Skip to main content

How to disable Swagger documentation?

Background 

When I was developing foundational RESTful APIs (Web API) for one of our clients, swagger was our choice for documentation. Swagger provides interactive documentation feature with nice UI. Since we were developing only RESTful APIs, QA team members were using Swagger UI to test APIs.

Suddenly there was a request from customer to disable swagger in production environment.

Solution

How to enable swagger?

  • Install "Swashbuckle" nuget package into your WebAPI project. 
  • This installation will add the following entries in "packages.config"
  <package id="Swashbuckle" version="5.5.3" targetFramework="net45" />
  <package id="Swashbuckle.Core" version="5.5.3" targetFramework="net45" />

  • "SwaggerConfig.cs" file will be added in "App_Start" folder
  • Execute the project code. When the new browser window pops out, add "swagger/ui/index" at the end the URI. It will load swagger documentation UI.
Ex:

    When I run my sample application, it opens up a new browser window with url "http://localhost/SwaggerDoc/"



When I add "swagger/ui/index" at the end of the URI. (i.e)



Here, I have only "Values" controller with one method "/api/Values".

How to disable swagger?

As soon as "Swashbuckle" package is added with the WebAPI project, by default swagger documentation will be enabled. Swagger doesn't have a built-in property to disable it. 

"SwaggerConfig.cs" (inside "App_Start" folder) is responsible for enabling swagger. So I have added a new entry in web.config file to control this.

<appSettings>
    <add key="DisableSwagger" value="True" />
</appSettings>

Based on this key "DisableSwagger" value, either swagger documentation will be enabled or disabled.

Added the following lines in "SwaggerConfig.cs" file inside "public static void Register()" method.

            if (ConfigurationManager.AppSettings["DisableSwagger"]=="True")
            {
                return;
            }



Based on the environment, value of "DisableSwagger" key can be controlled using config file transformation. 

Ex:
I have added the following entry in  "Web.Production.config"

<add key="DisableSwagger" value="True" xdt:Transform="Replace" xdt:Locator="Match(key)" />


"Web.Production.config" and "Web.Staging.config" files has
<add key="DisableSwagger" value="False" xdt:Transform="Replace" xdt:Locator="Match(key)" />




Labels:

Comments

  1. UnknownFebruary 24, 2018 at 1:46 AM

    To disable Swagger documentation working with hapijs you can follow these steps or go-through this link "https://stackoverflow.com/questions/48960774/how-to-disable-swagger-api-documentation-from-production-server-in-hapijs/48960775#48960775"

    Step 1. Go to the path

    project_directory/node_modules/hapi-swagger/public/lib/index.js

    Step 2. Open index.js and here you will find internal default options as below:

    var internals = {
    defaults: {
    protocol: null, // If not specified, uses the same protocol as server info
    endpoint: '/docs',
    documentationPath: '/documentation',
    enableDocumentationPage: true,
    auth: false,
    basePath: '',
    pathPrefixSize: 1,
    payloadType: 'json',
    produces: ['application/json'],
    consumes: ['application/json'],
    ui: true,
    listing: true,
    index: false,
    customJSHandler: function(request, reply) {
    reply('').type('application/javascript');
    },
    }
    };

    Step 3. Replace enableDocumentationPage options from true to false.

    Step 4. Finally restart you project either with pm2 restart or with node server.js and now try to run swagger API documentation. You will see now it is throwing 404 which means you successfully disabled your API doc.

    ReplyDelete

Post a Comment

Popular posts from this blog

Unable to get authorization code from PingFederate

Problem I am using PingFederate as key manager for my API Manager. While requesting authorization code for an existing client and resource owner, it was showing the following error message "Server.log" shows the following message 2016-12-13 11:34:03,363 tid:AOf2aORr5j9_X_PHbCTZu-toxwA DEBUG [org.sourceid.websso.servlet.IntegrationControllerServlet] POST: https: <IP> /as/yVKcc/resume/as/authorization.ping 2016-12-13 11:34:03,363 tid:AOf2aORr5j9_X_PHbCTZu-toxwA INFO  [org.sourceid.websso.servlet.IntegrationControllerServlet] org.sourceid.websso.servlet.RenderPageException: Unable to resume processing because saved state was not found for key: BR6msnwXdx33oQX3imDRni_yVKcc - rendering state.not.found.error.page.template.html Background  1. I have following two OAuth clients configured in PingFederate  2. OAuth client "2" was created with the following configuration 3. Using the following url, authorization code was requested 
Post a Comment
Read more

How to configure custom password validator in PingFederate?

Requirement  Use an existing oracle table (password is plain text) in PingFederate to validate user credential for authorization code flow. Analysis By default PingFederate supports the following password validators LDAP Username Password Credentials Validator PingOne Directory Password Credential Validaot RADIUS Username Password Credential Validator Simple Username Password Credential Validator   SQL password validator is not in the list. So how to use an existing oracle table to validate the user credentials. Solution Need to create SQL custom password validator (jar). You may also contact PingFederate support team for this.   Download   How to Configure Custom Password Validator? Stop PingFederate instance Copy the jar file (pf.plugins.password-credential-validator-sql-v2.jar) to the following folder on PingFederate server                  <PingFederateInstall>/pingfederate/server/default/deploy/            3. Restart PingF
Post a Comment
Read more