Publishing a Secured Swagger Spec

  |   Blog   |   1 Comment

Recently I had a requirement to publish a Swagger spec. My preferred method as a consumer would always be to have the JSON or YAML available to post to the Swagger Editor, because that tool offers the ability to generate code. But here the recipient just wanted to view it. So I looked at running the Swagger UI tool somewhere. Hosting via Docker was not, at this point, an option. So the download took me to the GitHub repo.

I have to admit to being a little confused by the documentation on deployment. The options just seemed to talk about embedding it in another web application, either npm or not. I was hoping for an option to just install Node.JS, build with some configuration of port etc and go. It looks like you have to build the web server component (which isn’t hard, admittedly) yourself. I think.

But the swagger-ui-dist module doesn’t need Node.JS and runs standalone. A quick test of putting it in the domino/html folder, amending the index.html to point to my spec and it was working. Very nice.

But this isn’t a Swagger spec that needs to be public access. So I tried importing the files as File Resources into an NSF. Not surprisingly, it just worked – it’s a method used for deploying JavaScript web apps by many for years, so of course it would. And with some simple configuration of the ACL, I now have a fully secured Swagger UI ready to share with only those who need to see it. This may not please the Node.JS purists, but it’s RADD and secure in a foolproof manner. Replace the Swagger spec in the design, and I have an updated version deployed with zero downtime. Need more people to see it or the revoke access? Just update the ACL. No hacks, no quirks, just standard and best of breed. Combining Domino’s strengths with modern development techniques is a compelling story.

AUTHOR - Paul Withers

Paul Withers is an IBM Lifetime Champion, has been an OpenNTF Board Member since 2013, has worked with Domino since R4.5, XPages since 2009, co-authored XPages Extension Library and was technical editor for Mastering XPages 2nd Edition. He is one of the developers on OpenNTF Domino API as well as contributor to a variety of other OpenNTF projects. For full bio, see


Post A Comment