How to export flows of a nodered server from remote server with powershell?

General
,
1

Hello, We have several nodered servers in our company and I want export the flows from each server periodically for some evaluation. When the server has no authentication (just on test server) I can directly get flows with https://mynoderedserver:1880/flows. But when the servers have authentication I get "unauthorized". Normaly I can login to the servers and export the flows manually. But I want to be able to do that with a powershell script. I have also tried some scripts with credentials but each time I get the flows.json file just with the comment "unauthorized".

When I enter NodeRed webpage with my credentials I see that as user I am defined as admin. Why can I not download the flows.json file? How should I proceed?

My Code is:

# Define the Node-RED server URL
$nodeRedUrl = "https://myserver:1881"

$apiEndpoint = "/flows"

# Define the credentials
$username = "myusername"
$password = "mypassword"
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($username, $securePassword)

# Make an HTTP GET request with credentials to retrieve the flows
$response = Invoke-WebRequest -Uri ($nodeRedServerUrl + $apiEndpoint) -Method Get -Credential $credential

# Save the response content to a JSON file in C:\temp
$response.Content | Set-Content -Path "C:\temp\flows.json"
2

Welcome to the forum @dargento

If you want the full flow set then you can just pick up the flows file rather than exporting.

3

Hello Colin thank you for answer

You are absolutely right, transfering the file would be the easiest way, but in our company we have firewall zone concept, and ports for file transfer are extremely restricted. There is a lot of procedure to get approvement for ports like 445 or ftp.

4

Basic auth is a base64 string. The ConvertTo-SecureString creates some microsoft kind of string (not sure what this is, but it is not a base64 string of the user+pass).

a google search points to something like:

$pair = "$($user):$($pass)"
$encodedCredentials = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($Pair))
$headers = @{ Authorization = "Basic $encodedCredentials" }

Invoke-WebRequest -Uri $url -Method Get -Headers $headers
5

If the following works passing thru your firewalls, well...I suppose

You could try to use the admin API

Myself, I did setup a remote Node-RED and I communicate successfully with that instance via a public MQTT cloud service (HiveMQ). From a local NodeRED instance I can check if the remote is online or not, ask for the complete flow as well as separate tabs, update existing or add newtabs and some other specific tasks like getting complete chart data. All communication goes thru the MQTT cloud service and I have not opened any ports in the firewalls