Request refresh via API


I have been automating the maintenance of the modules I created so that dependencies are quickly updated and security issues prevented.

I now have a fully automated pipeline based on dependabot, snyk security checks, github actions, travis builds with testing and semantic release to publish to npm.

There is only 1 step missing: requesting the refresh on the node-red portal. I would love to automate that as well. Is there an API endpoint available for this or do you know of another way how I could signal the refresh in an automated way?

By node-red portal I assume you mean ?

It is feasible to automate, but it isn't really setup to be done so.

A refresh can be triggered in two different ways

  • one way is by clicking the 'request refresh' link in the sidebar. That will trigger an HTTP GET to<name of module>/refresh.
  • the other is submitting the 'add node' form - that will trigger an HTTP POST to with the module payload property set to the name of the module.

However, in both cases, the request must be from a logged in user, and must include a valid CSRF token. The CSRF token can be obtained by loading the /add/node page and scraping the token out of it. But getting a valid login session will be very hard to automate - it requires a browser-based flow against GitHub.

So, TLDR; it is probably quite a bit of work to do properly and may just be unfeasible with the current APIs.

To be honest, the API has been designed to provide some amount of protection against automated access - hence lots of CSRF token usage and needing to be logged in to do anything.

That is unfortunate. Would it also work if I provided a bearer token? Or do you require the token to be in a cookie?

It has to be a cookie - like I said, the site simply has not been built to facilitate automated access.

Not saying it couldn't be changed, but it isn't something on my todo list.

Ok, thanks for the quick response.
I'll try out some things to see what I can do.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.