3

I am new to swagger, I have seen couple of online documentation to implement Swagger to my webapi and used some of the properties of SwaggerConfig to customize.

Here is my requirement :- I need to show swagger documentation only on "Explore" button click based on the value of "API_Key" TextBox which should match with my app.config key.

enter image description here

So I am seeing to implement like this:-

  1. User comes to my swagger home page, by default it will have empty documentation, except the header as shown in the image.
  2. Enters API_Key in the textbox provided in the header and click on Explore.
  3. Entered API key is validated with the key in my app.config or if possible in the SwaggerConfig.
  4. If validated show documentation else show error message as invalid API key.

Need suggestions.

Kind Regards, Raghu

Raghurocks
  • 917
  • 7
  • 17

2 Answers2

2

Simply edit the index.html and add the headers you need on the addApiKeyAuthorization change event. See more here:

https://github.com/swagger-api/swagger-ui#header-parameters

fehguy
  • 6,724
  • 25
  • 23
  • Thanks for your answer, but using that it will actually adds parameter "API Key" to headers of the request, and we can use that to validate every call in the documentation, but my requirement is, I shouldn't load the documentation itself without a valid API key(Valid API key :- which should match with my app.config key) – Raghurocks Aug 28 '15 at 07:35
  • Please let me know, if I have to be more clear on my comment. I will elaborate further – Raghurocks Aug 28 '15 at 07:44
  • So I am seeing to implement like :- 1. User comes to my swagger home page, by default it will have empty except the header. 2. Enters API_Key in the textbox provided in the header and click on Explore. 3. Entered API key is validated with the key in my app.config or if possible in the SwaggerConfig. 4. If validated show documentation else show error message as invalid API key. – Raghurocks Aug 28 '15 at 10:15
  • OK got it. Then in that case, you would want to _not_ load the swaggerUi until the addApiKeyAuthorization. You can set it the same way, then it will be sent when loading. Does that make sense? – fehguy Aug 31 '15 at 02:45
  • Yes, I am thinking of that way, but we need to inject js, do the required manipulation and load the swagger UI in the same way Swashbuckle loads by default right? – Raghurocks Sep 01 '15 at 14:24
  • I suggest taking this to the irc channel (webchat.freenode.net/?channels=swagger) for a faster response. – fehguy Sep 02 '15 at 03:57
2

You may add custom message handler for web api and then make authorized requests to documentation:

    private const string swaggerApikey = "swagger-apiKey";

    private void Configuration([NotNull] IAppBuilder app)
    {
        var config = new HttpConfiguration();
        config.MessageHandlers.Add(new SwaggerMessageHandler());
        config
            .EnableSwagger(c =>
            {
                c.ApiKey(swaggerApikey)
                    .Description(swaggerApikey)
                    .Name(swaggerApikey)
                    .In("header");
            })
            .EnableSwaggerUi(c =>
            {
                c.EnableApiKeySupport(swaggerApikey, "header");
            });

        app.UseWebApi(config);
    }

    internal class SwaggerMessageHandler : DelegatingHandler
    {
        protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            if (request.RequestUri.LocalPath.Equals("/swagger/docs/v1"))
            {
                var apikey = request.Headers.FirstOrDefault(x => x.Key.Equals(swaggerApikey)).Value?.FirstOrDefault();
                if (!"secretApiKey".Equals(apikey))
                    return Task.FromResult(new HttpResponseMessage(HttpStatusCode.Forbidden));
            }
            return base.SendAsync(request, cancellationToken);
        }
    }
Dmitrii Zyrianov
  • 2,208
  • 1
  • 21
  • 27