📣 Rename to Swashbuckle.AspNetCore.Filters |
---|
This project was formerly called Swashbuckle.AspNetCore.Examples, but it has grown from there to become a grab-bag of various filters I have created (or copied) since I started used Swashbuckle in 2015. So I have renamed it. |
This library contains a bunch of filters for Swashbuckle.AspNetCore.
- Add example requests https://mattfrear.com/2016/01/25/generating-swagger-example-requests-with-swashbuckle/
- Add example responses https://mattfrear.com/2015/04/21/generating-swagger-example-responses-with-swashbuckle/
- Add security info to each operation that has an
[Authorize]
endpoint, allowing you to send OAuth2 bearer tokens via Swagger-UI https://mattfrear.com/2018/07/21/add-an-authorization-header-to-your-swagger-ui-with-swashbuckle-revisited/ - Add any old request header to all requests
- Add any old response header to all responses
- Add an indicator to each endpoint to show if it has an
[Authorize]
header (and for which policies and roles)
- Where to get it
- What's included
- Installation
- How to use
- Pascal case or Camel case?
- Render Enums as strings
- Advanced: Examples with Dependency injection
From NuGet.
Version of Swashbuckle you're using | You'll want this version of this package |
---|---|
Swashbuckle 1.0 - 5.5 | https://www.nuget.org/packages/Swashbuckle.Examples/ |
Swashbuckle.AspNetCore version 1.0.0 - 2.5.0 | https://www.nuget.org/packages/Swashbuckle.AspNetCore.Examples/ |
Swashbuckle.AspNetCore version 3.0.0 | https://www.nuget.org/packages/Swashbuckle.AspNetCore.Filters/ |
Swashbuckle.AspNetCore version 4.0.0 and above | https://www.nuget.org/packages/Swashbuckle.AspNetCore.Filters/ Version >= 4.5.1 |
Swashbuckle.AspNetCore version 5.0.0-beta and above | https://www.nuget.org/packages/Swashbuckle.AspNetCore.Filters/ Version >= 5.0.0-beta |
Populate swagger's paths.path.[http-verb].requestBody.content.[content-type].example
with whatever object you like.
This is great for manually testing and demoing your API as it will prepopulate the request with some useful data, so that when you click the example request in order to populate the form, instead of getting an autogenerated request like this:
You’ll get your desired example, with useful valid data, like this:
You can see the example output in the underlying swagger.json file, which you can get to by starting your solution and navigating to swagger/v1/swagger.json
As of version 5.0.0-beta, XML examples are also supported.
Allows you to add custom data to the example response shown in Swagger. So instead of seeing the default boring data like so:
You'll see some more realistic data (or whatever you want):
As of version 5.0.0-beta, XML examples are also supported.
Adds security information to each operation so that you can send an Authorization header to your API. Useful for API endpoints that have JWT token authentication. e.g.
Adds any string to your request headers for all requests. I use this for adding a correlationId to all requests.
Allows you to specify response headers for any operation
If you use the [Authorize]
attribute to your controller or to any actions, then (Auth) is added to the action's summary,
along with any specified policies or roles.
-
Install the NuGet package
-
In the ConfigureServices method of Startup.cs, inside your
AddSwaggerGen
call, enable whichever filters you need
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddMvc();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info { Title = "My API", Version = "v1" });
// [SwaggerRequestExample] & [SwaggerResponseExample]
// version < 3.0 like this: c.OperationFilter<ExamplesOperationFilter>();
// version 3.0 like this: c.AddSwaggerExamples(services.BuildServiceProvider());
// version > 4.0 like this:
c.ExampleFilters();
c.OperationFilter<AddHeaderOperationFilter>("correlationId", "Correlation Id for the request", false); // adds any string you like to the request headers - in this case, a correlation id
c.OperationFilter<AddResponseHeadersFilter>(); // [SwaggerResponseHeader]
var filePath = Path.Combine(AppContext.BaseDirectory, "WebApi.xml");
c.IncludeXmlComments(filePath); // standard Swashbuckle functionality, this needs to be before c.OperationFilter<AppendAuthorizeToSummaryOperationFilter>()
c.OperationFilter<AppendAuthorizeToSummaryOperationFilter>(); // Adds "(Auth)" to the summary so that you can see which endpoints have Authorization
// or use the generic method, e.g. c.OperationFilter<AppendAuthorizeToSummaryOperationFilter<MyCustomAttribute>>();
// add Security information to each operation for OAuth2
c.OperationFilter<SecurityRequirementsOperationFilter>();
// or use the generic method, e.g. c.OperationFilter<SecurityRequirementsOperationFilter<MyCustomAttribute>>();
// if you're using the SecurityRequirementsOperationFilter, you also need to tell Swashbuckle you're using OAuth2
c.AddSecurityDefinition("oauth2", new ApiKeyScheme
{
Description = "Standard Authorization header using the Bearer scheme. Example: \"bearer {token}\"",
In = "header",
Name = "Authorization",
Type = "apiKey"
});
});
}
- If you want to use the Request and Response example filters (and have called
c.ExampleFilters()
above), then you MUST also call either
services.AddSwaggerExamplesFromAssemblyOf<MyExample>();
This will register your examples with the ServiceProvider.
Version 4.0 and above supports automatic annotation.
Let's say you have a controller action which takes some input from the body, in this case a DeliveryOptionsSearchModel
:
[HttpPost]
public async Task<IHttpActionResult> DeliveryOptionsForAddress([FromBody]DeliveryOptionsSearchModel search)
Then all you need to do is implement IExamplesProvider<DeliveryOptionsSearchModel>
:
public class DeliveryOptionsSearchModelExample : IExamplesProvider<DeliveryOptionsSearchModel>
{
public DeliveryOptionsSearchModel GetExamples()
{
return new DeliveryOptionsSearchModel
{
Lang = "en-GB",
Currency = "GBP",
Address = new AddressModel
{
Address1 = "1 Gwalior Road",
Locality = "London",
Country = "GB",
PostalCode = "SW15 1NP"
}
};
}
And that's it.
Alternatively, if you want to be more explicit, you can use the SwaggerRequestExample
attribute. This is how it was done in versions 1.0 - 3.0. Any manual annotations will override automatic annotations.
Decorate your controller methods with the included SwaggerRequestExample
attribute:
[HttpPost]
[SwaggerRequestExample(typeof(DeliveryOptionsSearchModel), typeof(DeliveryOptionsSearchModelExample))]
public async Task<IHttpActionResult> DeliveryOptionsForAddress([FromBody]DeliveryOptionsSearchModel search)
Now implement a IExamplesProvider<T>
, in this case via a DeliveryOptionsSearchModelExample which will generate the example data. It should return the type you specified when you specified the [SwaggerRequestExample]
.
public class DeliveryOptionsSearchModelExample : IExamplesProvider<DeliveryOptionsSearchModel>
{
public DeliveryOptionsSearchModel GetExamples()
{
return new DeliveryOptionsSearchModel
{
Lang = "en-GB",
Currency = "GBP",
Address = new AddressModel
{
Address1 = "1 Gwalior Road",
Locality = "London",
Country = "GB",
PostalCode = "SW15 1NP"
},
Items = new[]
{
new ItemModel
{
ItemId = "ABCD",
ItemType = ItemType.Product,
Price = 20,
Quantity = 1,
RestrictedCountries = new[] { "US" }
}
}
};
}
In the Swagger document, this will populate the operation's requestBody content type example property. https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#mediaTypeObject
Here's what the OpenApi 3.0 spec says about it:
Field Name | Type | Description |
---|---|---|
example | Any | Example of the media type. The example object SHOULD be in the correct format as specified by the media type. The example object is mutually exclusive of the examples object. Furthermore, if referencing a schema which contains an example, the example value SHALL override the example provided by the schema. |
As of version 2.4, List<T>
request examples are supported. For any List<T>
in the request, you may define a SwaggerRequestExample for T
.
Your IExamplesProvider should only return a single T
and not a List<T>
.
Working example:
[SwaggerRequestExample(typeof(PeopleRequest), typeof(ListPeopleRequestExample), jsonConverter: typeof(StringEnumConverter))]
public IEnumerable<PersonResponse> GetPersonList([FromBody]List<PeopleRequest> peopleRequest)
{
// and then:
public class ListPeopleRequestExample : IExamplesProvider<PeopleRequest>
{
public PeopleRequest GetExamples()
{
return new PeopleRequest { Title = Title.Mr, Age = 24, FirstName = "Dave in a list", Income = null };
}
}
Version 4.0 supports automatic annotation.
If it's obvious which type your action returns, then no ProducesResponseType
or SwaggerResponse
attributes need to be specified, e.g.
public async Task<ActionResult<IEnumerable<Country>>> Get(string lang)
// or public ActionResult<IEnumerable<Country>> Get(string lang)
// or public IEnumerable<Country> Get(string lang)
Or, you can optionally decorate your methods (or controller) with either the ProducesResponseType
or the SwaggerResponse
attribute:
[SwaggerResponse(200, "The list of countries", typeof(IEnumerable<Country>))]
// or, like this [ProducesResponseType(typeof(IEnumerable<Country>), 200)]
[SwaggerResponse(400, type: typeof(IEnumerable<ErrorResource>))]
public async Task<HttpResponseMessage> Get(string lang)
Now you’ll need to add an Examples class, which will implement IExamplesProvider<T>
to generate the example data for the Response:
public class CountryExamples : IExamplesProvider<IEnumerable<Country>>
{
public IEnumerable<Country> GetExamples()
{
return new List<Country>
{
new Country { Code = "AA", Name = "Test Country" },
new Country { Code = "BB", Name = "And another" }
};
}
}
Alternatively, if you want to be more explicit, you can use the SwaggerResponseExample
attribute. This is how it was done in versions 1.0 - 3.0. Any manual annotations will override automatic annotations.
Decorate your methods with the new SwaggerResponseExample attribute:
[SwaggerResponse(200, "The list of countries", typeof(IEnumerable<Country>))]
// or, like this [ProducesResponseType(typeof(IEnumerable<Country>), 200)]
[SwaggerResponseExample(200, typeof(CountryExamples))]
[SwaggerResponse(400, type: typeof(IEnumerable<ErrorResource>))]
public async Task<HttpResponseMessage> Get(string lang)
For manual annotation implement IExamplesProvider<T>
to generate the example data
public class CountryExamples : IExamplesProvider<List<Country>>
{
public List<Country> GetExamples()
{
return new List<Country>
{
new Country { Code = "AA", Name = "Test Country" },
new Country { Code = "BB", Name = "And another" }
};
}
}
In the Swagger document, this will populate the operation's responses content example object. The spec for this says:
Field Pattern | Type | Description |
---|---|---|
example | Any | Example of the media type. The example object SHOULD be in the correct format as specified by the media type. The example object is mutually exclusive of the examples object. Furthermore, if referencing a schema which contains an example, the example value SHALL override the example provided by the schema. |
Example response for application/json mimetype of a Pet data type:
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Pet"
},
"example": "{\r\n \"name\": \"Lassie\",\r\n \"type\": \"Dog\",\r\n \"color\": \"Black\",\r\n \"gender\": \"Femail\",\r\n \"breed\": \"Collie\" \r\n}"
},
- Request examples are not shown for querystring parameters (i.e. HTTP GET requests, or for querystring parameters for POST, PUT etc methods). Request examples will only be shown in request body. This is as per the OpenApi 3.0 spec.
First you need to already have OAuth2 configured correctly, and some of your controllers and actions locked down with the [Authorize]
attribute.
Then you need to tell Swagger that you're using OAuth2, as shown in the Installation section above:
services.AddSwaggerGen(c =>
{
c.AddSecurityDefinition("oauth2", new ApiKeyScheme
{
Description = "Standard Authorization header using the Bearer scheme. Example: \"bearer {token}\"",
In = "header",
Name = "Authorization",
Type = "apiKey"
});
This adds a securityDefinition to the bottom of the Swagger document, which Swagger-UI renders as an "Authorize" button, which when clicked brings up the Authorize dialog box shown above.
Then, when you enable the SecurityRequirementsOperationFilter:
// add Security information to each operation for OAuth2
c.OperationFilter<SecurityRequirementsOperationFilter>();
It adds a security property to each operation, which renders in Swagger-UI as a padlock next to the operation:
By default, the SecurityRequirementsOperationFilter also adds 401 and 403 to each operation that has [Authorize]
on it:
If you don't want to do that you can pass false when you configure it:
c.OperationFilter<SecurityRequirementsOperationFilter>(false);
When you enable the filter in your Startup.cs
, as per the Installation section above, you can specify the name (string)
and description (string) of the new header parameter, as well as whether it is required or not (bool).
This will add the input box to every controller action.
Specify one or more [SwaggerResponseHeader]
attributes on your controller action.
You can specify the status code (int), header name (string), type (string), description (string) and format (string).
See the OpenAPI Specification spec for information on DataTypes: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#dataTypes
[SwaggerResponseHeader(StatusCodes.Status200OK, "Location", "string", "Location of the newly created resource")]
[SwaggerResponseHeader(200, "ETag", "string", "An ETag of the resource")]
[SwaggerResponseHeader(429, "Retry-After", "integer", "Indicates how long to wait before making a new request.", "int32")]
[SwaggerResponseHeader(new int[] { 200, 401, 403, 404 }, "CustomHeader", "string", "A custom header")]
public IHttpActionResult GetPerson(PersonRequest personRequest)
{
Specify [Authorization]
headers on either a Controller:
[Authorize]
public class ValuesController : Controller
or on an action:
[Authorize("Customer")]
public PersonResponse GetPerson([FromBody]PersonRequest personRequest)
You can optionally specify policies [Authorize("Customer")]
or roles [Authorize(Roles = "Customer")]
and they will be added to the Summary too.
The default is camelCase. If you want PascalCase you can pass in a DefaultContractResolver
like so:
[SwaggerResponseExample(200, typeof(PersonResponseExample), typeof(DefaultContractResolver))]
By default enum
s will output their integer values. If you want to output strings you can pass in a StringEnumConverter
like so:
[SwaggerResponseExample(200, typeof(PersonResponseExample), jsonConverter: typeof(StringEnumConverter))]
If for some reason you need to have examples with DI (for example, to read them from a database), you can use constructor injection:
internal class PersonRequestExample : IExamplesProvider
{
private readonly IHostingEnvironment _env;
public PersonRequestExample(IHostingEnvironment env)
{
_env = env;
}
public object GetExamples()
{
return new PersonRequest { Age = 24, FirstName = _env.IsDevelopment() ? "Development" : "Production", Income = null };
}
}
Then, you should register the Swagger examples via the FromAssemblyOf<T>
extension method.
services.AddSwaggerExamplesFromAssemblyOf<PersonRequestExample>();
If you are using services.AddSwaggerExamples()
, then you would have to manually register your IExamplesProvider
class:
services.AddSingleton<PersonRequestExample>();
The FromAssemblyOf<T>
extension method is the recommended approach.