Skip to main content

The Problem

n8n’s REST API (PUT /api/v1/workflows/{id}) silently detaches credential bindings when updating a workflow, even when credential IDs are preserved in the JSON payload. This is undocumented and causes every API-deployed workflow to fail on first execution.

The Protocol

We developed a mandatory post-deployment checklist, now codified in .opencode/skills/n8n-deployment.skill.md:

Pre-Deploy

  1. Strip the payload to only name, nodes, connections, settings — never send active, id, meta, pinData, versionId, or tags.
  2. If the workflow has duplicate/WIP nodes, strip them with a jq filter before pushing.
  3. Record the credential IDs for each node type (GitHub, Anthropic, SSH, etc.).

Deploy

curl -X PUT "https://hab.so1.io/api/v1/workflows/{id}" \
  -H "X-N8N-API-KEY: $KEY" \
  -H "Content-Type: application/json" \
  -d @workflow.json
Expect HTTP 200. This does NOT mean credentials are bound.

Post-Deploy (Critical)

  1. Open the workflow in the n8n editor at hab.so1.io.
  2. Click into every node that uses credentials.
  3. Re-select the credential from the dropdown — even though it already displays the correct name.
  4. Save the workflow in the editor.
  5. Run a manual test execution to verify all credential-dependent nodes succeed.

Known Credential IDs

CredentialIDUsed By
GitHub (Dev4rno)FhglvXmXMeC2SQTlFORGE
GitHub (TOMMY)tSg1ejqnd5r3clEgTOMMY
Anthropic (“google_ai_key”)PdEKB19B1R0PQ4thTOMMY
SSHInstance-level configTOMMY

Why This Matters

This is not a one-time issue. Every future workflow deployment via the API will require this protocol. The skill file ensures it survives context windows and session boundaries.