All skillsDisallow this.helpers.httpRequest() in functions that call this.getCredentials(). Use this.helpers.httpRequestWithAuthentication() instead (
Skillintermediate
Disallow this.helpers.httpRequest() in functions that call this.getCredentials(). Use this.helpers.httpRequestWithAuthentication() instead (`@n8n/comm
š¼ This rule is enabled in the following configs: ā `recommended`, āļø `recommendedWithoutN8nCloudSupport`.
Claude Code Knowledge Pack7/10/2026
Overview
Disallow this.helpers.httpRequest() in functions that call this.getCredentials(). Use this.helpers.httpRequestWithAuthentication() instead (@n8n/community-nodes/no-http-request-with-manual-auth)
š¼ This rule is enabled in the following configs: ā
recommended, āļø recommendedWithoutN8nCloudSupport.
Rule Details
When a function calls this.getCredentials() to retrieve credentials, it should use this.helpers.httpRequestWithAuthentication() for HTTP requests instead of this.helpers.httpRequest().
Manually extracting credentials and setting auth headers (e.g. Authorization) bypasses n8n's authentication layer, which provides:
- Consistent credential handling across all nodes
- Future improvements like token refresh and audit logging
- Better security review surface
Examples
ā Incorrect
async function apiRequest(this: IExecuteFunctions, endpoint: string) {
const credentials = await this.getCredentials('myServiceApi');
const options: IHttpRequestOptions = {
method: 'GET',
url: `https://api.example.com/${endpoint}`,
headers: {
Authorization: `Bearer ${credentials.apiKey}`,
},
};
return this.helpers.httpRequest(options);
}
ā Correct
async function apiRequest(this: IExecuteFunctions, endpoint: string) {
const options: IHttpRequestOptions = {
method: 'GET',
url: `https://api.example.com/${endpoint}`,
};
return this.helpers.httpRequestWithAuthentication.call(this, 'myServiceApi', options);
}
When to Disable
If a function genuinely retrieves credentials for a non-HTTP purpose (e.g. reading a config value) and also makes an unauthenticated HTTP request, you can suppress this rule with an inline comment:
// eslint-disable-next-line @n8n/community-nodes/no-http-request-with-manual-auth
return this.helpers.httpRequest(options);