> ## Documentation Index
> Fetch the complete documentation index at: https://docs.sitecopilot.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# n8n Auth & Secrets

This page shows how to store Sitecopilot credentials and inject them into nodes safely, and how to obtain the correct tokens for **tenant** vs **server** operations.

## Which token do I need?

* **Tenant token (site operations)** — use this for day‑to‑day actions against a single site (pages, content, assets, settings, sitemap, notifications, chatbot). Obtain it from the **Tenant Dashboard** when authenticated.
* **Server (central) admin token (tenant management)** — use this if you operate your own Sitecopilot server and want to **create/update/delete tenants** or **issue tenant API tokens** automatically. Obtain it from the **Central Dashboard** when authenticated on your server instance.

> Keep tokens separate. Never reuse a central admin token in tenant flows.

## Credential strategy

Create two credentials (or environment variables):

* **Sitecopilot Central** — `SITECOPILOT_ADMIN_BASE_URL`, `SITECOPILOT_ADMIN_TOKEN`
* **Sitecopilot Tenant** — `SITECOPILOT_TENANT_BASE_URL`, `SITECOPILOT_TENANT_TOKEN`

### Using Environment Variables

Define variables in your n8n environment and reference them as `{{$env.VAR_NAME}}`.

```bash theme={null}
# Docker compose example
environment:
- SITECOPILOT_TENANT_BASE_URL=https://tenant.example.com
- SITECOPILOT_TENANT_TOKEN=xxx.yyy.zzz
- SITECOPILOT_ADMIN_BASE_URL=https://central.example.com
- SITECOPILOT_ADMIN_TOKEN=aaa.bbb.ccc
volumes:
- n8n_data:/home/node/.n8n
```

In an **HTTP Request** node, set:

* **URL**: `{{$env.SITECOPILOT_TENANT_BASE_URL}}/api/pages`
* **Headers**: `Authorization: Bearer {{$env.SITECOPILOT_TENANT_TOKEN}}`

### Using n8n Credentials UI

Create two **HTTP Header Auth** credentials (or generic API Key):

* Name: `Sitecopilot Tenant`
* Header: `Authorization`
* Value: `Bearer {{$credentials.apiToken}}`
* Name: `Sitecopilot Central`
* Header: `Authorization`
* Value: `Bearer {{$credentials.apiToken}}`

Then select the credential in each HTTP node and set the base URL dynamically via node params.

## Token rotation

* Store a short‑lived token in one place (env or credential) and re‑use via expressions.
* Use a dedicated workflow to **refresh** or **rotate** tokens and update the n8n credential via n8n API if needed.

## Least privilege

* Separate central and tenant tokens.
* Avoid placing tokens in plaintext within node parameters or notes.

## Example mappings

| Purpose                   | Base URL env                  | Token env                  |
| ------------------------- | ----------------------------- | -------------------------- |
| Tenant content automation | `SITECOPILOT_TENANT_BASE_URL` | `SITECOPILOT_TENANT_TOKEN` |
| Server tenant lifecycle   | `SITECOPILOT_ADMIN_BASE_URL`  | `SITECOPILOT_ADMIN_TOKEN`  |
