Automation Platforms: n8n & Make.com
What this guide is for¶
This guide walks you through connecting n8n and Make.com (formerly Integromat) to your SpeedPy instance using generic HTTP requests. No vendor-specific SDK or custom code is required — both platforms provide built-in HTTP modules that work with SpeedPy's REST API and bearer-token authentication.
By the end you will be able to read user profiles, list teams, and optionally receive webhook events inside your automation workflows.
Prerequisites¶
Before you begin, make sure you have:
- A running SpeedPy instance with a reachable base URL (e.g.
https://app.example.com) - A user account that is logged in and belongs to at least one team
- Access to the API docs (browsable at
/api/v1/or your configured API root) - Knowledge of which scopes your workflows need (see the table below)
| Scope | Grants access to |
|---|---|
read:profile |
GET /api/v1/me/ — authenticated user's profile |
read:teams |
GET /api/v1/teams/ — team listing and membership |
read:webhooks |
Read webhook subscriptions |
write:webhooks |
Create / update / delete webhook subscriptions |
Authentication¶
SpeedPy supports two machine-auth methods. For automation platforms, Personal Access Tokens (PATs) are the fastest path to a working integration:
| Method | When to use |
|---|---|
| PAT (bearer token) | Quick setup, scripts, internal automations. Recommended starting point. |
| OAuth2 Authorization Code + PKCE | Production / marketplace-style integrations where end-users authorize their own accounts. |
This guide focuses on PAT-based auth. If you need multi-user OAuth2, register an OAuth2 application with grant type Authorization Code and PKCE enabled, then configure your platform's OAuth2 credential with your /o/authorize/ and /o/token/ URLs. See the Integrations & Machine Auth page for details.
Create a PAT¶
- Navigate to
/accounts/tokens/in your SpeedPy instance. - Give the token a descriptive name (e.g.
n8n-productionormake-team-sync). - Select the minimum scopes your workflow needs:
read:profileif you only need/api/v1/me/read:teamsif you need team dataread:webhooks/write:webhooksonly if the workflow manages webhook subscriptions- Optionally set an expiry date — short-lived tokens reduce blast radius if leaked.
- Click Create and copy the token immediately. It starts with
spd_and is shown only once.
Warning
The raw token cannot be recovered after you leave the creation page. If you lose it, revoke it and create a new one.
Configure bearer auth in n8n¶
- In your n8n instance, go to Credentials → Add Credential → Header Auth.
- Set:
- Name:
SpeedPy PAT - Header Name:
Authorization - Header Value:
Bearer spd_your_token_here - Save the credential.
When building workflows, add an HTTP Request node and configure it:
- Method:
GET(orPOST,PATCH,DELETEas needed) - URL:
https://app.example.com/api/v1/me/ - Authentication: select your
SpeedPy PATcredential - Response Format: JSON
Tip
Create an n8n variable (or environment variable) for your base URL so you can change it in one place when moving between staging and production.
Configure bearer auth in Make.com¶
- Create a new scenario or open an existing one.
- Add an HTTP → Make a request module.
- Under Headers, add a header:
- Name:
Authorization - Value:
Bearer spd_your_token_here - Set:
- URL:
https://app.example.com/api/v1/me/ - Method:
GET - Parse response: Yes
Tip
In Make.com, create a Connection or use a data-store variable for the base URL and token so they are reusable across modules and scenarios.
Smoke test: /api/v1/me/¶
Send a GET request to /api/v1/me/ using the configuration above. A successful response looks like:
{
"id": 1,
"email": "you@example.com",
"first_name": "Jane",
"last_name": "Doe",
"display_name": "Jane Doe"
}
| Status | Meaning |
|---|---|
200 OK |
Token is valid and has the read:profile scope |
401 Unauthorized |
Token is missing, malformed, expired, or revoked |
403 Forbidden |
Token is valid but lacks the read:profile scope |
If you get 401, double-check that the header value is exactly Bearer spd_... (capital B, single space, no quotes around the token).
Call a team endpoint¶
Once the smoke test passes, try listing teams:
Required scope: read:teams
SpeedPy uses Django REST Framework's paginated response format:
{
"count": 2,
"next": null,
"previous": null,
"results": [
{
"id": "a1b2c3d4-...",
"name": "Acme Corp",
"slug": "acme-corp"
},
{
"id": "e5f6g7h8-...",
"name": "Side Project",
"slug": "side-project"
}
]
}
count— total number of items across all pages.next/previous— full URLs to the next/previous page, ornull.results— the current page of items.
Use the id from a team object in subsequent API calls (e.g. GET /api/v1/teams/{id}/members/).
Warning
If next is not null, there are more pages. In n8n, use a loop or the Split In Batches node. In Make.com, use a Repeater or Iterator module to follow pagination links until next is null.
Optional: webhook trigger setup¶
Tip
This section describes a pattern for pushing events from SpeedPy into your automation platform. It requires the write:webhooks scope and the owner or admin role on the team. Regular team members cannot manage webhook subscriptions.
Instead of polling SpeedPy on a schedule, you can have SpeedPy push events to your workflow in real time via webhooks.
Pattern¶
- Create a webhook trigger in your automation platform:
- n8n: add a Webhook node and copy the generated URL.
-
Make.com: add a Custom Webhook trigger module and copy the generated URL.
-
Register the webhook in SpeedPy by calling the webhook subscription API:
The response includes a one-time secret for signature verification.
-
Select events — subscribe only to the events your workflow needs (e.g.
team.member.added,team.invitation.created,user.profile.updated). Use["*"]to receive all events. -
Test delivery — trigger the event in SpeedPy (e.g. invite a team member) and confirm the payload arrives in your automation platform.
Signature verification¶
SpeedPy signs every webhook payload with an HMAC-SHA256 signature in the X-SpeedPy-Signature header. For high-security workflows, verify this signature in a code/function node before processing the payload. See the Webhooks page for the verification algorithm.
Warning
Most automation platforms do not verify webhook signatures by default. If you skip verification, ensure the webhook URL is not guessable and consider IP-allowlisting your SpeedPy instance.
Troubleshooting¶
| Symptom | Likely cause | Fix |
|---|---|---|
401 Unauthorized |
Token missing, expired, or revoked | Re-check the Authorization header; create a new PAT if expired |
403 Forbidden |
Token lacks the required scope | Edit the PAT (or create a new one) with the needed scope |
404 Not Found |
Wrong URL, missing trailing slash, or no access to the resource | Ensure the URL ends with / and the user belongs to the team |
429 Too Many Requests |
Rate limit exceeded | Read the Retry-After header and add a delay/wait module before retrying |
Empty results array |
User has no teams, or pagination not followed | Check team membership; follow next links for additional pages |
| Wrong base URL | Protocol or port mismatch | Verify the URL matches your deployment (http vs https, port number) |
| Connection refused | SpeedPy not running or not reachable | Confirm the instance is up and the automation platform can reach it (firewall, DNS) |
Security checklist¶
- Store PATs in your platform's credential/secret store — never paste tokens directly into step names, notes, or log outputs.
- Use least-privilege scopes — only grant the scopes each workflow actually needs.
- Rotate tokens regularly — set an expiry date and replace tokens before they expire.
- Avoid empty-scope PATs — a token with no scopes selected may default to full access depending on your configuration.
- Never paste tokens into step names or log messages — automation platforms often display these in run histories and audit logs.
- Use HTTPS — always connect to your SpeedPy instance over HTTPS in production.
curl verification snippets¶
Use these commands to verify your setup outside of n8n or Make.com. Replace YOUR_TOKEN and the base URL with your values.
Check your identity:
curl -s -H "Authorization: Bearer spd_YOUR_TOKEN" \
https://app.example.com/api/v1/me/ | python3 -m json.tool
List teams:
curl -s -H "Authorization: Bearer spd_YOUR_TOKEN" \
https://app.example.com/api/v1/teams/ | python3 -m json.tool
Check token validity (expect 200 or 401):
curl -s -o /dev/null -w "%{http_code}" \
-H "Authorization: Bearer spd_YOUR_TOKEN" \
https://app.example.com/api/v1/me/
Create a webhook subscription (requires write:webhooks):