Skip to main content

Authentication for viewing API specifications

Authenticate access to API specification with API keys

E
Written by Erkka Honkavaara
Updated over a year ago

Starting from Frends 5.2, you can set the API specification to require an API key when viewing in the Swagger UI or downloading the JSON file. 

To set it up, you first need to create the API key Ruleset that allows access to the "docs.json" for the API specification. To do this, go to the API keys page and create a new Ruleset.

Set the new Ruleset to allow GET requests to the API spec path. It should be "/api/docs" +  base path + "/docs.json", e.g. "/api/docs/api/insurancedata/v1/docs.json". (Or, if the agent is still on 5.2.1 or 5.2.2, just "/api/insurancedata/v1/docs.json")

After saving the new Ruleset, you can create API keys using it per Environment. 

To set the API specification to require API key authentication, to to the API management page and open the API specification in the Agent group you want to turn the setting on. Then click on the lock button next to the "Swagger UI" button.

After this setting has been enabled, any attempt to access the swagger UI or download the JSON will require a valid API key. The API specification will also not be shown in the main specification listing on the Agent, so it can only be accessed by knowing the direct URI.

Did this answer your question?