Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to secure generated API documentation using swagger swashbuckle

I have implemented API documentation using swagger swashbukle. Now I want to publish generated documentation as a help file in my website. How to secure this link and publish?

like image 549
Priyanka Mane Avatar asked Aug 29 '16 13:08

Priyanka Mane


People also ask

Is Swagger secure?

Key findings. We discovered 13,041 Swagger APIs in 28 countries throughout Europe. Further analyses revealed that many are not properly secured, revealing hardcoded keys and user/customer information, malfunctioning login security, no use of HTTPS, and more.

What is security in Swagger?

Security is described using the securitySchemes and security keywords. You use securitySchemes to define all security schemes your API supports, then use security to apply specific schemes to the whole API or individual operations.

How do I add authentication to Swagger UI?

0+, you can use the preauthorizeBasic method to pre-fill the Basic auth username and password for "try it out" calls. "Try it out" will use the specified username and password, and if you click the "Authorize" button in Swagger UI, you will see that the username and masked password are pre-filled in the UI.

What functionality of Swagger should be used to display in the documentation?

The major Swagger tools include: Swagger Editor – browser-based editor where you can write OpenAPI definitions. Swagger UI – renders OpenAPI definitions as interactive documentation. Swagger Codegen – generates server stubs and client libraries from an OpenAPI definition.


2 Answers

I don't think there's a way to secure the swagger swashbuckle endpoint up until now. You can have tips and more into this from their github issue here

like image 58
Swagata Prateek Avatar answered Nov 08 '22 18:11

Swagata Prateek


This solution will only work if you have implemented authentication in your solution.

  1. Create new folder swagger in solution
  2. Add new Web.config file.
  3. write following code in it:

    <configuration> 
        <system.web> 
            <authorization> 
                <deny users="?" /> 
            </authorization> 
        </system.web> 
        <system.webServer> 
            <modules runAllManagedModulesForAllRequests="true" /> 
        </system.webServer> 
    </configuration>
    
like image 41
Priyanka Mane Avatar answered Nov 08 '22 20:11

Priyanka Mane