I had the same issue, and resolved it with the below code
[{"id":"e3f0c29b.15917","type":"function","z":"45ec8d76.35a444","name":"Request Token","func":"msg.payload = {\n \"client_id\": \"node-red-editor\",\n \"grant_type\": \"password\",\n \"scope\": \"*\",\n \"username\": \"type or username\",\n \"password\": \"type your password\"\n}\nreturn msg;","outputs":1,"noerr":0,"x":440,"y":760,"wires":[["40715257.e3114c"]]},{"id":"62e6b42a.d2df5c","type":"inject","z":"45ec8d76.35a444","name":"Manual reload","topic":"","payload":"","payloadType":"str","repeat":"","crontab":"","once":false,"onceDelay":"","x":230,"y":760,"wires":[["e3f0c29b.15917"]]},{"id":"40715257.e3114c","type":"http request","z":"45ec8d76.35a444","name":"Token","method":"POST","ret":"txt","paytoqs":false,"url":"http://localhost:1880/auth/token","tls":"","persist":false,"proxy":"","authType":"","x":630,"y":760,"wires":[["27f2916.2d1306e"]]},{"id":"27f2916.2d1306e","type":"function","z":"45ec8d76.35a444","name":"Confirm token","func":"// get the status of the request\nvar status = msg.statusCode;\n//var token = {};\nvar token = '';\nmsg.headers ={};\n\n//let node = feedback;\n\nswitch(status){\n case 200:\n node.log(\"Secure restart\");\n token = JSON.parse(msg.payload);\n token = 'Bearer '+token.access_token;\n msg.headers = {\n \"Authorization\": token,\n \"Node-RED-Deployment-Type\":\"reload\"\n }\nmsg.payload =\"\";\n break;\n case 204:\n node.log(\"Secure without restart\");\n global.set('result','\tSuccess - with no further content');\n break;\n case 400:\n node.warn(\"Bad request\");\n break;\n case 401:\n node.warn(\"Not authorized\");\n break;\n case 403:\n node.warn(\"Forbidden\");\n break;\n case 404:\n node.log(\"Unsecure restart\");\n msg.headers = {\n \"Node-RED-Deployment-Type\":\"reload\"\n }\n break;\n case 409:\n node.warn(\"Version mismatch\");\n break;\n case 500:\n node.error(\"Server Error\");\n break;\n default:\n node.warn(\"Unknown Error\");\n break;\n}\n\nmsg.payload = \"\";\nreturn msg;","outputs":1,"noerr":0,"x":820,"y":760,"wires":[["cbf97372.7169f"]],"info":"Restart of Node-Red flows.\nWill check if the action needs security or not.\nNote: if the first 5 attemps return a statuscode 403 'forbidden'\nthen the server will break and only way to recover is then to\nrestart the service"},{"id":"cbf97372.7169f","type":"http request","z":"45ec8d76.35a444","name":"Restart","method":"POST","ret":"txt","paytoqs":false,"url":"http://localhost:1880/flows","tls":"","persist":false,"proxy":"","authType":"","x":1020,"y":760,"wires":[[]]}]
There is still a minor issue with it.
If the function returns within the first 5 attempts a statuscode 403 'forbidden' then the 6th attempt will break the server (code 500 and only way to recover is then to restart the service)
