Is there a desire to create an API for the flow library?
Context: One of my repository automations publishes my nodes to NPM and then updates the version in the flow library.
Problem: Triggering the update on the flow library side is possible indirectly (with an HTML parser), but what bothers me most is making the workflow wait 5min (to ensure the NPM packet is available).
Suggestion: Create an API to add/update node and add a timeout option. This timeout would wait a certain amount of time before triggering the update.
Constraint: it would be necessary to create a token manager for requests.
I would be happy if there were a simple ability to request a refresh for a specific node entry. As long as this was rate limited, it should be pretty safe even for anonymous requests.
But even that has some risks. What if some bad actor decided to try and push compromised nodes into the library? How would that be picked up? This isn't too bad if it requires manual entries, but automated, it might be an issue?
What is the exact "problem" that this would fix though? Are you pushing that many updates into the library? Maybe there could be a restricted, authenticated API for core devs who are doing lots of updates? I do a reasonable number of updates to my nodes but I've never really had an issue with manually kicking the library.
I like the idea - but I believe a few years ago - the catalogue was brought to its knees after a member of the public caused it to hang with sending 100's of requests to get it to update all nodes.
if such an API should ever get introduced, the token owner should only be able to update Nodes that is owned by themself.
i.e any requests for registering to gain access to the API - should include recording their NPM handle, and any requests to update the library for a Node - is checked, to ensure their token includes the NPM handle for the target Node
The token manager would only be available to registered users. The token can be revoked if an abuse is detected. All the packet analysis logic remains the same.
Of course, my nodes aren't updated very frequently, but the goal of this FR is to provide an automated way to do so. I've forgotten to update the library in the past (and I'm probably not the only one).
