Skip to main content

Check JWT security of API endpoints with HTTP requests and Google Sheets

Workflow preview

Workflow preview
100%
Check JWT security of API endpoints with HTTP requests and Google Sheets preview
Open on n8n.io

1. Workflow Overview

Quick Overview This workflow reads API endpoints and JWTs from Google Sheets, tests each endpoint with multiple token scenarios using HTTP requests, and writes a risk scored security summary back t...

Best for

  • SecOps automation workflows
  • AI Summarization automation workflows
  • advanced n8n builders looking for reusable templates

Tools used

n8n-nodes-base.stickynote, n8n-nodes-base.manualtrigger, n8n-nodes-base.scheduletrigger, n8n-nodes-base.googlesheets, n8n-nodes-base.splitinbatches, n8n-nodes-base.code, n8n-nodes-base.httprequest, n8n-nodes-base.merge

Source and attribution

This workflow is cataloged by N8N Workflows and links back to its original n8n.io source page by Arminas B.

Original n8n.io source

1.1 Workflow description

Title
Check JWT security of API endpoints with HTTP requests and Google Sheets
Workflow name
Check JWT security of API endpoints with HTTP requests and Google Sheets

Quick Overview

This workflow reads API endpoints and JWTs from Google Sheets, tests each endpoint with multiple token scenarios using HTTP requests, and writes a risk-scored security summary back to Google Sheets.

How it works

  1. Triggers manually (or on an optional daily schedule).
  2. Loads the target Google Sheets document ID and the endpoint/results tab names.
  3. Reads endpoint definitions from Google Sheets and keeps only rows marked as active.
  4. For each endpoint, decodes the provided JWT and generates test variants (no auth, tampered payload, and alg:none).
  5. Sends HTTP requests to the endpoint using the valid token and, if that succeeds, repeats the request with each test token variant and captures the response status codes.
  6. Evaluates the status codes and token metadata to flag issues (for example, unauthenticated access, tampered token acceptance, alg:none acceptance, or missing exp) and assigns a risk level.
  7. Appends the timestamped results and summary to the results tab in Google Sheets.

Setup

  1. Create a Google Sheet with an endpoints tab containing columns like label, endpoint_url, method, token, and active, and a results tab with columns like timestamp, label, risk_level, t1_valid, t2_no_auth, t3_tampered, t4_alg_none, and summary.
  2. Add a Google Sheets Service Account credential in n8n and share the spreadsheet with the service account email.
  3. Update the Sheet ID and tab names in the workflow’s variables (Sheet ID, endpoints sheet name, and results sheet name).
  4. Ensure each endpoint row includes a valid JWT in the token column and set active to TRUE for endpoints you want to test.
  5. If you want it to run automatically, enable the schedule trigger and adjust the cron expression as needed.

1.2 Logical Blocks

This catalog entry is organized from the workflow JSON. The node-level section below shows the executable blocks available for review before importing the template.

2. Block-by-Block Analysis

Block 1 - Sticky Note

Type / Role
n8n-nodes-base.stickyNote - stickyNote
Config choices
Version 1

Block 2 - Sticky Note1

Type / Role
n8n-nodes-base.stickyNote - stickyNote
Config choices
Version 1

Block 3 - Sticky Note2

Type / Role
n8n-nodes-base.stickyNote - stickyNote
Config choices
Version 1

Block 4 - Sticky Note3

Type / Role
n8n-nodes-base.stickyNote - stickyNote
Config choices
Version 1

Block 5 - Sticky Note4

Type / Role
n8n-nodes-base.stickyNote - stickyNote
Config choices
Version 1

Block 6 - Sticky Note5

Type / Role
n8n-nodes-base.stickyNote - stickyNote
Config choices
Version 1

Block 7 - Sticky Note6

Type / Role
n8n-nodes-base.stickyNote - stickyNote
Config choices
Version 1

Block 8 - Sticky Note7

Type / Role
n8n-nodes-base.stickyNote - stickyNote
Config choices
Version 1

Block 9 - Sticky Note8

Type / Role
n8n-nodes-base.stickyNote - stickyNote
Config choices
Version 1

Block 10 - When Triggered Manually

Type / Role
n8n-nodes-base.manualTrigger - manualTrigger
Config choices
Version 1

Block 11 - When Daily at 08:00

Type / Role
n8n-nodes-base.scheduleTrigger - scheduleTrigger
Config choices
Version 1.1

Block 12 - Read from Sheets

Type / Role
n8n-nodes-base.googleSheets - googleSheets
Config choices
Version 4

Block 13 - Loop Over Endpoint Batches

Type / Role
n8n-nodes-base.splitInBatches - splitInBatches
Config choices
Version 3

Block 14 - Decode JWT and Build Tokens

Type / Role
n8n-nodes-base.code - code
Config choices
Version 2

Block 15 - Analyze JWT Results

Type / Role
n8n-nodes-base.code - code
Config choices
Version 2

Block 16 - Append to Sheets

Type / Role
n8n-nodes-base.googleSheets - googleSheets
Config choices
Version 4

Block 17 - Validate Token via HTTP

Type / Role
n8n-nodes-base.httpRequest - httpRequest
Config choices
Version 4.2

Block 18 - HTTP Request No Auth

Type / Role
n8n-nodes-base.httpRequest - httpRequest
Config choices
Version 4.2

Block 19 - Tampered Token HTTP Request

Type / Role
n8n-nodes-base.httpRequest - httpRequest
Config choices
Version 4.2

Block 20 - Algorithm None HTTP Request

Type / Role
n8n-nodes-base.httpRequest - httpRequest
Config choices
Version 4.2

Block 21 - Extract Valid Token Status

Type / Role
n8n-nodes-base.code - code
Config choices
Version 2

Block 22 - Extract No Auth Status

Type / Role
n8n-nodes-base.code - code
Config choices
Version 2

Block 23 - Extract Tampered Status

Type / Role
n8n-nodes-base.code - code
Config choices
Version 2

Block 24 - Extract Alg None Status

Type / Role
n8n-nodes-base.code - code
Config choices
Version 2

Showing the first 24 of 32 workflow blocks. Download the JSON for the full node graph.

3. Summary Table

Workflow Check JWT security of API endpoints with HTTP requests and Google Sheets
Complexity advanced
Nodes 32
Categories SecOps, AI Summarization
Author Arminas B
Published 15 Jun 2026

4. Reproducing the Workflow from Scratch

  1. 1. Download the workflow JSON

    Use the JSON export at /data/workflows/16388/16388.json as the source template for this automation.

  2. 2. Import the template into n8n

    Open n8n, import the downloaded JSON, and review each node before activating the workflow.

  3. 3. Configure credentials and variables

    Replace placeholder credentials, API keys, webhook URLs, account IDs, and environment-specific values with your own settings.

  4. 4. Test with sample data

    Run the workflow manually or in a staging workspace, inspect node output, and confirm downstream systems receive the expected data.

  5. 5. Activate and monitor

    Enable the workflow only after testing, then monitor executions, errors, and rate limits during the first production runs.

5. General Notes & Resources

Review imported nodes carefully before activation. This catalog entry is intended to help you inspect the workflow structure, understand required services, and find related templates faster.

Node names, credentials, schedules, webhook paths, and external service limits may need adjustment for your workspace.

Frequently asked questions

What does Check JWT security of API endpoints with HTTP requests and Google Sheets do?

Quick Overview This workflow reads API endpoints and JWTs from Google Sheets, tests each endpoint with multiple token scenarios using HTTP requests, and writes a risk scored security summary back t...

What do I need before importing this workflow?

Review the workflow JSON, configure any required credentials in n8n, and test the automation in a safe workspace before using it in production.

Can I customize this workflow?

Yes. Use the block-by-block analysis and the downloadable JSON to inspect each node, then adjust credentials, prompts, schedules, filters, or destinations for your SecOps, AI Summarization use case.