Normally I'd recommend that as long as the API itself is protected, the API documentation doesn't really need to be. That is of course only my personal opinion. Assuming you still require protection of the API documentation, and thus SwaggerUI.
One way that comes to mind is to use something like Keycloak to add a layer of protection in front of your SwaggerUI URL. I believe it works quite well and is open source for the most part.
However adding that type of protection is outside of scope for Swagger, so there may be better approaches.
Hope it helps and you find success!
