Core: [RFC] Ability to disable entrypoint /api/docs

Created on 18 Dec 2017  路  9Comments  路  Source: api-platform/core

Problem

  • I don't want the documentation on /api/docs in production environment
  • I don't want either the documentation endpoint to transform into api entry point

Partial solution

  1. If I don't want documentation on the api entry point, then I should disable format HTML in production environment (cool)
  2. The documentation is replaced by jsonld list of accessible endpoints

I don't want that.

Final suggestion of fix

Add a new option that definitely disable this page and replace it by a 404 error.

_Please tell me what do you think about and I can handle the PR about._

picture Nek-

Most helpful comment

Add a new option that definitely disable this page and replace it by a 404 error.

It will not be a valid Hydra API (then, client-side tools will not work anymore). I suggest to add a proper authentication layer instead of disabling the entrypoint.

picture dunglas on 18 Dec 2017
👍2

All 9 comments

For Swagger UI, it's already possible:

# app/config/config_prod.yml
api_platform:
    enable_swagger_ui: false
dunglas picture dunglas on 18 Dec 2017

Add a new option that definitely disable this page and replace it by a 404 error.

It will not be a valid Hydra API (then, client-side tools will not work anymore). I suggest to add a proper authentication layer instead of disabling the entrypoint.

dunglas picture dunglas on 18 Dec 2017
👍2

enable_swagger_ui: false does not disable the entrypoint.

You mean allowing only super-admin users to see the list of entrypoint? In that case the entrypoint will still not be available for tools (so what's the win here?).

Actually in my case we don't really care because the only client (for now) is the frontend of the app. I assume this may be the case for many people.

_Hydra provide features. Shouldn't be able to enable/disable features ?_

Nek- picture Nek- on 18 Dec 2017

You mean allowing only super-admin users to see the list of entrypoint? In that case the entrypoint will still not be available for tools (so what's the win here?).

Tools can authenticate.

But why not an option to disable the entrypoint and the docs:

api_platform:
    entrypoint: false
    docs: false
dunglas picture dunglas on 18 Dec 2017

Tools can authenticate but it's about not showing endpoints to everybody. So only super-admin authentication would make it work.

For the option, that's what the issue is about :) .

Add a new option that definitely disable this page and replace it by a 404 error.

Nek- picture Nek- on 18 Dec 2017

Indeed @Nek- feel free to contribute to add these options :).

soyuka picture soyuka on 18 Dec 2017
👍1

Related to https://github.com/api-platform/core/pull/1731

Nek- picture Nek- on 19 Mar 2018

\o/

Nek- picture Nek- on 5 Apr 2018

Is it possible to disable all docs except the swagger html version?

jsonld has a link header which comes back whenever docs is enabled. However, I only want docs for html.

trsteel88 picture trsteel88 on 21 Nov 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

soyuka picture soyuka  路  3Comments
kate-kate picture kate-kate  路  3Comments
vViktorPL picture vViktorPL  路  3Comments
ghost picture ghost  路  3Comments
rockyweng picture rockyweng  路  3Comments