Skip to main content
All CollectionsSecurity & ComplianceFlusk
How do I fix the Public Swagger File issue flagged by Flusk?
How do I fix the Public Swagger File issue flagged by Flusk?
Updated over a month ago

An OpenAPI specification, also known as a Swagger file, is a JSON document that describes the capabilities of an API. It includes information about the API's endpoints, the parameters that can be passed to each endpoint, and the structure of the responses that the API returns.

It is most often used to communicate with other developers on how to use the API. If your business doesn't need that, then you don't need a Swagger file. By default, this Swagger specification is exposed publicly for all data and backend workflows.

It is not easy to extract valuable pieces of information from it with this JSON layout, but it is possible.

And this is not a problem by itself.

You always have to remember that obfuscating is not secure. It is not because you hide the access to your API documentation that someone will not be able to reverse engineer it. Keep in mind: the heart of the matter is in the privacy rules.

Solution

If you don’t have any use for this Swagger file, then it makes sense to hide it.

To hide it, it’s just a checkbox to uncheck under « Settings > API » :

Did this answer your question?