Would it be possible to reload the spec after authentication status changes?

[bytedreamer]

The goal is to only show the API endpoints that are authorized. A call to retrieve the spec should include the authorization header so that endpoints could be filtered.

[mrin9]

we have a similar task on our todo, but thats to annotate (may be disable) the try button. We try not to do any validations, to keep the API testable, for instance

• if you defined some constrain on a schema field like max-length, RapiDoc wont stop if you provide more than the max-length, this helps user to test how the API handles the negative cases ,
• same will be with security, would like to keep the end-point open to allow testing APIs that are invoked without security

Is there a use-case that you are after ?

[bytedreamer]

Certain calls are restricted based on the user's permissions. We want the user to be able to view only the calls for which they have access.

The workflow for an user accessing the API Documentation:

1. Page shows no calls, only the OAuth2 section
2. User logs in using our OAuth2 login page
3. Successful login will only show the calls that the user has permission

One way to accomplish this is to dynamically create JSON spec file based on user permissions. For this to work, the JSON spec file needs to be reloaded anytime the login status changes. The JSON retrieval also needs to include the OAuth2 bearer token after login.

[mrin9]

I dont think at present we will be taking that route. but keep an eye on this space, we plan to programmatically allow hide certain paths. once we provide that feature you can do it at your end. I will provide an event when a auth-key is applied, that will help you do what you exactly want.