n8n & Airlock Gateway
Community nodes for human-in-the-loop approvals in automated workflows
Overview
The @airlockapp/n8n-nodes-airlock package adds Airlock Gateway integration to n8n. It provides two nodes so workflows can pause for encrypted, human-in-the-loop decisions on the Airlock mobile app.
For the developer programme, enforcer apps, gateway credentials, and pairing, see the Developer Guide and Airlock Apps.
Credentials: Airlock Gateway API
Configure a single Airlock Gateway API credential in n8n before using the nodes.
General settings
- Gateway URL — Base URL of your Airlock Integrations Gateway.
- Enforcer ID — Identifies this n8n instance or workflow context.
- Workspace & Repository Name (optional) — Shown on the mobile context card.
- Wait Timeout (Seconds) — How long to wait for an approver (default 60).
- Fail Mode — Fail Closed stops the workflow on timeout or connection errors; Fail Open treats failures like an approval and continues.
Secure parameters
- Personal Access Token (PAT) — User or service token; easiest default. Mutually exclusive with Client ID/Secret in the credential model.
- Client ID & Client Secret — For machine-to-machine style use without a tied user PAT.
- Device Code — Used only during the one-time pairing flow.
- Encryption Key & Routing Token — Do not set manually. Run the Airlock Echo node in Pair mode so E2EE negotiation can fill these fields (see below).
Airlock Echo node
Used for setup and connectivity checks.
Pair Device (one-time)
- Enter the pre-generated device code from the mobile app into the gateway credentials.
- Run Echo in Pair Device mode.
- The node completes the X25519 pairing flow and writes the Encryption Key and Routing Token back into the credential.
Echo / consent check
Use in live workflows to confirm the gateway is reachable. If Fail If Consent Not Approved is enabled, the node stops when the enforcer has not been granted global permission from the mobile app.
Airlock Enforcer node
Pauses the workflow, sends an encrypted payload to the approver’s device, polls with heartbeats, and resumes only after an approve/reject decision (or custom actions mapped to the same HARP values).
- Artifact Type & Request Label — Drive how the request appears in the app.
- Payload Mode — Raw Text shows monospace content; JSON (e.g. from an n8n expression like
={{ $json }}) renders top-level keys as labeled rows. - Requested Actions — Presets such as Approve/Reject or custom buttons (e.g. primary/danger styles mapped to HARP
approve/reject). - Decision delivery ack — After a decision is received, the node sends a non-blocking
POST /v1/acksto the gateway so delivery is recorded (same pattern as the Gateway SDKs’ fire-and-forget ack).
Sample workflow
The upstream README includes a full algorithmic trading desk example: scheduled trigger, connectivity/consent check, randomized signals, branching by risk, two enforcer nodes with different action presets, and final execute/cancel branches. The workflow is provided as JSON you can paste into n8n to import the graph.
Copy the JSON from the package README on GitHub.
Sample flow in n8n
Click the image for a fullscreen view. Use the thumbnails or arrow keys to switch between light and dark screenshots.
Local development with Docker
To hack on the nodes, build the TypeScript package (npm run build), then run n8n in Docker with the repo bind-mounted into custom/node_modules/@airlockapp/n8n-nodes-airlock. The Echo node updates credentials through n8n’s API during pairing, so you must set N8N_API_KEY in the container environment. A minimal docker-compose example is in the same README.
Related documentation
- Developer Guide — platform, gateway, and lifecycle.
- Airlock Apps — client ID, secrets, and consent concepts.
- Gateway Client SDKs — same APIs from code.