> ## Documentation Index
> Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Set up the n8n MCP server

> Create an n8n API key on your instance, then register the n8n MCP server in C1 and govern the tools it exposes.

<Note>
  **Activation required.** AI access management must be enabled for your tenant before you can use it. To get started, [contact the C1 support team](mailto:support@c1.ai) for a walkthrough.
</Note>

The n8n MCP server lets you govern access to n8n — workflows, executions, credentials, tags, and users — as tools your AI clients can call through C1. n8n is self-hosted, so the server connects to your own n8n instance.

n8n authenticates with an API key that C1 sends in a request header. A single key authenticates everyone, so all tool calls reach n8n as one shared identity.

## How C1 connects to n8n

C1 hosts the n8n MCP server, so your users' AI clients only ever see MCP tools — they never call n8n directly. When an AI client calls one of these tools, C1 makes the matching request to the n8n API using the credentials you configure here, then returns the result to the AI client.

The credentials you set up below are what C1 uses to call n8n on your users' behalf.

## Before you begin

* AI access management must be enabled for your tenant. See [Enable AI access management](/product/admin/enable-ai-access-management).
* An account on your n8n instance that can create API keys, with access to the resources you want to govern.
* The base URL of your n8n instance, reachable from C1.

<Note>
  If you don't see **n8n** in your MCP server catalog, [contact the C1 support team](mailto:support@c1.ai) to enable it for your tenant.
</Note>

## Create an n8n API key

Create an API key on your n8n instance for C1 to authenticate with. For more information, see n8n's [API authentication](https://docs.n8n.io/api/authentication/) documentation.

<Steps>
  <Step>
    Sign in to your n8n instance and go to **Settings** > **n8n API**.
  </Step>

  <Step>
    Select **Create an API key**, give it a recognizable label such as `C1`, and set an expiration if your instance supports one.
  </Step>

  <Step>
    Copy the key. n8n shows the key only once.
  </Step>
</Steps>

For a shared production setup, create the key from a dedicated service-account user so activity is attributable to C1 rather than a person.

## How n8n credentials are shared

Every user's tool calls use the one API key you provided, so n8n sees a single shared identity. C1 still attributes each call to the individual user in the [AI tool usage audit log](/product/admin/audit-ai-tool-usage). For a shared setup, create the key from a dedicated service-account user so activity is attributable to C1 rather than a person.

For how shared and per-user credentials work across MCP servers, see [Configure authentication](/product/admin/mcp-servers#configure-authentication).

## Register the n8n MCP server in C1

With your API key ready, register the server and provide it to C1.

<Steps>
  <Step>
    Follow [Register an MCP server](/product/admin/mcp-servers#register-an-mcp-server) and select **n8n** from the catalog.
  </Step>

  <Step>
    Enter the base URL of your n8n instance when prompted.
  </Step>

  <Step>
    When you [configure authentication](/product/admin/mcp-servers#configure-authentication), choose **Custom header**. Set the header name to `X-N8N-API-KEY` and the value to your n8n API key.
  </Step>

  <Step>
    Save your changes. C1 starts a sync that discovers the tools the n8n server exposes.
  </Step>
</Steps>

## Discover and govern tools

After you register the server, C1 runs tool discovery against n8n. Discovered tools appear on the server's **Tools** tab.

Each tool starts as either **Pending review** or automatically **Approved**, depending on the option chosen when the server was set up or your tenant's default tool settings in **Settings** > **AI Connections**. See [Require tool approval](/product/admin/enable-ai-access-management#require-tool-approval) and [Default tool classification](/product/admin/enable-ai-access-management#default-tool-classification).

Before anyone can call an n8n tool, it must be approved, added to a toolset, and bound to an access profile. Continue to [Govern tools and toolsets](/product/admin/tools-and-toolsets) to set this up.

<Note>
  Tool discovery runs even if your credentials are incorrect, so seeing discovered tools doesn't confirm that authentication is working. You confirm your n8n credentials when an approved user successfully calls an n8n tool from their AI client.
</Note>

## Manage your n8n credentials

* **Rotate the API key** by creating a new key under **Settings** > **n8n API**, updating it in C1, then deleting the old key.
* **Adjust access** by changing the permissions of the user the key belongs to on your n8n instance.
