Is there a way to group all CRUD operations as ANY method in swagger 2?
I've looked at their docs here and here and it doesn't look like there is. They allow grouping with tags only. I'm using swagger in the body of my CloudFormation template "Type": "AWS::ApiGateway::RestApi" to provision a resource URL that takes all CRUD operations which in AWS that will be ANY.
Related
I am currently looking into adding Swagger to an API that I work on. I found rswag, but from what I can tell, I would have to manually write specs for every endpoint in my API. This API has hundreds of endpoints, so this isn't very feasible.
Django REST Framework has SchemaGenerator which can generate an OpenAPI schema, either as a static file to commit and edit as you see fit or a dynamic endpoint which can be consumed by Swagger UI. Is there any equivalent for Ruby on Rails?
As a side note, I am also using jsonapi-resources. I'd be open to tools that are specific to JSON API.
We use swagger in our project and while testing endpoints I need to authenticate in Swagger page (https://localhost:5001/api/index.html). As far as I remember, there was a way to copy the jwt of the current session and paste it to request header, etc. But I have not succeeded with this approach. Is there a proper way e.g. using Swagger Inspector as mentioned on How to Perform a Basic API Test In 3 Steps? Or a smarter way?
I'm using Swagger w/ AWS API Gateway. In order to fully support CORS, I have several OPTIONS methods in my swagger file; they exist only to tell API Gateway to return CORS headers so that preflight requests from my Angular app succeed.
However, when I use Swagger codegen to generate the API, all of those OPTIONS methods come across in my service as real methods. I don't want this to be the case.
How can I tell Swagger Code Gen to skip over certain, specific methods; for instance, putting a tag on the OPTIONS methods so that Swagger CodeGen doesn't generate code for those particular HTTP verbs?
Is it possible to get the Swagger for an individual endpoint from Swashbuckle? I would like to be able to build individual Swagger documents from each endpoint in my API solution, rather than including all operations in all endpoints.
In my API documentation, I would like to define the security necessary for each API endpoint. The project has defined roles and permissions that determine which users can access the APIs. What is the best way in Swagger to document this information? Is there a best practice or recommendation on how to show this detail?
This what I tried out using securityDefinitions and a self-defined variable for the roles, but that information (x-role-names) didn't get copied over into the documentation when I ran it through swagger2markup or using swagger-ui.
"securityDefinitions": {
"baseUserSecurity": {
"type": "basic",
"x-role-names": "test"
}
}
What's the best way to document the role and permission information per endpoint?
If your API uses oAuth authentication, you can use scopes for this. There is no standard way to represent roles in Swagger/OpenApi against basic authentication, so you are left using vendor-extensions (which the tools such as Swagger-UI or swagger2markup have no way of interpreting, as you have found), or including the information as text in summary or description properties.
You could define multiple securityDefinitions all of type basic and use one per role but this is a bit of a hack.
See also this issue https://github.com/OAI/OpenAPI-Specification/issues/1366 for a proposal to widen the use of scopes to other security schemes.