search

noirbizarre / flask-restplus

Fully featured framework for fast, easy and documented API development with Flask
http://flask-restplus.readthedocs.org
Other
2.74k stars 506 forks source link

How to protect swagger-UI ? #792

Closed shivangpatel closed 4 years ago

shivangpatel commented 4 years ago

My default path for swagger-UI is /api/doc. So, anyone who hit this url in browser, they can easily access this swagger-UI ! So, how can I protect this specific URL only. And suggest all possible ways.

amickael commented 4 years ago

Personally, I disable the Swagger UI in production. Here's how I do it:

api = Api(
    title="My Awesome API",
    version=VERSION,
    prefix=f"/api/{VERSION}",
    doc="/" if os.getenv("FLASK_ENV") == "development" else False,
)
shivangpatel commented 4 years ago

@amickael thanks for positive response. I will try it. Currently in production I am using NGINX basic auth for that url. It's working...

Anyway againg thanks.