Skip to main content

How does n8n-mcp secure AI access to n8n?

n8n-mcp secures AI access to n8n by keeping sensitive credentials and outbound network decisions inside the gateway. AI clients receive a platform API key and call a hosted MCP endpoint; the gateway authenticates the request, resolves the user's n8n instance, checks quotas, validates outbound targets and then calls n8n from the server.

Encrypted n8n credentials

n8n API keys are stored server-side and encrypted at rest. AI clients authenticate to the gateway with platform API keys instead of receiving direct n8n credentials.

Outbound request protection

Before the gateway calls a user-configured n8n URL, SSRF checks block private IP ranges, localhost targets and cloud metadata addresses.

Rate limits and quotas

MCP calls pass through gateway rate limiting and quota checks so abuse control stays centralized.

Tenant-aware routing

Each request is tied to an authenticated user and routed only to n8n instances owned by that user.

Workflow Agent policy

Read-only discovery, preview and audit tools are enforced server-side as non-mutating. Disabled operations fail closed, and workflow-changing calls must pass policy checks and confirmation requirements.

Validation before activation

Workflow Agent mode validates workflow structure, node configuration, connections, expressions and explicit default choices before deploy or activation. Errors block deployment; warnings require review.

Diff-first mutation

Existing workflows are updated through previewed diffs and partial patches where possible. Full workflow updates are treated as a high-risk fallback, especially for large or uncertain edits.

Audit, history and rollback

Mutating calls record before/after snapshots, validation results and diff metadata. Operators can inspect workflow history and roll back to a captured state when needed.

Dashboard Agent Console

The Agent Console is the review surface for production workflow work. It separates Code Agent tasks from Workflow Agent tasks and shows the evidence needed before a workflow is changed, activated, tested or rolled back.