n8n
Drive MemberPass from n8n — community node with a 71-event trigger and a full-parity action node covering every REST endpoint, plus HTTP/Webhook fallbacks.
The n8n-nodes-memberpass community package ships:
- A trigger node listing all 71 webhook events from the
WebhookEventcatalog. - An action node covering every write + read operation across 19 resources — full parity with the live
api.memberpass.net/v1surface.
Install
Open Community Nodes
In your n8n instance: Settings → Community Nodes → Install.
Install the package
Enter n8n-nodes-memberpass and accept the community-node warning. n8n restarts automatically and picks up the new nodes.
Self-hosted alternative:
cd ~/.n8n/custom
npm install n8n-nodes-memberpassRestart the n8n process after installing.
Add the credential
Credentials → New → MemberPass API. Paste an API token minted at app.memberpass.net/settings/tokens. The credential test calls GET /v1/teams/current; a 200 means you're connected.
Required token abilities:
team:view— always (credential test relies on it).webhook-endpoint:manage— for the trigger node (registers + deletes endpoints on workflow activation / deactivation).- Plus any ability each action operation you drop onto the canvas requires (see the ability catalog).
Production tokens start with mpt_live_; non-production (staging, local)
tokens start with mpt_test_. The credential placeholder expects the full
Stripe-style token — copy-paste everything after "Bearer ".
Trigger node — 71 events
MemberPass Trigger starts a workflow when one or more events fire. Multi-select the events, optionally scope to a single project, activate the workflow. On activation n8n calls POST /v1/webhook-subscriptions; on deactivation it calls the matching DELETE. Idempotency keys are generated automatically.
Signature verification (MP-Signature HMAC) is enabled by default — the node validates every inbound request and silently drops mismatches. Turn it off only for local debugging.
Action node — 19 resources
MemberPass exposes every mutation and read route on the API. Pick a Resource then an Operation from the sidebar. Every write auto-sends a fresh Idempotency-Key header — re-running a node is safe (MemberPass returns the cached response for replays within 24h).
Resource + operation matrix
| Resource | Operations |
|---|---|
| Project | List, Get, Create, Update, Archive, Restore, Delete, Find by Handle |
| Plan | List, Get, Create, Update, Publish, Unpublish, Delete, Find by Name |
| Subscription | List, Get, Cancel |
| Member | List, Get, Ban, Unban, Kick |
| Subscriber | Find by Telegram ID |
| Access Code | List, Delete, Bulk Generate, Preview |
| Resource | List, Get, Create, Unlink, Delete |
| Payment Method | List, Get |
| Webhook Endpoint | List, Create, Delete, Rotate Secret, Test |
| Webhook Delivery | List (by event type) |
| Token | List, Get, Revoke |
| Team | List, Get, Get Current |
| Team Member | List, Get |
| Role | List, Get |
| Group | List, Get |
| Activity | List (by subject) |
| Bot | Get Status |
| Distribution | Get Bot Link, Get Portal URL, Get Deep Link |
| Analytics | Get Dashboard, Get Earnings, Get Subscribers, Get Transaction Breakdown, Get Plan Performance, List Transactions |
Error envelope. Any non-2xx response is translated into an n8n
NodeApiError whose message carries error.message and whose description
carries error.remediation + error.docs_url. Branch on error.code
(TOKEN_MISSING_ABILITY, TENANT_MISMATCH, etc.) in downstream IF nodes.
Fallback with built-in nodes
If you cannot install a community node (managed n8n.cloud without community-node support, locked-down instance), the integration still works with n8n's built-in HTTP Request + Webhook nodes.
- Start the workflow with a Webhook node; copy its production URL.
- In MemberPass: Settings → Webhooks → New endpoint. Paste the n8n URL, pick events, save. Store the plaintext
secret. - After the Webhook node add a Function node that verifies
MP-Signatureagainst the secret:
const crypto = require("crypto");
const header = $json.headers["mp-signature"] || "";
const [tPart, v1Part] = header.split(",");
const t = tPart.split("=")[1];
const v1 = v1Part.split("=")[1];
const expected = crypto
.createHmac("sha256", "whsec_your_secret")
.update(`${t}.${JSON.stringify($json.body)}`)
.digest("hex");
return crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(v1))
? [$json]
: [];Caveat: n8n re-serializes the body. For strict signature verification enable the Webhook node's Raw Body option so you can verify against the exact bytes MemberPass signed.
Use an HTTP Request node with:
- Method:
POST/GET/PATCH/DELETE - URL:
https://api.memberpass.net/v1/<path> - Authentication: Generic Credential Type → Header Auth →
Authorization: Bearer mpt_live_<id>_<secret> - Headers: add
Idempotency-Keywith a fresh UUID on every write
Import the OpenAPI spec (https://api.memberpass.net/openapi.json) into the HTTP Request node for auto-complete on parameters.
Source
The node package is maintained at github.com/envigoinnovations/memberpass-n8n and published to npm as n8n-nodes-memberpass. See the CHANGELOG for per-version deltas.
Related
- Webhook event catalog — the 71 event
typevalues the trigger subscribes to. - API authentication — how
mpt_live_/mpt_test_tokens are minted. - Signature verification — HMAC format used by both the native node and the fallback.
- Analytics API — the REST endpoints behind the Analytics resource.
How is this guide?