User vs Service Account

# Connecting n8n to OpenAI: Choosing the Right API Key (User vs. Service Account) When you're setting up a new OpenAI connection in n8n, you'll go to the OpenAI platform to create an API key. One of the first choices you face is whether the key should be owned by "You" (a regular user account) or a "Service account". While both will work, choosing the right one is important for making sure your automations are stable and secure. ### The Short Answer: Choose "Service Account" For connecting an application like n8n, the best practice is to **always choose a Service Account**. ### Understanding the Difference Let's break down what each option means and why the service account is the recommended choice. #### "Owned by You" API Key This is a standard API key that is tied directly to your personal user account within the OpenAI organization. - **How it works:** The key's permissions and access are linked to your user. - **The Risk:** If you leave the organization or your account is deactivated, **the API key is immediately disabled**. All of your n8n workflows that rely on this key will instantly break. - **Best for:** Quick personal tests, temporary development projects, or scripts that only you will ever use. #### "Service Account" API Key A service account is a non-human, programmatic "user" that is owned by the organization itself, not a specific person. - **How it works:** The key is independent of any single user account. It's designed specifically for applications, services, and automations to interact with the API. - **The Benefit:** If the person who created the key leaves the company, the key and all the n8n workflows that use it **will continue to function without interruption**. This provides stability and is crucial for any business-critical or team-based automation. - **Best for:** Production applications, automation platforms like n8n, and any situation where you need long-term stability. ### Step-by-Step Guide for n8n 1. **Navigate to OpenAI:** Go to the [API keys](https://platform.openai.com/api-keys "null") section of your OpenAI account. 2. **Create Key:** Click the **Create new secret key** button. 3. **Select Owner:** In the "Owned by" section, select **Service account**. 4. **Name Your Key:** Give it a descriptive name that you'll recognize, like `n8n-workflows` or `n8n-automation`. 5. **Choose Project:** Assign it to the appropriate project. 6. **Set Permissions:** For security, it's often best to start with "Restricted" permissions if you know exactly what the key needs. However, "All" is a safe choice to ensure full functionality within n8n. 7. **Create & Copy:** Click **Create secret key** and immediately copy the key to your clipboard. You will not be able to see it again. 8. **Paste into n8n:** Go back to your n8n credentials screen and paste the copied key into the `API Key` field. 9. **Save:** Click **Save** in n8n to finalize the connection. By using a Service Account key, you ensure that your n8n automations are robust, secure, and not dependent on a single person's account status. ### Bonus: Storing Your API Key Securely in 1Password Once you have your secret key, you should store it securely in a password manager like 1Password instead of a plain text file. The "API Credential" category is perfect for this. 1. In 1Password, click to create a **New Item**. 2. Choose the **API Credential** category. 3. Paste your secret key from OpenAI into the **credential** field. 4. For the **type** field, select **Bearer Token** from the dropdown menu. Here’s a quick guide to what these options mean and why **Bearer Token** is the correct one for OpenAI: - **Bearer Token**: **(Choose this one)**. This is a simple, powerful type of token. It means that whoever holds ("bears") the token is granted access. The OpenAI API key is a perfect example of this—it's a single, secret string that authorizes your requests. - **JSON Web Token (JWT)**: These are more complex, structured tokens containing data (called "claims") that is cryptographically signed. They are often used for stateless authentication where you need to securely pass user information between services. - **JSON Credentials**: This typically refers to a full JSON object containing multiple pieces of information needed to authenticate, such as a `client_id` and `client_secret`. It's common in OAuth 2.0 flows for service-to-service communication. - **Other**: A generic category for any credential type that doesn't fit the options above. 5. Fill out other fields for easy reference: - **username**: Your OpenAI account email. - **hostname**: `api.openai.com` - **notes**: Add a note like "Service Account key for n8n automation" so you remember its purpose. 6. **Save** the item. Now your key is stored securely and is easy to find if you ever need to use it in another application.