Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Swagger: disabling security on one particular path

Tags:

rest

swagger

I have a Swagger file that starts with the following

{
    "swagger": "2.0",
    "basePath": "/api",
    "schemes": [
        "https"
    ],
    "securityDefinitions": {
        "internalApiKey": {
            "type": "apiKey",
            "name": "AAuthorization",
            "in": "header"
        }
    },
    "security" : [
        { "internalApiKey": [ ] }
    ],

This prolog applies the security setting to every path that follows in the file. Eg.

"paths": {
    "/foo": {
        "get": {

Is there some way I can disable security on just ONE particular Path or Method?

like image 459
sheffler Avatar asked Mar 12 '15 21:03

sheffler

People also ask

What is oas3 in swagger?

The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to RESTful APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection.

What is operationId in swagger?

operationId is an optional unique string used to identify an operation. If provided, these IDs must be unique among all operations described in your API.

How do I enable swagger authorization?

In the Swagger Editor (the right pane), click the Authorize button, paste the sample API key shown in the description into the Value field (or use your own OpenWeatherMap API key), and click Authorize. Then click Close to close the authorization modal.

Is swagger a security risk?

✅ Our security analysis didn't find any cloud or infrastructure risks, which means that Open API (Swagger) should be safe to use and relatively protected against cyber-attacks and data breaches caused by hackers. ⚠️ The user-base and community analysis indicate low engagement and limited trust in social networks.

1 Answers

Sure. Simply add the "security" property to operation with an empty array [] as a value.

So something like

{
  "tags": [
    "pet"
  ],
  "summary": "Updates a pet in the store with form data",
  "description": "",
  "operationId": "updatePetWithForm",
  "consumes": [
    "application/x-www-form-urlencoded"
  ],
  "produces": [
    "application/json",
    "application/xml"
  ],
  "parameters": [
    {
      "name": "petId",
      "in": "path",
      "description": "ID of pet that needs to be updated",
      "required": true,
      "type": "string"
    }
  ],
  "responses": {
    "200": {
      "description": "Pet updated."
    }
  },
  "security": [

  ]
}

would nullify the security for this operation.

like image 154
Ron Avatar answered Sep 17 '22 12:09

Ron
Sign in to Comment

Related questions

JsonMappingException: Can not instantiate value of type [simple type, a.b.c.Company] from JSON String; no single-String constructor/factory method
Groovy:unable to resolve class groovyx.net.http.RESTClient
Linkedin rest api to search people with name
Add new field in body exception spring rest
What is the point of If-Unmodified-Since/If-Modified-Since? Aren't they superseded by ETags?
Unable to work with FOSRestBundle
Why browser do not follow redirects using XMLHTTPRequest and CORS?
Get response header in then() function of a ngResource object's $promise property after resource resolved?
hapi.js best way to handle errors
Android Custom URL Scheme Refuses To Work / How to Navigate Back to Android App After OAuth
Which separator should be used in the Content-Type header for a multipart data request? Comma or Semicolon?
Laravel CSRF protection with REST API
Unsupported media type Django API
WCF REST POST XML - The remote server returned an error: (400) Bad Request
Progress notifications from HTTP/REST service
Calling a REST web service secured with Spring Security from Android
Tornado Restful Handler Classes
HttpClient - dealing with aggregate exceptions
Upload Files in php using REST
How can I pass a body from stored procedure to a REST service?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!