Understanding the “Credentials War”
What you’ll learn: How Zapier, Make, and n8n differ on credential storage, hosting models, and vendor lock-in so you can choose the right platform for your needs.
The biggest difference between Zapier, Make, and n8n isn’t features. It’s who holds your credentials, where your automations run, and who owns the workflows.
- Think location of secrets and tokens, not just triggers and actions
- Think cloud-only convenience vs self-hosted control
- Think long-term portability, not just “can it post to Slack?”
Pick the platform philosophy first, then worry about the buttons.
The “credentials war” is about trust boundaries. Here’s how data flows and who controls your credentials:
Trust Boundaries Visualization
Zapier/Make Model - Vendor Control
flowchart TD
V1[Your Browser] --> V2[Vendor Cloud Platform]
V2 --> V3[Vendor-Stored Tokens]
V3 --> V4[Third-Party APIs]
V4 --> V5[Vendor Data Storage]
V6[Trust: Vendor controls all tokens and data]
classDef vendorStyle fill:#ffebee,stroke:#c62828,color:#000
class V1,V2,V3,V4,V5,V6 vendorStyle
n8n Cloud Model - Hybrid Control
flowchart TD
H1[Your Browser] --> H2[n8n Cloud]
H2 --> H3[n8n-Stored Tokens]
H3 --> H4[Direct API Access]
H4 --> H5[Your Database]
H6[Trust: You control data, n8n holds tokens]
classDef hybridStyle fill:#fff3e0,stroke:#ef6c00,color:#000
class H1,H2,H3,H4,H5,H6 hybridStyle
n8n Self-Hosted Model - Full Control
flowchart TD
S1[Your Browser] --> S2[Your Infrastructure]
S2 --> S3[Your Token Store]
S3 --> S4[Your Network APIs]
S4 --> S5[Your Database]
S6[Trust: You control everything - zero vendor access]
classDef selfStyle fill:#e8f5e8,stroke:#2e7d32,color:#000
class S1,S2,S3,S4,S5,S6 selfStyle
What Is the “Credentials War”?
In plain terms, it’s a contest over where authentication lives and who you must trust. That choice shapes security, compliance, and vendor lock‑in.
- Zapier and Make: cloud SaaS only; tokens and account connections live in the vendor’s cloud
- n8n: can be self‑hosted or cloud; secrets can stay on your servers and in your network
- All three can hit the same APIs; the trust and hosting models differ
Once you see the trust model, noise in feature lists fades fast.
Quick Comparison: Zapier vs Make vs n8n
| Dimension | Zapier | Make (Integromat) | n8n |
|---|---|---|---|
| Credentials Storage | Vendor cloud only | Vendor cloud only | Your database or n8n cloud |
| Hosting Options | Cloud SaaS only | Cloud SaaS only | Self-hosted or cloud |
| Token Control | Limited | Limited | Full control when self-hosted |
| API Access | 5,000+ apps, webhooks | 1,000+ modules, HTTP requests | 350+ nodes, HTTP requests |
| Custom APIs | Webhooks + Custom Request | HTTP module | HTTP Request node |
| Debugging | Task history, basic logs | Visual execution tree | Full node inspection, manual runs |
| Version Control | None (UI only) | Limited export | Native JSON, Git integration |
| Data Residency | Vendor-controlled | Vendor-controlled | Your choice when self-hosted |
| Compliance | Vendor certifications | Vendor certifications | Your infrastructure + controls |
| Best For | Non-technical teams | Complex visual workflows | Developers, compliance teams |
| Lock-in Risk | High | High | Low (portable JSON) |
| Setup Complexity | Lowest | Low-Medium | Medium-High (self-hosted) |
Why Architecture Matters More Than Features
Fancy actions don’t help if you can’t meet policy, scale costs, or debug failures. Architecture drives outcomes.
Key considerations:
- Security and compliance: some teams must keep tokens and data in‑house (or at least in a private VPC)
- Reliability and debugging: access to raw runs, replays, and logs determines how quickly you fix issues
- Cost and control: cloud convenience scales fast; self‑hosting can be cheaper at volume and avoids lock‑in
Features come and go; ownership and control stick.
Credentials Management Models
Credentials management decides how you store and refresh OAuth 2.0 tokens, API keys, and service accounts. It also decides who can see or export them.
Rule of thumb: the closer tokens live to your data, the easier compliance getsand the more responsibility you accept.
| Platform | Token Storage | Connection Model | Encryption Control |
|---|---|---|---|
| Zapier | Zapier’s cloud | Shared team “accounts” | Vendor-managed keys |
| OAuth + Webhooks for custom APIs | Limited rotation control | ||
| Make | Make’s infrastructure | Vendor-hosted connections | Vendor-managed keys |
| HTTP modules for custom APIs | Broad prebuilt app library | ||
| n8n | Your database (self-hosted) | Fine-grained per workflow | Your encryption keys |
| Secret manager integration | Full network boundary control |
For highly sensitive tokens (e.g., Salesforce, banking, or internal APIs), keeping secrets on your side can be decisive.
# n8n self-hosting essentials (conceptual)
export N8N_ENCRYPTION_KEY="<strong-unique-key>"
export N8N_USER_FOLDER="/var/lib/n8n"
# Pair with a secret manager (e.g., mounted env or vault) to avoid hardcoding.Infrastructure and Hosting Models
Automations either run in a vendor’s multi‑tenant cloud or inside infrastructure you control. That split shapes latency, egress costs, and data residency.
| Platform | Hosting Model | Management | Network Control |
|---|---|---|---|
| Zapier/Make | Fully managed cloud | No servers to patch | Limited regions/VPC control |
| Clean setup for non-technical teams | Data passes through vendor | ||
| n8n | Self-hosted or n8n Cloud | You manage uptime & scaling | Private network traffic |
| VM, Docker, Kubernetes options | Internal systems access |
If your policy says “no third‑party holds tokens,” the hosting choice answers itself.
API Access and Integration Limits
API access isn’t just “does an app exist.” It’s how deeply you can call endpoints and handle rate limits.
| Platform | App Library | Custom APIs | Rate Limiting |
|---|---|---|---|
| Zapier | 5,000+ apps, mainstream focus | Webhooks + Custom Request | Vendor-managed constraints |
| Fast connection to popular tools | Partner policy limits | ||
| Make | Rich modules + routers | HTTP module for any REST API | Flexible data mapping |
| Multi-branching scenarios | Visual execution control | ||
| n8n | 350+ nodes + HTTP Request | Mix official & private APIs | You control scopes & tokens |
| Internal systems integration | Custom rate strategies |
When official actions fall short, the “generic HTTP” escape hatch becomes your best friend.
{
"service": "salesforce",
"auth": "oauth2",
"rate_limit_strategy": "vendor | custom",
"token_storage": "cloud-vendor | self-hosted",
"debug": "task log | execution replay | raw HTTP"
}Debugging, Error Handling, and Developer Experience
Faster feedback loops reduce downtime. The more raw detail and replay control you have, the quicker you fix thorny bugs.
| Platform | Debug Visibility | Execution Control | Data Retention |
|---|---|---|---|
| Zapier | Task history + samples | Retry steps, Paths/Filters | Plan-dependent retention |
| Limited infra visibility | Basic error handling | ||
| Make | Visual execution tree | Strong visual branching | Detailed run inspector |
| Complex scenario tracing | Advanced flow control | ||
| n8n | Per-node inspection | Manual execution mode | Full inputs/outputs stored |
| JSON versioning + Git | Complete replay capability |
At this point, a diagram of “request - node - output - error - retry” would clarify differences in log depth.
Workflow Ownership, Version Control, and Vendor Lock‑In
Owning the graph matters when auditors ask “who changed what, when, and why.” So does your exit strategy.
| Platform | Workflow Storage | Version Control | Portability |
|---|---|---|---|
| Zapier/Make | Vendor UI only | Limited/no versioning | High migration effort |
| No audit trails | Platform lock-in | ||
| n8n | JSON format | Git integration | Easy instance migration |
| CI checks + reviews | Environment duplication |
Ownership isn’t glamorous, yet it saves real money and drama later.
Security, Compliance, and Data Governance Considerations
Security posture is a shared‑responsibility story. The split changes with hosting.
| Platform | Security Model | Compliance | Responsibility |
|---|---|---|---|
| Zapier/Make | Vendor security programs | Vendor attestations | Simpler org rollout |
| Third-party token storage | Accept vendor controls | ||
| n8n | Local secrets & data | Strict residency alignment | You own patching & monitoring |
| Self-hosted governance | Full access control |
Choose who signs the riskyour vendor, your team, or a mix.
How to Apply This: When to Choose Zapier, Make, or n8n
Use platform philosophy to guide fit, not hype. Map yourself to an archetype and decide with eyes open.
Platform Selection Decision Tree
graph TD
A[Which Platform?] --> B{Technical Team?}
B -->|Non-technical Marketing Sales| C{Complex Workflows?}
B -->|Has Developers| D{Compliance Requirements?}
C -->|Simple Automations| E[Zapier Huge app library Lowest setup friction Quick ROI]
C -->|Complex Branching| F[Make Visual workflow builder Advanced flow control Better logic handling]
D -->|Standard SaaS| G{Self-Host Preference?}
D -->|Regulated Industry Data Residency| H[n8n Self-Hosted Full control Own your tokens Compliance ready]
G -->|Cloud Preferred| I[n8n Cloud Git integration Developer-friendly Quick deployment]
G -->|Self-Host Preferred| H
classDef zapier fill:#e3f2fd,stroke:#1976d2
classDef make fill:#fff3e0,stroke:#ef6c00
classDef n8nCloud fill:#fff8e1,stroke:#f9a825
classDef n8nSelf fill:#e8f5e8,stroke:#2e7d32
classDef decision fill:#f3e5f5,stroke:#7b1fa2
class E zapier
class F make
class I n8nCloud
class H n8nSelf
class A,B,C,D,G decision
| Team Type | Primary Choice | Alternative/Hybrid | Key Reasons |
|---|---|---|---|
| Non-technical marketing | Zapier | Make for richer branching | Lowest setup friction, huge app libraries |
| Move fast on common apps | Quick wins for social and CRM | ||
| Small SaaS + developers | n8n (self-hosted/cloud) | Zapier/Make for one-offs | Control secrets, call private services |
| Mix public APIs & internal | Git-based versions and workflows | ||
| Regulated/Enterprise IT | n8n self-hosted | Vendor SaaS for non-sensitive | Align with policy, own tokens |
| Strict residency & audit | + secrets manager + SSO | Centralized logs and approvals | |
| Agency/Consultancy | Make (complex routing) | Zapier (standard stacks) | Match complexity per project |
| Dozens of clients, varied stacks | n8n (bespoke APIs) | Client risk appetite alignment | |
| Data/Ops teams | n8n | Make/Zapier where speed matters | Better debugging and cost control |
| Heavy debugging & scale | Replayable executions, spend management |
You can also mix tools: SaaS for rapid experiments, n8n for durable, sensitive, or high‑volume automations.
Bottom line: you’re choosing a trust model, not just an app list. Zapier/Make optimize for convenience in a vendor cloud. n8n optimizes for control, ownership, and sovereigntyespecially when self‑hosted. Pick the trade‑off that matches your risk tolerance, compliance needs, and scale.