Blog

Securely Sharing Your Swagger API Docs with DreamFactory

Written by Terence Bennett | July 6, 2018

A common use case is securely sharing your API docs in DreamFactory with other users who aren't DreamFactory admins. You might need to share specific API endpoints with partners, customers, or other developers. This short tutorial demonstrates how to set up role-based access control to specific API endpoints and easily share a secure link to DreamFactory's live Swagger API docs. Let's get started!

Step One: Set up a role. 



The first step is to set up a role for the people who need secure access to your API docs. For example, let's say we have a partner whose developers need access to several APIs in DreamFactory to develop an application. Simply set up a role for this partner in the 'Roles' tab.

Step Two: Set up API permissions for the role.

Next you need to expicitly grant API access permissions for the role you just set up. You might have dozens or hundreds of APIs you could share, but say you only want to share several APIs with this particular partner, specifically the api_docs service (make sure to always allow access to api_docs), twilio, cassandra, and a db service. For a particular service, you can specify specific endpoints and HTTP verb access (e.g., read-only access). Once you've specified API permissions, make sure to save the role.

Step Three: Set up users for the role.

Once you've created the role and specified API permissions, you need to create users for the role. You can either add users in the 'Users' tab of the DreamFactory Admin Console or have users self-register in your application via DreamFactory's built-in 'User' API. If you're setting up users manually in the Admin Console, make sure to select the correct role from step one for the 'api_docs' application.

Step Four: Users securely access your API docs.

Once users are created, they can log in and view the API docs for the specific APIs you granted in step two. They simply go to the DreamFactory log in page, enter their DreamFactory username and password, and click to launch the API docs.

The API docs only display the API endpoints and HTTP verb permissions that you granted for their role in step two. The URL for the API docs is password protected, so only users who log in with the proper role permissions can access the API docs.

That's all there is to it! If you have questions or feedback, please leave a comment or head over to the DreamFactory community forum. If you're new to DreamFactory, sign up for a free developer sandbox here.