Forum Discussion

jsrat10's avatar
jsrat10
New Contributor
6 years ago

Swagger with on-prem deployment

Our application is Microsoft stack. We deploy our application in the client environment. We want to turn off the swagger when deploying on the clients infrastructure. If we keep config change in the app.config or database, the end client can easily turn on the swagger and view all our private apis. They also have admin access to the DB. Is there a secured way of turning off the swagger for the on-prem deployment?

  • RonRatovsky's avatar
    RonRatovsky
    6 years ago

    Thanks for the information. So you're getting Swagger UI installed as part of nswag. Unfortunately, nswag is not one of our projects so I'm not familiar with its configuration options and whether they offer a way to disable expsosing things through configuration.

     

    Your best bet is to go through the documentaiton of nswag (https://github.com/RSuter/NSwag), and if no information is available, file a ticket with them for further support.

    • jsrat10's avatar
      jsrat10
      New Contributor
      6 years ago

      Swagger UI for API documentation

      • RonRatovsky's avatar
        RonRatovsky
        Staff
        6 years ago

        In that case, either don't deploy Swagger UI as part of your overall deployment, or if it's embedded in your code, configure it such it is is not hosted. The way to do that would vary depending on the framework you use, but eventually, Swagger UI is a collection of HTML/CSS/JS files that are statically exposed.