Gitpulse
Merged
Size
XL
Change Breakdown
Feature75%
Config15%
Maintenance10%
#27593feat: Add AI Gateway support for AI nodes

AI nodes now work through n8n's managed gateway

AI nodes now work through n8n's managed gateway
MI
michael-radency
·Apr 7, 2026

Users can now connect AI nodes to OpenAI, Anthropic, and other providers through n8n's managed gateway instead of configuring their own API keys — n8n handles authentication and billing automatically.

AI workflow builders have historically needed to manage personal API keys for every AI provider they used — a friction point that added setup overhead and security considerations. This PR introduces the AI Gateway, a managed proxy layer that handles AI provider authentication on the user's behalf.

When users enable the gateway on a node credential slot, n8n stores a marker instead of a real credential. At execution time, the credential system detects this marker and fetches a short-lived JWT from the gateway, returning a synthetic credential that points nodes at the gateway endpoint. The node code remains completely unaware — it behaves as if it received a normal credential.

JWTs are cached per user (up to 500 entries) and proactively refreshed at 90% of their lifetime, minimizing latency during workflow runs. Gateway configuration — which nodes and credential types are supported, provider routing, field mappings — is cached locally with a one-hour TTL, so new providers can be added on the gateway side without code changes.

On the frontend, a per-node toggle lets users switch between their own credentials and the gateway. When enabled, a badge shows remaining credits. A new settings page displays a paginated usage log with date, provider, model, token counts, and credits deducted per request. The feature is gated by both a PostHog experiment flag and a backend license feature, and stale gateway-managed credentials are automatically cleaned up when the feature is disabled.

View Original GitHub Description

Summary

<img width="557" height="359" alt="image" src="https://github.com/user-attachments/assets/bb5966c5-6d60-436b-9f57-e5be070f2fa0" />

AI Gateway lets users run supported AI nodes (OpenAI, Anthropic, Google, etc.) through n8n's managed proxy — no personal API keys required. n8n authenticates to the provider on the user's behalf using a credit-based system, making it easy to get started with AI workflows without any credential setup.

How it works

When a user enables the gateway on a node credential field, n8n stores a marker (__aiGatewayManaged: true) instead of a real credential. At execution time, the credential helper detects this marker and calls AiGatewayService.getSyntheticCredential(), which fetches a short-lived JWT from the gateway and returns a synthetic credential pointing to the gateway endpoint. The node code is completely unaware — it behaves as if it received a normal credential.

JWTs are cached per user (up to 500 entries) and proactively refreshed at 90% of their lifetime. Gateway configuration (supported nodes, provider routing, field mappings) is cached locally with a 1-hour TTL, so new providers can be added on the gateway side without n8n code changes.

What's included

Backend

  • AiGatewayService: synthetic credential generation, JWT lifecycle management, config + usage fetching
  • CredentialsHelper: intercepts __aiGatewayManaged credentials and delegates to the service
  • New /ai/gateway/config and /ai/gateway/usage endpoints

Frontend

  • Per-node toggle in NodeCredentials — enables the gateway for that credential slot and restores the previous real credential when turned off; workflow is auto-saved after toggle
  • Remaining credits badge shown inline when the gateway is active
  • Node creator tags gateway-compatible nodes with a "Free Credits" badge (when experiment is active)
  • aiGateway store + useAiGateway composable for config/credit state
  • Settings page: paginated usage log per request — date, provider, model, input/output tokens, credits deducted
  • ai_gateway PostHog experiment flag + settings.aiGateway.enabled backend flag (both must be active)
  • Cleanup on disable: stale gateway-managed credentials are removed from nodes automatically
<!-- Describe what the PR does and how to test. Photos and videos are recommended. -->

Related Linear tickets, Github issues, and Community forum posts

https://linear.app/n8n/issue/NODE-4692/ai-gateway-p0-n8n-frontendbackend

<!-- Include links to **Linear ticket** or Github issue or Community forum post. Important in order to close *automatically* and provide context to reviewers. https://linear.app/n8n/issue/ --> <!-- Use "closes #<issue-number>", "fixes #<issue-number>", or "resolves #<issue-number>" to automatically close issues when the PR is merged. -->

Review / Merge checklist

  • PR title and summary are descriptive. (conventions) <!-- **Remember, the title automatically goes into the changelog. Use `(no-changelog)` otherwise.** -->
  • Docs updated or follow-up ticket created.
  • Tests included. <!-- A bug is not considered fixed, unless a test is added to prevent it from happening again. A feature is not complete without tests. -->
  • PR Labeled with Backport to Beta, Backport to Stable, or Backport to v1 (if the PR is an urgent fix that needs to be backported)
© 2026 · via Gitpulse