Which token do I need?
- Tenant token (site operations) — use this for day‑to‑day actions against a single site (pages, content, assets, settings, sitemap, notifications, chatbot). Obtain it from the Tenant Dashboard when authenticated.
- Server (central) admin token (tenant management) — use this if you operate your own Sitecopilot server and want to create/update/delete tenants or issue tenant API tokens automatically. Obtain it from the Central Dashboard when authenticated on your server instance.
Keep tokens separate. Never reuse a central admin token in tenant flows.
Credential strategy
Create two credentials (or environment variables):- Sitecopilot Central —
SITECOPILOT_ADMIN_BASE_URL,SITECOPILOT_ADMIN_TOKEN - Sitecopilot Tenant —
SITECOPILOT_TENANT_BASE_URL,SITECOPILOT_TENANT_TOKEN
Using Environment Variables
Define variables in your n8n environment and reference them as{{$env.VAR_NAME}}.
- URL:
{{$env.SITECOPILOT_TENANT_BASE_URL}}/api/pages - Headers:
Authorization: Bearer {{$env.SITECOPILOT_TENANT_TOKEN}}
Using n8n Credentials UI
Create two HTTP Header Auth credentials (or generic API Key):- Name:
Sitecopilot Tenant - Header:
Authorization - Value:
Bearer {{$credentials.apiToken}} - Name:
Sitecopilot Central - Header:
Authorization - Value:
Bearer {{$credentials.apiToken}}
Token rotation
- Store a short‑lived token in one place (env or credential) and re‑use via expressions.
- Use a dedicated workflow to refresh or rotate tokens and update the n8n credential via n8n API if needed.
Least privilege
- Separate central and tenant tokens.
- Avoid placing tokens in plaintext within node parameters or notes.
Example mappings
| Purpose | Base URL env | Token env |
|---|---|---|
| Tenant content automation | SITECOPILOT_TENANT_BASE_URL | SITECOPILOT_TENANT_TOKEN |
| Server tenant lifecycle | SITECOPILOT_ADMIN_BASE_URL | SITECOPILOT_ADMIN_TOKEN |