0
votes

So in my API, I have a few secret endpoints hidden from the documentation. This is achieved nicely using the attribute IgnoreAPI. The endpoints aren't dangerous, but I just don't want them advertised to end users.

However, I'm now starting to use Azure API Management, in which you easily configure APIs using Swagger. IgnoreAPI stops the endpoint from going in the Swagger document, and thus, stops the auto-set up from discovering IgnoreAPI attributed endpoints.

Is there a standard way of making certain endpoints invisible on Azure API Management WITHOUT using ignoreAPI? Or is there a way to force in IgnoreAPI endpoints and hide them in the Developer Portal?

2

2 Answers

1
votes

One option would be to create the "hidden" operations in a separate API that is attached to a hidden product. Currently there isn't a way to identify specific operations as hidden.

0
votes

I'm still open to suggestions, but this is the best solution I found:

If you go into the Developer Portal Template Editor, you can edit the markup for the template that shows the list of endpoints. I made a blacklist that will skip my hidden endpoints. It works across all APIs too!