Hide certain API endpoints from swagger LoopBack4

Question

My application is made by the LoopBack4 framework. In this picture there are three API's are present. I want to use only the login API. So I don't want to visible /users API here. In LoopBack2 and LoopBack3 can do this but how can I hide this Users API from this swagger using LoopBack4.

Any code level configurations?

score 2 · Answer 1 · answered May 06 '20 at 13:19

2

LoopBack 4 will hide any Open API Spec 3.0 OperationObject that has x-visibility: undocumented.

This means that on a controller functions' operation decorator, you can write the following:

class UserController {
  @get('/users', {
    'x-visibility': 'undocumented',
    ...
  })
  async getUsers() {...}
}

answered May 06 '20 at 13:19

Rifa Achrinza

1,555
9
19

do you know if there are any ways to make the visibility based on active authorization, or even better dynamically setable? – MIB Sep 09 '20 at 12:26
1

No, it is not possible. The OpenAPI Spec docs are meant to encompass the entire API spec, and the API's security should not be dependent on the obfuscation of the endpoints. Hence, LoopBack 4 does not provide a mechanism of conditional generation of the OpenAPI spec. However, it is possible to unconditionally, programmatically, modify the OpenAPI spec: https://loopback.io/doc/en/lb4/Extending-OpenAPI-specification.html – Rifa Achrinza Sep 12 '20 at 08:01

Hide certain API endpoints from swagger LoopBack4

1 Answers1

Linked