This article provides a complete, practical walkthrough of the Manual Stickynote Automation Triggered n8n agent. It connects HTTP Request, Webhook across approximately 1 node(s). Expect a Intermediate setup in 15-45 minutes. One‑time purchase: €29.

What This Agent Does

This agent orchestrates a reliable automation between HTTP Request, Webhook, handling triggers, data enrichment, and delivery with guardrails for errors and rate limits.

It streamlines multi‑step processes that would otherwise require manual exports, spreadsheet cleanup, and repeated API requests. By centralizing logic in n8n, it reduces context switching, lowers error rates, and ensures consistent results across teams.

Typical outcomes include faster lead handoffs, automated notifications, accurate data synchronization, and better visibility via execution logs and optional Slack/Email alerts.

How It Works

The workflow uses standard n8n building blocks like Webhook or Schedule triggers, HTTP Request for API calls, and control nodes (IF, Merge, Set) to validate inputs, branch on conditions, and format outputs. Retries and timeouts improve resilience, while credentials keep secrets safe.

Third‑Party Integrations

• HTTP Request
• Webhook

Import and Use in n8n

1. Open n8n and create a new workflow or collection.
2. Choose Import from File or Paste JSON.
3. Paste the JSON below, then click Import.
4. Show n8n JSON

   **Title:**
   TOTP Code Validation in n8n Without Using Credentials
   
   **Meta Description:**
   Learn how to create a secure Two-Factor Authentication (2FA) workflow in n8n using Python for TOTP validation—without creating or storing credentials. Ideal for verifying user login codes securely and efficiently.
   
   **Keywords:**
   n8n, TOTP, Two-Factor Authentication, Python, n8n workflow, TOTP validation, 2FA in n8n, time-based OTP, credential-free 2FA, secure authentication, n8n code node
   
   **Third-party APIs Used:**
   None. This workflow is fully self-contained and does not use any third-party APIs.
   
   ---
   
   **Article:**
   
   ## TOTP Code Validation in n8n Without Using Credentials
   
   Security is more important than ever, especially when it comes to user authentication. One of the most common methods for securing user login systems is through Two-Factor Authentication (2FA) using Time-based One-Time Passwords (TOTP). Popular apps like Google Authenticator and Authy implement TOTP to provide time-sensitive security codes.
   
   In this article, we’ll explore a lightweight, API-free way to validate TOTP codes using n8n—a powerful, open-source workflow automation platform. The key benefit of this method lies in its credential-free setup, eliminating the need for storing reusable authentication credentials.
   
   ### What This Workflow Does
   
   This n8n workflow verifies whether a TOTP code is valid for a given secret—completely within the logic of your automation, using only Python and base32 utilities inside a Code node. It’s perfect for authenticating codes submitted by users as part of custom login flows.
   
   ---
   
   ### Use Case Scenarios
   
   - Secure login validation using TOTP as the second authentication factor.
   - Validating 2FA codes within workflows without needing external services.
   - Custom authentication logic for web apps or internal tools built using n8n and databases like PostgreSQL or MongoDB.
   
   ---
   
   ### Workflow Breakdown
   
   Let's walk through how this workflow functions step-by-step:
   
   #### 1. Manual Trigger (Node: "When clicking 'Test workflow'")
   This node initiates the workflow manually. It’s useful for testing and debugging the logic by clicking "Execute Workflow" in n8n.
   
   #### 2. Set Example TOTP Code and Secret (Node: "EXAMPLE FIELDS")
   This node simulates input from a user by providing:
   - A TOTP secret in base32 format
   - A code to verify (e.g., 516620)
   
   These can be replaced with dynamically retrieved values from databases or user submissions in production.
   
   #### 3. Validate the TOTP Code (Node: "TOTP VALIDATION")
   This node contains a fully functional Python script that:
   - Decodes the base32 secret
   - Generates the expected TOTP code based on the current time
   - Compares the generated code to the input code from the user
   - Returns a status (1 for valid, 0 for invalid)
   
   Key components of the script:
   - Time intervals are managed based on Unix epoch time
   - Base32 decoding ensures the secret adheres to RFC 3548
   - The logic is aligned with the standard TOTP algorithm (RFC 6238)
   
   #### 4. Compare Result (Node: "IF CODE IS VALID")
   This conditional node routes the workflow based on the result from the previous step. If the TOTP code is valid (`status === 1`), the "true" path is taken. Otherwise, it continues down the "false" branch.
   
   From here, you can branch into further workflows—e.g., logging the user in, triggering alerts, retry attempts, or initiating recovery if too many failures occur.
   
   #### 5. (Optional) Sticky Note for Documentation
   n8n supports sticky notes for internal documentation. In this case, it explains configuration guidance, such as updating the TOTP secret and input code lines in the Python code (lines 39 and 40) for your own system.
   
   ---
   
   ### Benefits of This Approach
   
   - ✅ **No External API Required**: Eliminates reliance on third-party services or browser-based authenticator integrations.
   - ✅ **No Cred Storage Needed**: Bypasses the need for creating or storing credential-type data in n8n, improving security posture.
   - ✅ **Fully Customizable**: Adapt the logic and extend it to integrate with databases, CRMs, or other authentication rules as needed.
   - ✅ **Offline-Capable Validation**: Since this runs solely on algorithms and time, it works regardless of Internet connectivity (as long as system clocks are synced).
   
   ---
   
   ### Implementation Notes
   
   - Ensure your n8n instance has Python execution enabled in the Code node.
   - Time synchronization between user devices and your server is crucial—TOTP depends on matching the time window.
   - Extend this template by connecting to user databases to dynamically pull TOTP secrets during validation.
   
   ---
   
   ### Summary
   
   TOTP validation is a crucial component in secure authentication systems. With this n8n workflow, you can validate user-submitted 2FA codes without resorting to credentials or third-party APIs. It keeps your flows lean, secure, and under full control.
   
   Whether you're building a custom login portal, internal admin dashboard, or automated authentication process—this method gives you a simple yet extremely effective way to add TOTP validation to your toolkit.
   
   Get started by importing the workflow into your n8n instance, configuring a few fields, and building secure, real-time authentication into your applications—completely API-free.
   
   ---
   
   Explore more workflow automations with n8n at [https://n8n.io](https://n8n.io).

5. Set credentials for each API node (keys, OAuth) in Credentials.
6. Run a test via Execute Workflow. Inspect Run Data, then adjust parameters.
7. Enable the workflow to run on schedule, webhook, or triggers as configured.

Tips: keep secrets in credentials, add retries and timeouts on HTTP nodes, implement error notifications, and paginate large API fetches.

Validation: use IF/Code nodes to sanitize inputs and guard against empty payloads.

Why Automate This with AI Agents

AI‑assisted automations offload repetitive, error‑prone tasks to a predictable workflow. Instead of manual copy‑paste and ad‑hoc scripts, your team gets a governed pipeline with versioned state, auditability, and observable runs.

n8n’s node graph makes data flow transparent while AI‑powered enrichment (classification, extraction, summarization) boosts throughput and consistency. Teams reclaim time, reduce operational costs, and standardize best practices without sacrificing flexibility.

Compared to one‑off integrations, an AI agent is easier to extend: swap APIs, add filters, or bolt on notifications without rewriting everything. You get reliability, control, and a faster path from idea to production.

Best Practices

• Credentials: restrict scopes and rotate tokens regularly.
• Resilience: configure retries, timeouts, and backoff for API nodes.
• Data Quality: validate inputs; normalize fields early to reduce downstream branching.
• Performance: batch records and paginate for large datasets.
• Observability: add failure alerts (Email/Slack) and persistent logs for auditing.
• Security: avoid sensitive data in logs; use environment variables and n8n credentials.

FAQs

Can I swap integrations later? Yes. Replace or add nodes and re‑map fields without rebuilding the whole flow.

How do I monitor failures? Use Execution logs and add notifications on the Error Trigger path.

Does it scale? Use queues, batching, and sub‑workflows to split responsibilities and control load.

Is my data safe? Keep secrets in Credentials, restrict token scopes, and review access logs.