Credentials
OAuth + PKCE setup. (No client secret needed.)
The Tellzm credential type uses OAuth 2.0 with PKCE — a public-client flow that requires no client secret.
[!IMPORTANT] There is no client secret to enter. If your n8n version shows a Client Secret field, leave it blank or type any placeholder — the value is never sent during the PKCE flow.
Step-by-step
- In n8n, drop a Tellzm or Tellzm Trigger node onto the canvas.
- In the Credentials dropdown choose Create New → Tellzm OAuth2 API.
- The form is mostly pre-filled. The only fields you may want to touch:
- Scope — space-separated list. Defaults to every scope the platform offers. Trim it to limit what this credential can do.
- Click Sign in with OAuth2. A browser tab opens to
tellzm.com/oauth/authorize. - Pick which workspaces this credential can reach.
- Decide whether to auto-include future workspaces (off by default — safer).
- Approve the scopes.
- The window closes; back in n8n click Test Connection to confirm.
No client secret
If you see a Client Secret field in your n8n version, leave it blank or type any placeholder. PKCE replaces the secret with a per-request challenge — the secret is never sent.
Versions 0.2.1+ of the package hide this field entirely. If you're on an older version, just leave it empty.
What gets stored
n8n stores:
- the access token (1 hour TTL) and refresh token (90 days TTL)
- the granted scopes
- the workspace-policy (which workspaces this credential can act on)
Tellzm stores the same as BLAKE2b-256 hashes — plaintext tokens never touch the database.
Scopes
| Scope | Grants |
|---|---|
tasks.read / tasks.write | Read or modify tasks, checklists, recipes |
projects.read / projects.write | Projects, sections, milestones, process templates |
routines.read / routines.write | Recurring rituals + their runs |
base.read / base.write | Data tables, fields, records |
reports.read / reports.write | Reports, dashboards, widgets |
pages.read / pages.write | Pages, blocks, versions, comments |
forms.read / forms.write | Forms, submissions, automations |
calendar.read / calendar.write | Sub-calendars + events |
apps.read / apps.write | Composable apps, wires, instances |
teams.read / teams.write | Teams + membership |
diagrams.read / diagrams.write | Whiteboards, drawio diagrams |
audit.read | Activity logs |
Revoking
Visit Settings → AI Assistants in any Tellzm workspace. Click Revoke on the connection — it stops working immediately on every workspace it was authorized for.
Multi-workspace switching
On every Tellzm action node, the Workspace dropdown loads dynamically from your credential's authorized list. Pick a different workspace per node — the request will be routed to that workspace and validated against the credential's policy server-side.