How to secure swagger page in rails?

Question

In my project there is a documentation of API's by using swagger which URL is like http//www.example.com/api. Issue is that these are public and anyone can see that. I want to secure this link so that anyone can't see these API's.

I see http_authentication and basic_authentication but it can't work on swagger because it is in public. How I secure that page?

do use use devise? you can mount it only for users based on some criteria. — Aleksey, Sep 28 '16 at 11:25
have authentication. Its authentication for page not login etc — Haseeb Ahmad, Sep 28 '16 at 11:30

score 1 · Answer 1 · answered Sep 28 '16 at 11:26

1

The HTTP autentication can be done on Nginx (or Apache) level.

answered Sep 28 '16 at 11:26

maicher

2,625
2
16
27

seems like very bad design, doesn't it? – Aleksey Sep 28 '16 at 11:27
Why? If it will be plugged under unobvious route, IMHO can be an appriopriate solution. – maicher Sep 28 '16 at 11:37
As for me I don't like to mess up application logic with HTTP server configuration. Maybe I don't understand something is it somehow better than using rails http basic authentication? – Aleksey Sep 28 '16 at 11:41
1

True, but as I understood, he can not do it in Rails controller, because the request doesn't go through a controller but directly access the pregenerated files in `public` dir. – maicher Sep 28 '16 at 12:15

How to secure swagger page in rails?

1 Answers1