Skip to content

Automation Platforms: n8n & Make.com

What this guide is for

This guide walks you through connecting n8n and Make.com (formerly Integromat) to your SpeedPy instance using generic HTTP requests. No vendor-specific SDK or custom code is required — both platforms provide built-in HTTP modules that work with SpeedPy's REST API and bearer-token authentication.

By the end you will be able to read user profiles, list teams, and optionally receive webhook events inside your automation workflows.

Prerequisites

Before you begin, make sure you have:

  • A running SpeedPy instance with a reachable base URL (e.g. https://app.example.com)
  • A user account that is logged in and belongs to at least one team
  • Access to the API docs (browsable at /api/v1/ or your configured API root)
  • Knowledge of which scopes your workflows need (see the table below)
Scope Grants access to
read:profile GET /api/v1/me/ — authenticated user's profile
read:teams GET /api/v1/teams/ — team listing and membership
read:webhooks Read webhook subscriptions
write:webhooks Create / update / delete webhook subscriptions

Authentication

SpeedPy supports two machine-auth methods. For automation platforms, Personal Access Tokens (PATs) are the fastest path to a working integration:

Method When to use
PAT (bearer token) Quick setup, scripts, internal automations. Recommended starting point.
OAuth2 Authorization Code + PKCE Production / marketplace-style integrations where end-users authorize their own accounts.

This guide focuses on PAT-based auth. If you need multi-user OAuth2, register an OAuth2 application with grant type Authorization Code and PKCE enabled, then configure your platform's OAuth2 credential with your /o/authorize/ and /o/token/ URLs. See the Integrations & Machine Auth page for details.

Create a PAT

  1. Navigate to /accounts/tokens/ in your SpeedPy instance.
  2. Give the token a descriptive name (e.g. n8n-production or make-team-sync).
  3. Select the minimum scopes your workflow needs:
  4. read:profile if you only need /api/v1/me/
  5. read:teams if you need team data
  6. read:webhooks / write:webhooks only if the workflow manages webhook subscriptions
  7. Optionally set an expiry date — short-lived tokens reduce blast radius if leaked.
  8. Click Create and copy the token immediately. It starts with spd_ and is shown only once.

Warning

The raw token cannot be recovered after you leave the creation page. If you lose it, revoke it and create a new one.

Configure bearer auth in n8n

  1. In your n8n instance, go to Credentials → Add Credential → Header Auth.
  2. Set:
  3. Name: SpeedPy PAT
  4. Header Name: Authorization
  5. Header Value: Bearer spd_your_token_here
  6. Save the credential.

When building workflows, add an HTTP Request node and configure it:

  • Method: GET (or POST, PATCH, DELETE as needed)
  • URL: https://app.example.com/api/v1/me/
  • Authentication: select your SpeedPy PAT credential
  • Response Format: JSON

Tip

Create an n8n variable (or environment variable) for your base URL so you can change it in one place when moving between staging and production.

Configure bearer auth in Make.com

  1. Create a new scenario or open an existing one.
  2. Add an HTTP → Make a request module.
  3. Under Headers, add a header:
  4. Name: Authorization
  5. Value: Bearer spd_your_token_here
  6. Set:
  7. URL: https://app.example.com/api/v1/me/
  8. Method: GET
  9. Parse response: Yes

Tip

In Make.com, create a Connection or use a data-store variable for the base URL and token so they are reusable across modules and scenarios.

Smoke test: /api/v1/me/

Send a GET request to /api/v1/me/ using the configuration above. A successful response looks like:

{
  "id": 1,
  "email": "you@example.com",
  "first_name": "Jane",
  "last_name": "Doe",
  "display_name": "Jane Doe"
}
Status Meaning
200 OK Token is valid and has the read:profile scope
401 Unauthorized Token is missing, malformed, expired, or revoked
403 Forbidden Token is valid but lacks the read:profile scope

If you get 401, double-check that the header value is exactly Bearer spd_... (capital B, single space, no quotes around the token).

Call a team endpoint

Once the smoke test passes, try listing teams:

GET /api/v1/teams/

Required scope: read:teams

SpeedPy uses Django REST Framework's paginated response format:

{
  "count": 2,
  "next": null,
  "previous": null,
  "results": [
    {
      "id": "a1b2c3d4-...",
      "name": "Acme Corp",
      "slug": "acme-corp"
    },
    {
      "id": "e5f6g7h8-...",
      "name": "Side Project",
      "slug": "side-project"
    }
  ]
}
  • count — total number of items across all pages.
  • next / previous — full URLs to the next/previous page, or null.
  • results — the current page of items.

Use the id from a team object in subsequent API calls (e.g. GET /api/v1/teams/{id}/members/).

Warning

If next is not null, there are more pages. In n8n, use a loop or the Split In Batches node. In Make.com, use a Repeater or Iterator module to follow pagination links until next is null.

Optional: webhook trigger setup

Tip

This section describes a pattern for pushing events from SpeedPy into your automation platform. It requires the write:webhooks scope and the owner or admin role on the team. Regular team members cannot manage webhook subscriptions.

Instead of polling SpeedPy on a schedule, you can have SpeedPy push events to your workflow in real time via webhooks.

Pattern

  1. Create a webhook trigger in your automation platform:
  2. n8n: add a Webhook node and copy the generated URL.
  3. Make.com: add a Custom Webhook trigger module and copy the generated URL.

  4. Register the webhook in SpeedPy by calling the webhook subscription API:

POST /api/v1/teams/{team_id}/webhooks/
{
  "url": "https://your-n8n-or-make-webhook-url",
  "events": ["team.member.added"]
}

The response includes a one-time secret for signature verification.

  1. Select events — subscribe only to the events your workflow needs (e.g. team.member.added, team.invitation.created, user.profile.updated). Use ["*"] to receive all events.

  2. Test delivery — trigger the event in SpeedPy (e.g. invite a team member) and confirm the payload arrives in your automation platform.

Signature verification

SpeedPy signs every webhook payload with an HMAC-SHA256 signature in the X-SpeedPy-Signature header. For high-security workflows, verify this signature in a code/function node before processing the payload. See the Webhooks page for the verification algorithm.

Warning

Most automation platforms do not verify webhook signatures by default. If you skip verification, ensure the webhook URL is not guessable and consider IP-allowlisting your SpeedPy instance.

Troubleshooting

Symptom Likely cause Fix
401 Unauthorized Token missing, expired, or revoked Re-check the Authorization header; create a new PAT if expired
403 Forbidden Token lacks the required scope Edit the PAT (or create a new one) with the needed scope
404 Not Found Wrong URL, missing trailing slash, or no access to the resource Ensure the URL ends with / and the user belongs to the team
429 Too Many Requests Rate limit exceeded Read the Retry-After header and add a delay/wait module before retrying
Empty results array User has no teams, or pagination not followed Check team membership; follow next links for additional pages
Wrong base URL Protocol or port mismatch Verify the URL matches your deployment (http vs https, port number)
Connection refused SpeedPy not running or not reachable Confirm the instance is up and the automation platform can reach it (firewall, DNS)

Security checklist

  • Store PATs in your platform's credential/secret store — never paste tokens directly into step names, notes, or log outputs.
  • Use least-privilege scopes — only grant the scopes each workflow actually needs.
  • Rotate tokens regularly — set an expiry date and replace tokens before they expire.
  • Avoid empty-scope PATs — a token with no scopes selected may default to full access depending on your configuration.
  • Never paste tokens into step names or log messages — automation platforms often display these in run histories and audit logs.
  • Use HTTPS — always connect to your SpeedPy instance over HTTPS in production.

curl verification snippets

Use these commands to verify your setup outside of n8n or Make.com. Replace YOUR_TOKEN and the base URL with your values.

Check your identity:

curl -s -H "Authorization: Bearer spd_YOUR_TOKEN" \
  https://app.example.com/api/v1/me/ | python3 -m json.tool

List teams:

curl -s -H "Authorization: Bearer spd_YOUR_TOKEN" \
  https://app.example.com/api/v1/teams/ | python3 -m json.tool

Check token validity (expect 200 or 401):

curl -s -o /dev/null -w "%{http_code}" \
  -H "Authorization: Bearer spd_YOUR_TOKEN" \
  https://app.example.com/api/v1/me/

Create a webhook subscription (requires write:webhooks):

curl -s -X POST \
  -H "Authorization: Bearer spd_YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://your-webhook-url", "events": ["team.member.added"]}' \
  https://app.example.com/api/v1/teams/TEAM_ID/webhooks/ | python3 -m json.tool