api-key-validator

N8N Community Node for validating API keys, tokens and sensitive authentication data

Package Information

Downloads: 51 weekly / 89 monthly
Latest Version: 1.1.9
Author: Kiro Dev

Available Nodes

Security Validator icon
Security Validator
Validate API keys, tokens and sensitive data - stops workflow if invalid, passes all data if valid

Documentation

N8N API Key Validator Node

A community node for N8N focused on validating API keys, tokens, and sensitive data with maximum security and multiple input modes.

🔐 Main Features

  • Multiple Input Modes: Direct input, Environment Variables, or JavaScript Code
  • 🛡️ Advanced Data Masking: Automatically hides sensitive data in output
  • 🚫 Secure Validation: If invalid → stops workflow, if valid → passes masked data
  • 🎯 Perfect for Webhooks: Ideal for validating authentication on endpoints
  • 📊 Validation Confirmation: Clear feedback when validation passes

🔍 How It Works

Security Behavior

  1. ✅ Validation PASSED: Node passes all original data (with sensitive values masked) to the next node
  2. ❌ Validation FAILED: Workflow stops immediately with custom error message

Input Modes

  • Direct Input: Enter API key directly (may show in debug area)
  • Environment Variable: Use system environment variables (most secure)
  • Code Expression: Use JavaScript code for maximum flexibility

Validation Types

  • Exact Match: API key must match exactly
  • Starts With: API key must start with expected prefix
  • Contains: API key must contain expected substring

🔧 Configuration

Input Mode Options

1. Direct Input Mode

Input Mode: Direct Input
Input Key: ••••••••••••••••••••••••••••••••••

2. Environment Variable Mode

Input Mode: Environment Variable
Environment Variable Name: API_KEY

Configure: API_KEY=your-secret-key in your system

3. Code Expression Mode

Input Mode: Code Expression
JavaScript Code:
// Return the API key to validate
return $env.API_KEY;
// or
return $json.headers['x-api-key'];

Other Fields

  • Expected Key: Your secret key (supports expressions, hidden for security)
  • Validation Type: How to validate (Exact Match, Starts With, Contains)
  • Case Sensitive: Whether to consider uppercase/lowercase
  • Error Message: Custom error message

🚀 Usage Examples

Example 1: Environment Variable Mode (Most Secure)

  1. System Setup: Set environment variable API_KEY=sk-1234567890abcdef
  2. Security Validator Configuration:
    • Input Mode: Environment Variable
    • Environment Variable Name: API_KEY
    • Expected Key: sk-1234567890abcdef
    • Validation Type: Exact Match
// Webhook Input:
{
  "headers": {
    "x-api-key": "sk-1234567890abcdef"
  },
  "body": { "data": "important" }
}

// Security Validator Output:
{
  "headers": {
    "x-api-key": "***HIDDEN***"  // ← Masked for security
  },
  "body": { "data": "important" },
  "_validation": {
    "status": "VALID",
    "message": "API key validation passed successfully",
    "timestamp": "2025-01-28T10:00:00Z",
    "validationType": "equals"
  }
}

Example 2: Code Expression Mode (Most Flexible)

// JavaScript Code in Security Validator:
// Check multiple possible locations for API key
return $json.headers['x-api-key'] || 
       $json.headers['authorization'] || 
       $json.query.api_key ||
       $env.FALLBACK_API_KEY;

Example 3: Direct Input Mode (Simple)

  • Input Key: {{$json.headers['x-api-key']}}
  • Expected Key: Your secret key (hidden)

🔒 Security Features

Data Masking

  • Automatic Detection: Masks API keys, tokens, passwords, and numeric IDs
  • Smart Patterns: Detects 8+ digit numbers, sensitive keywords
  • Output Protection: Sensitive values appear as ***HIDDEN*** in output

Input Security

  • Password Fields: All sensitive inputs are hidden
  • Environment Variables: Most secure option - no data exposure
  • Code Expressions: Flexible but secure execution context

Validation Feedback

"_validation": {
  "status": "VALID",
  "message": "API key validation passed successfully",
  "timestamp": "2025-01-28T10:00:00Z",
  "validationType": "equals"
}

📦 Installation

npm install n8n-nodes-api-key-validator

🎯 Use Cases

  • Validate API keys in webhooks
  • Verify authentication tokens
  • Validate user or session IDs
  • Control access based on specific values
  • Filter data based on security criteria

🛠️ Development

# Install dependencies
npm install

# Build
npm run build

# Development with watch
npm run dev

# Lint
npm run lint

# Format
npm run format

🔄 Changelog

v1.1.2 (Current)

  • ✅ Multiple input modes (Direct, Environment Variable, Code Expression)
  • ✅ Advanced data masking for sensitive values
  • ✅ Improved security for numeric IDs and tokens
  • ✅ Expression support for Expected Key field
  • ✅ Validation confirmation in output

v1.1.x

  • ✅ Enhanced data masking algorithms
  • ✅ Code expression mode for flexibility
  • ✅ Environment variable support

v1.0.x

  • ✅ Basic API key validation
  • ✅ Hidden password fields
  • ✅ Simple pass/stop behavior

� License

MIT

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

🐛 Issues

If you encounter any issues, please report them on the GitHub repository.

📞 Support

For support and questions, please use the GitHub issues or discussions.

Discussion