I've setup a Google Endpoint in front of a Google Container Engine service. The container is running Loopback, which serves the swagger UI by default at /explorer. I would like to access the UI, but of course the Google end point prevents accessing as it isn't part of the API spec.
Google has these docs, but they seem to be specific to an app engine deployment.
How can I go about exposing the swagger UI while using Google Endpoints, Google Container Engine and swagger?
Related
It seems that when we use Swagger (SpringDoc) UI for the gateway, when a request is sent through it, the request is made directly to the service and not through the gateway. For example, in this example (linked from SpringDoc documentation), the swagger ui address is 158.101.191.70 while the request is being made to 172.17.0.9.
Isn't an important point of using swagger to let API users know what APIs we have and be able to test them? Thus, shouldn't the requests be made through the gateway and not directly? Maybe, they don't even have access to the services directly. Is there a solution?
For context, I'm very new to writing services, using Azure Relay, and Swagger, but I'm on the right track.
I have legacy WCF services that I'm writing a proxy wrapper for with ASP MVC Core, then I'm using Azure Relay hybrid connection to expose them for use to avoid firewall things.
When I run my application, Swagger shows my API's and the relevant documentation:
I have created 2 hybrid relays in Azure. One that "Requires Client Authorization" and one that does not.
The code I'm using is pictured below to switch between (1) no AZ relay, (2) AZ relay with no auth, and (3) AZ relay with auth.
When I run using the Azure relay with no auth (2), I can see the API documentation:
When I run using the Azure relay with auth (3), I just get a token required.
I know how to call the API's w/a SAS token, but is it possible to somehow view/interact with the Swagger documentation??
How do I interact with the web-front of an API when the API (not documentation) itself needs to be secure?
I use AWS Lambda as a backend service to authenticate users from my ios app. When learning about Lambda I was pointed to use the Amazon API Gateway to make the data over the network go over HTTPS:// and NOT HTTP://.
Someone recently pointed out that all calls to AWS Lambda, DynamoDB, S3, and Cognito directly from my app automatically go over HTTPS://. Is this true or not?
Unfortunately the docs are not explicit on the matter, that I could find, but inspecting the source on github:
AWSService, one of the base services used by the sdk, uses https by default, and will only switch to http if the AWSServiceConfiguration particular configuration is established with the parameter useUnsafeUrl set to true.
And AWSLambdaService, even if initialised with a configuration object, appears to set the useUnsafeUrl option to NO.
So - inspection of the source suggests that all access to the service is by default https.
This is consistent with AWS SDK defaults in other languages/frameworks as well.
-- Edited to note --
I had a thought after posting this - it's possible that the advice to use API Gateway for https was based on the common practice of exposing Lambda functions as API endpoints. If you want to do that, then API Gateway gives you a way, and if you are using API Gateway, then you do need to ensure it is configured to use https.
What is not clear from your question is - from your app, are you invoking the lambda functions via the API Gateway endpoint? Or directly via the AWS SDK? If invoking directly via the AWS SDK then there is no need to use API Gateway at all.
If you are already using the API Gateway, and issuing HTTPS web requests to invoke your lambda functions, I wouldn't necessarily stop, because it gives you a nice point of abstraction and decoupling - you could completely change your backend implementation and as long as you keep the API Gateway endpoint configuration the same, your clients will still work. Alternatively, you could start to implement other clients or expose your API to 3rd party clients who aren't in a position to use AWS SDK and they will still be able to interract with your backend via standard HTTP protocols.
I've included swagger bundle in each of my dropwizard service. I was wondering if we can run swagger independently and connect to each service so that user can have a centralised view of all services through one UI.
I'm not aware of something that lets you do that at the moment with Swagger UI specifically, but you might check out DynamicApis.com. They let you host multiple swagger documents and provide some really nice additional value for your APIs as well. They take your Swagger JSON and build you your own API portal out of them. They also have native REST API integration where you can automatically sync up your API to your portal or you can manually upload them.
Here is an example portal they have up to demonstrate how multiple APIs can be hosted and how you see them.
Here is an example of what their documentation for each API looks like. Kind of like Swagger UI++.
You can have multiple swagger instances in a single DW service. The UI, however, does not allow you to point to each of them independently. It's easy enough though to modify index.html to allow the user to select the swagger definitions that you have in the deployment.
I have been playing around with the RPC package in Dart which makes it easy to add a Document Discovery service to Dart server.
After a bit of Googling I found out about the API Discovery Service https://developers.google.com/discovery/ which explained how to create client code for a given Discovery Document.
I then found Google Cloud Endpoint which looks like the server end of the a Document Discovery service. Is this true.
My real question is that I would like to use the Document Discovery service on a standard web site that is based on (say) Spring and running (say) an embedded Jetty server? Is this possible or would my application be intertwined with the App Engine Technology?
You application just needs to provide a Document Discovery service.
It shouldn't be to hard to get the information what is expected out of the source of https://pub.dartlang.org/packages/discovery_api_client_generator which is the Dart client which generates Dart client code from discovery documents. As far as I know your service doesn't even need to provide the discovery documents. The discovery_api_client_generator package can also use discovery documents stored locally but the service is of course the preferred way if you want to make it available to everyone.
I would see it as equivalent to SOAP which also allows to create client code from meta-information provided as XML.
Also the shelf_rpc package doesn't need to run on AppEngine or Managed VM. You can run it locally or on any server you want.