n8n-nodes-api-key-validator/README.md

N8N Community Node for validating API keys, tokens and sensitive authentication data

# N8N API Key Validator Node

A community node for N8N focused on validating API keys, tokens, and sensitive data with maximum security and multiple input modes.

## 🔐 Main Features

- ✅ **Multiple Input Modes**: Direct input, Environment Variables, or JavaScript Code
- 🛡️ **Advanced Data Masking**: Automatically hides sensitive data in output
- 🚫 **Secure Validation**: If invalid → stops workflow, if valid → passes masked data
- 🎯 **Perfect for Webhooks**: Ideal for validating authentication on endpoints
- 📊 **Validation Confirmation**: Clear feedback when validation passes

## 🔍 How It Works

### Security Behavior
1. **✅ Validation PASSED**: Node passes all original data (with sensitive values masked) to the next node
2. **❌ Validation FAILED**: Workflow stops immediately with custom error message

### Input Modes
- **Direct Input**: Enter API key directly (may show in debug area)
- **Environment Variable**: Use system environment variables (most secure)
- **Code Expression**: Use JavaScript code for maximum flexibility

### Validation Types
- **Exact Match**: API key must match exactly
- **Starts With**: API key must start with expected prefix  
- **Contains**: API key must contain expected substring

## 🔧 Configuration

### Input Mode Options

#### 1. Direct Input Mode
```
Input Mode: Direct Input
Input Key: ••••••••••••••••••••••••••••••••••
```

#### 2. Environment Variable Mode
```
Input Mode: Environment Variable
Environment Variable Name: API_KEY
```
*Configure: `API_KEY=your-secret-key` in your system*

#### 3. Code Expression Mode
```
Input Mode: Code Expression
JavaScript Code:
// Return the API key to validate
return $env.API_KEY;
// or
return $json.headers['x-api-key'];
```

### Other Fields
- **Expected Key**: Your secret key (supports expressions, hidden for security)
- **Validation Type**: How to validate (Exact Match, Starts With, Contains)
- **Case Sensitive**: Whether to consider uppercase/lowercase
- **Error Message**: Custom error message

## 🚀 Usage Examples

### Example 1: Environment Variable Mode (Most Secure)

1. **System Setup**: Set environment variable `API_KEY=sk-1234567890abcdef`
2. **Security Validator Configuration**:
   - Input Mode: Environment Variable
   - Environment Variable Name: `API_KEY`
   - Expected Key: `sk-1234567890abcdef`
   - Validation Type: Exact Match

```json
// Webhook Input:
{
  "headers": {
    "x-api-key": "sk-1234567890abcdef"
  },
  "body": { "data": "important" }
}

// Security Validator Output:
{
  "headers": {
    "x-api-key": "***HIDDEN***"  // ← Masked for security
  },
  "body": { "data": "important" },
  "_validation": {
    "status": "VALID",
    "message": "API key validation passed successfully",
    "timestamp": "2025-01-28T10:00:00Z",
    "validationType": "equals"
  }
}
```

### Example 2: Code Expression Mode (Most Flexible)

```javascript
// JavaScript Code in Security Validator:
// Check multiple possible locations for API key
return $json.headers['x-api-key'] || 
       $json.headers['authorization'] || 
       $json.query.api_key ||
       $env.FALLBACK_API_KEY;
```

### Example 3: Direct Input Mode (Simple)

- Input Key: `{{$json.headers['x-api-key']}}`
- Expected Key: Your secret key (hidden)

## 🔒 Security Features

### Data Masking
- **Automatic Detection**: Masks API keys, tokens, passwords, and numeric IDs
- **Smart Patterns**: Detects 8+ digit numbers, sensitive keywords
- **Output Protection**: Sensitive values appear as `***HIDDEN***` in output

### Input Security
- **Password Fields**: All sensitive inputs are hidden
- **Environment Variables**: Most secure option - no data exposure
- **Code Expressions**: Flexible but secure execution context

### Validation Feedback
```json
"_validation": {
  "status": "VALID",
  "message": "API key validation passed successfully",
  "timestamp": "2025-01-28T10:00:00Z",
  "validationType": "equals"
}
```

## 📦 Installation

```bash
npm install n8n-nodes-api-key-validator
```

## 🎯 Use Cases

- Validate API keys in webhooks
- Verify authentication tokens
- Validate user or session IDs
- Control access based on specific values
- Filter data based on security criteria

## 🛠️ Development

```bash
# Install dependencies
npm install

# Build
npm run build

# Development with watch
npm run dev

# Lint
npm run lint

# Format
npm run format
```

## 🔄 Changelog

### v1.1.2 (Current)
- ✅ Multiple input modes (Direct, Environment Variable, Code Expression)
- ✅ Advanced data masking for sensitive values
- ✅ Improved security for numeric IDs and tokens
- ✅ Expression support for Expected Key field
- ✅ Validation confirmation in output

### v1.1.x
- ✅ Enhanced data masking algorithms
- ✅ Code expression mode for flexibility
- ✅ Environment variable support

### v1.0.x
- ✅ Basic API key validation
- ✅ Hidden password fields
- ✅ Simple pass/stop behavior

## � License

MIT

## 🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

## 🐛 Issues

If you encounter any issues, please report them on the [GitHub repository](https://github.com/kiro-dev/n8n-nodes-api-key-validator/issues).

## 📞 Support

For support and questions, please use the GitHub issues or discussions.