Menu
I'm working on a REST API with a Swagger UI. When it comes time to expose the API, should I expose the Swagger UI as well? If so, how would I package it into my application. Currently, I have the UI downloaded from the GitHub and am storing it in a folder alongside my project.
I'm using Go (with the Echo framework) to write the API.
341
asked Nov 24 '25 06:11
There can be security Threats if swagger exposed to production and can be accessed publicly like :
Increased attack surface: Swagger becomes an additional entry point that can be targeted by potential Denial-of-Service (DoS) attacks.
Information exposure: Swagger exposes detailed documentation about your API endpoints, request/response structures, and data models.
Injection vulnerabilities: The exposed information in Swagger, including data formats, input validation, and implementation details, can aid attackers in launching injection attacks. Ex- SQL injection or cross-site scripting (XSS), can manipulate or compromise data and system.
Unauthorized access risks: Improper configuration of Swagger can result in unauthorized access to sensitive API endpoints or functionality.
84
We should not enable swagger in production due to security threats. In.net core version 6.0 version, we can protect it with the below code in Program.cs.
if(!app.Environment.IsProduction())
{
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json", "My Service");
c.RoutePrefix = string.Empty; // Set Swagger UI at apps root
});
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With