google Cloud Console | |
| PostgreSQL | host, port, user, password, database | Your DB server |
| SMTP | host, port, auth_user, auth_pass | Your email provider |