3

I am new to swagger, I have seen couple of online documentation to implement Swagger to my webapi and used some of the properties of SwaggerConfig to customize.

Here is my requirement :- I need to show swagger documentation only on "Explore" button click based on the value of "API_Key" TextBox which should match with my app.config key.

enter image description here

So I am seeing to implement like this:-

  1. User comes to my swagger home page, by default it will have empty documentation, except the header as shown in the image.
  2. Enters API_Key in the textbox provided in the header and click on Explore.
  3. Entered API key is validated with the key in my app.config or if possible in the SwaggerConfig.
  4. If validated show documentation else show error message as invalid API key.

Need suggestions.

Kind Regards, Raghu

Improve this question

2 Answers 2

Reset to default
2

Simply edit the index.html and add the headers you need on the addApiKeyAuthorization change event. See more here:

https://github.com/swagger-api/swagger-ui#header-parameters

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Thanks for your answer, but using that it will actually adds parameter "API Key" to headers of the request, and we can use that to validate every call in the documentation, but my requirement is, I shouldn't load the documentation itself without a valid API key(Valid API key :- which should match with my app.config key)
Please let me know, if I have to be more clear on my comment. I will elaborate further
So I am seeing to implement like :- 1. User comes to my swagger home page, by default it will have empty except the header. 2. Enters API_Key in the textbox provided in the header and click on Explore. 3. Entered API key is validated with the key in my app.config or if possible in the SwaggerConfig. 4. If validated show documentation else show error message as invalid API key.
OK got it. Then in that case, you would want to not load the swaggerUi until the addApiKeyAuthorization. You can set it the same way, then it will be sent when loading. Does that make sense?
Yes, I am thinking of that way, but we need to inject js, do the required manipulation and load the swagger UI in the same way Swashbuckle loads by default right?
|
2

You may add custom message handler for web api and then make authorized requests to documentation:

    private const string swaggerApikey = "swagger-apiKey";

    private void Configuration([NotNull] IAppBuilder app)
    {
        var config = new HttpConfiguration();
        config.MessageHandlers.Add(new SwaggerMessageHandler());
        config
            .EnableSwagger(c =>
            {
                c.ApiKey(swaggerApikey)
                    .Description(swaggerApikey)
                    .Name(swaggerApikey)
                    .In("header");
            })
            .EnableSwaggerUi(c =>
            {
                c.EnableApiKeySupport(swaggerApikey, "header");
            });

        app.UseWebApi(config);
    }

    internal class SwaggerMessageHandler : DelegatingHandler
    {
        protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            if (request.RequestUri.LocalPath.Equals("/swagger/docs/v1"))
            {
                var apikey = request.Headers.FirstOrDefault(x => x.Key.Equals(swaggerApikey)).Value?.FirstOrDefault();
                if (!"secretApiKey".Equals(apikey))
                    return Task.FromResult(new HttpResponseMessage(HttpStatusCode.Forbidden));
            }
            return base.SendAsync(request, cancellationToken);
        }
    }
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.