Skip to content

Credentials

Do not commit real credentials, access tokens, consumer secrets, passwords, or private keys to this repository.

Salesforce

n8n needs a Salesforce connection with API access. Use a dedicated integration user where possible.

Required values:

  • Salesforce login URL
  • Username
  • Password or OAuth flow credentials
  • Security token, if the selected auth method requires it
  • Connected App Consumer Key, if using OAuth
  • Connected App Consumer Secret, if using OAuth

Recommended storage:

  • n8n credentials store
  • GitHub Actions secrets for CI/CD
  • Password manager for handover

n8n

Required values:

  • n8n base URL
  • n8n API key for deployment automation, if used
  • Webhook path for the Data Enrichment agent

Webhook authentication (required, per org)

The n8n enrichment webhook is protected with a shared-secret header so that only Salesforce can trigger enrichment runs (an open webhook lets anyone burn Apify/SerpAPI/Gemini credits). Configure a unique secret per environment — it is not shipped with the package.

  1. Generate a random secret (e.g. openssl rand -hex 24).
  2. n8n: create a Header Auth credential with header name X-Enrichment-Token and the secret as its value, then set the enrichment webhook node's Authentication to Header Auth and select that credential.
  3. Salesforce: set the secret in Data Enrichment Settings (OrgSettings__c custom setting) → field Webhook Auth Token (WebhookAuthToken__c). Apex reads it and sends it as the X-Enrichment-Token header on every webhook callout. The value is per-org config that survives package upgrades; leave it blank to send no header (open webhook). The secret is never shipped with the package.

Verify: a POST to the webhook without the header returns 403; with the correct header it returns 202. Rotate the secret by updating both the n8n credential and the custom-setting value.

GitHub Actions

Suggested secret names:

  • N8N_BASE_URL
  • N8N_API_KEY
  • SALESFORCE_AUTH_URL
  • SALESFORCE_TARGET_ORG