Skip to main content
Activation required. AI access management must be enabled for your tenant before you can use it. To get started, contact the C1 support team for a walkthrough.
The n8n MCP server lets you govern access to n8n — workflows, executions, credentials, tags, and users — as tools your AI clients can call through C1. n8n is self-hosted, so the server connects to your own n8n instance. n8n authenticates with an API key that C1 sends in a request header. A single key authenticates everyone, so all tool calls reach n8n as one shared identity.

How C1 connects to n8n

C1 hosts the n8n MCP server, so your users’ AI clients only ever see MCP tools — they never call n8n directly. When an AI client calls one of these tools, C1 makes the matching request to the n8n API using the credentials you configure here, then returns the result to the AI client. The credentials you set up below are what C1 uses to call n8n on your users’ behalf.

Before you begin

  • AI access management must be enabled for your tenant. See Enable AI access management.
  • An account on your n8n instance that can create API keys, with access to the resources you want to govern.
  • The base URL of your n8n instance, reachable from C1.
If you don’t see n8n in your MCP server catalog, contact the C1 support team to enable it for your tenant.

Create an n8n API key

Create an API key on your n8n instance for C1 to authenticate with. For more information, see n8n’s API authentication documentation.
1
Sign in to your n8n instance and go to Settings > n8n API.
2
Select Create an API key, give it a recognizable label such as C1, and set an expiration if your instance supports one.
3
Copy the key. n8n shows the key only once.
For a shared production setup, create the key from a dedicated service-account user so activity is attributable to C1 rather than a person.

How n8n credentials are shared

Every user’s tool calls use the one API key you provided, so n8n sees a single shared identity. C1 still attributes each call to the individual user in the AI tool usage audit log. For a shared setup, create the key from a dedicated service-account user so activity is attributable to C1 rather than a person. For how shared and per-user credentials work across MCP servers, see Configure authentication.

Register the n8n MCP server in C1

With your API key ready, register the server and provide it to C1.
1
Follow Register an MCP server and select n8n from the catalog.
2
Enter the base URL of your n8n instance when prompted.
3
When you configure authentication, choose Custom header. Set the header name to X-N8N-API-KEY and the value to your n8n API key.
4
Save your changes. C1 starts a sync that discovers the tools the n8n server exposes.

Discover and govern tools

After you register the server, C1 runs tool discovery against n8n. Discovered tools appear on the server’s Tools tab. Each tool starts as either Pending review or automatically Approved, depending on the option chosen when the server was set up or your tenant’s default tool settings in Settings > AI Connections. See Require tool approval and Default tool classification. Before anyone can call an n8n tool, it must be approved, added to a toolset, and bound to an access profile. Continue to Govern tools and toolsets to set this up.
Tool discovery runs even if your credentials are incorrect, so seeing discovered tools doesn’t confirm that authentication is working. You confirm your n8n credentials when an approved user successfully calls an n8n tool from their AI client.

Manage your n8n credentials

  • Rotate the API key by creating a new key under Settings > n8n API, updating it in C1, then deleting the old key.
  • Adjust access by changing the permissions of the user the key belongs to on your n8n instance.