Integrations

n8n quickstart

Wire your AAU API key into n8n with a Header Auth credential, import the test workflow, and verify your connection works end-to-end in under five minutes.

No custom node required (yet)

n8n's built-in HTTP Request node plus a Header Auth credential is enough to drive the entire AAU public API today. A dedicated n8n-nodes-aau community node is on the roadmap; for now this pattern works against every endpoint documented in the sidebar.

What you'll do#

Mint an API key from your AAU agency settings.
Add a Header Auth credential in n8n with the bearer token.
Import our test workflow (downloadable below).
Click into each HTTP Request node and bind the credential — this is the step most first-timers miss.
Run the workflow and confirm a 200 OK with your tenant info.

Step 1 — Mint your API key#

Sign in to AAU and go to Settings → API Keys. Click Create Agency key, give it a name (e.g. “n8n integration”), and click Create Key.

Copy the key now — it isn't shown again

The cleartext value (gc_live_…) only appears once, immediately after creation. Paste it into your password manager before closing the modal. Only the last four characters are stored after that, so we can't recover it later — you'd need to rotate.

Two key shapes are available:

Agency key (gc_live_…) — full access across every client in your organization. Add an X-Gary-Client-Id header on a request to act on a specific client's data.
Per-client key (cl_live_…) — bound to one client. Cleaner when you're building a flow that only manages one customer.

Step 2 — Add the Header Auth credential in n8n#

In n8n, open Credentials → New and search for Header Auth. Fill in:

Field	Value
Name	`Authorization`
Value	`Bearer gc_live_EXAMPLE_AbCdEfGhIj0123456789`

Replace the example value with your real key, keeping the literal word Bearer followed by a single space and then your gc_live_… token. Click the credential's title at the top of the modal (default “ Header Auth account”) to rename it to something recognizable like Gary Club Agency — that's the label you'll see in node credential pickers.

"Name" is the HTTP header name, not a nickname

This trips most people up: in n8n's Header Auth credential, the Name field is the literal HTTP header name sent on every request. It must be Authorization. The credential's nickname (what shows up in dropdowns) is the title at the top of the modal.

Step 3 — Import the test workflow#

Download the workflow file or copy the JSON below. The workflow has a Manual Trigger feeding two HTTP Request nodes: Who am I? (calls /v1/me — a no-FUEL, no-scope introspection endpoint) and List 1 Contact (proves end-to-end CRM read).

↓ Download n8n-aau-quickstart.json

In n8n: open the workflows menu (the ⋯ icon next to the workflow title or the New Workflow dropdown), choose Import from File, and select the downloaded JSON. Or paste the JSON directly via Import from URL/clipboard:

JSON

{
  "name": "AAU API — Credential Test",
  "nodes": [
    {
      "parameters": {},
      "id": "b8f3a9c1-2e7d-4b3a-9f1c-d2a8e6b4c1a5",
      "name": "Manual Trigger",
      "type": "n8n-nodes-base.manualTrigger",
      "typeVersion": 1,
      "position": [240, 300]
    },
    {
      "parameters": {
        "url": "https://agency.gary.club/api/public/v1/me",
        "authentication": "genericCredentialType",
        "genericAuthType": "httpHeaderAuth",
        "options": {}
      },
      "id": "e3d7b2a4-9c5f-4a8e-b1d6-7f3a9c8e2b4d",
      "name": "Who am I?",
      "type": "n8n-nodes-base.httpRequest",
      "typeVersion": 4.2,
      "position": [480, 300]
    },
    {
      "parameters": {
        "url": "https://agency.gary.club/api/public/v1/crm/contacts",
        "authentication": "genericCredentialType",
        "genericAuthType": "httpHeaderAuth",
        "sendQuery": true,
        "queryParameters": {
          "parameters": [
            { "name": "limit", "value": "1" }
          ]
        },
        "options": {}
      },
      "id": "f1a8c3b6-4d2e-4c7a-9b5f-8e3d1a6c4b9e",
      "name": "List 1 Contact",
      "type": "n8n-nodes-base.httpRequest",
      "typeVersion": 4.2,
      "position": [720, 300]
    }
  ],
  "connections": {
    "Manual Trigger": {
      "main": [[{ "node": "Who am I?", "type": "main", "index": 0 }]]
    },
    "Who am I?": {
      "main": [[{ "node": "List 1 Contact", "type": "main", "index": 0 }]]
    }
  },
  "active": false,
  "settings": { "executionOrder": "v1" },
  "tags": []
}

Step 4 — Bind the credential to each HTTP Request node#

This is the step that breaks most first-time imports

n8n cannot auto-bind a credential by name when importing JSON — it needs an internal credential ID. After import, you'll see the workflow load successfully but the HTTP Request nodes will throw Credentials not found on first execute. Fix it by clicking into each node and selecting your credential.

Click the Who am I? node to open it.
Find the Credential for Header Auth dropdown (under the Authentication field).
Select the credential you created in Step 2 (e.g. Gary Club Agency).
Close the node, then repeat for the List 1 Contact node. Each HTTP Request node carries its own credential reference — they don't inherit.
Save the workflow (⌘S / Ctrl+S).

Step 5 — Run it#

Click Test workflow. The Manual Trigger fires, passes through Who am I? (calls /v1/me), then through List 1 Contact (calls /v1/crm/contacts?limit=1). You should see green checkmarks on every node within a second or two.

Open the Who am I? output panel — you'll see something like this:

JSON

{
  "api_key": {
    "id": "...",
    "name": "Agency key",
    "prefix": "gc_live_",
    "kind": "agency",
    "scopes": [],
    "rate_limit_per_minute": 60,
    "expires_at": null,
    "tag": null
  },
  "tenant": {
    "org_id": "<your-org-uuid>",
    "client_id": null,
    "is_client_scoped": false
  }
}

Key things to confirm in the response:

api_key.kind matches the key shape you minted (agency or client).
tenant.org_id is your real organization UUID (a sanity check that you're hitting your tenant, not someone else's).
tenant.is_client_scoped reflects whether the key is a per-client key.

The List 1 Contact output will be either one contact row from your CRM (proving read access) or an empty data: [] array if you don't have any contacts yet — both are success cases.

Troubleshooting#

Credentials not found on every node

You skipped Step 4. Open each HTTP Request node and bind the credential. n8n imports do not carry credential bindings.

401 Unauthorized

The Authorization header value is wrong. Most common cause: you pasted the key without the Bearer prefix (the literal word “Bearer” followed by a single space). Open the credential, fix the Value field, save, and re-run.

403 Forbidden

The key authenticated but lacks scope for the requested endpoint. Agency keys (gc_live_…) should have full access by default; if you see this on /v1/me or /v1/crm/contacts, contact us — it shouldn't happen.

429 Too Many Requests

You've exceeded the per-key rate limit (default 60 req /min). The Retry-After response header tells you how many seconds to wait. To raise the limit, mint a fresh key and set a higher rate_limit_per_minute in the advanced create form (max 600).

Name field rejected as “invalid”

n8n's Header Auth doesn't allow leading/trailing spaces or the colon character. Use exactly Authorization with no other characters.

Next steps#

Now that the connection is verified, common patterns to build:

Form → Contact upsert: web form submission (n8n's Webhook trigger) → POST /v1/crm/contacts. The endpoint is idempotent on email/phone, so duplicate submissions don't pile up.
SMS reply automation: subscribe to the sms.received webhook → run logic in n8n → call POST /v1/sms/messages to reply.
Lead routing: new contact in n8n → check enrichment data → conditionally enroll in a sequence or an SDR campaign.
Two-way deal sync: on deal.stage_changed webhook → push to your warehouse / Slack / dashboard.

See Webhooks for outbound event subscriptions and Authentication for the full picture on key shapes, the act-as-client header, and rotation.