How to disable authentication requirement for apiDiscovery feature

Question

Is there any way to disable the authentication requirement for accessing the API Documentation endpoints provided by the apiDiscovery-1.0 feature?

I have the apiDiscovery-1.0 feature enabled on Liberty 16.0.0.4.

I am able to see the swagger documents when I access /ibm/api/explorer as expected, but I am required to authenticate.

I am only able to authenticate by using credentials defined in a basicRegistry element within my server.xml. However, I want to eliminate this basicRegistry from my server configuration.

Answer 1

You can do that in the latest Beta (https://developer.ibm.com/wasdev/downloads/liberty-profile-beta/)

With that driver, you only need apiDiscovery-1.0 (SSL is optional).

The default address for the public endpoint is http://host:port/api/explorer

You can change the "/api" portion by using the publicURL attribute in the apiDiscovery element in server.xml, for example:

<apiDiscovery publicURL="/myPublicAPI" />

This is targeted for Liberty's next release, 17.0.0.1.

Please note that in the public endpoint, internal endpoints (such as JMX, Batch, etc) are not displayed - only your deployed applications.

For the internal endpoints, you can use /ibm/api/explorer (which remains requiring SSL and authentication).

Answer 2

I believe you can't remove the requirement for authentication for apiDiscovery for security reasons.
I doubt this helps but, you shouldn't "only be able to authenticate using credentials defined in a basicRegistry element within my server.xml" and instead any supported authentication mechanics should work like quickStartSecurity, LDAP, etc (and they can be set in any configuration file that is read by the server, not just server.xml). For example, you should be able to use quickStartSecurity in wlp/usr/shared/config to apply an Admininistrator role for all servers under that /wlp/usr/servers/ directory.