Reputation: 347
Hide an api endpoint in release build
I am working on a Asp.net web api project. I recently created an end point for documentation using config.Services.GetApiExplorer();
What is the best way to hide this endpoint in production and still make it available for all other developers in my team.
One way I could think of is to register a route using
#if debug
routes.MapRoute(
"documentation",
"documentation/help",
new { controller = "apiexplorer", action
= "Index" }
);
#endif
Upvotes: 2
Views: 6432
Answers (2)
Reputation: 619
I assume that your developers still need to have access to that endpoint even on production (for sanity checks, ... . the same as dev and staging environment). If that s the case, create a new Policy and put your developers (or any other person you want to expose your endpoint to) under that policy.
[Authorize(Policy = "JustDevelopersPolicy")]
public async Task<void> PrivateAPI()
{
...
}
FYI, It might change the response by calling that endpoint, so, if an unauthorized person calls it, they get 401 instead of 404
Upvotes: 0
Reputation: 371
There is two attribute could hide an API endpoint:
[ApiExplorerSettings(IgnoreApi = true)]
[NonAction]
public async Task<void> PrivateAPI()
{
...
}
But for your case, I probably create a new attribute to check the environment and apply that attribute to your controller method. Inject the 'IHostingEnvironment' class, then use .IsDevelopment() method.
Upvotes: 8
Related Questions
- ASP.NET Core 6 - hide minimal API endpoint from swagger explorer
- Disable Controller API Endpoint For Production
- Releasing an WebAPI
- Exclude particular Web Api endpoint from the swagger UI
- How to make a .NET Web Api private to my application only
- ApiExplorer: How to Change The Default for IgnoreApi
- asp.net Core mvc hide and exclude Web Api Controller Method
- WebAPI Help Pages: disable for Production release
- Disable ApiController at runtime
- How do I hide .asmx webservice API endpoint in source code?