4

I am building a flask app and need to add password for swagger documentation in production, but dont know how. Here is my code:

api = Api(
    version='1.0',
    title='API',
    description='Main API',
    doc='/doc',
    authorizations=authorizations)
...
api.init_app(app)

This documentation shouldnt be public for anyone to see, right? but i cant find a way to add password to it. Any suggestion would be awsome.

Ali Kompany
  • 81
  • 1
  • 8
  • Protect the endpoint by requiring SSO ? – Alan Kavanagh Jun 28 '19 at 22:01
  • @AK47 Yes, For example i can use HTTP Basic Authentication, but dont know how. – Ali Kompany Jun 28 '19 at 22:05
  • 1
    The API itself should definitely be secured - if not, that's your priority. I don't think you necessarily need to protect the API documentation - unless you think it's a particularly special design and forms IP or you're worried the API might not actually be secure (in which case you're hoping for security by obscurity) – eddiewould Jun 28 '19 at 22:54

1 Answers1

3

I know its very late, but still.

class MyApi(Api):
    def render_doc(self):
        view = super().render_doc()
        if current_user.is_authenticated and current_user.has_role('admin'):
            return view
        return redirect(url_for('security.login', next=request.url))

You need to modify this method which returns end view function.

Amrish Mishra
  • 180
  • 1
  • 12