By default, n8n can be accessed by everybody. This is okay if you only have it running locally but if you deploy it on a server which is accessible from the web, you have to make sure that n8n is protected.
Right now we have very basic protection in place using basic-auth. It can be activated by setting the following environment variables:
1 2 3
There is also limited support for JWT based authentication. If enabled, n8n will verify the token with the provided JSON Web Key Set URI. It can be configured through the following environment variables:
1 2 3