Home > Spring > Spring Boot > Hide an End-points from Swagger Documentation in Spring Boot REST API

Hide an End-points from Swagger Documentation in Spring Boot REST API

In this article, we will learn how to hide any end-points or entire controller for swagger documentation. While integrating Swagger with our Spring Boot REST API application we often require to hide some of the endpoints from the end-user, sometimes an entire Class of implementation is to be hidden from the end-user because these are some private types of endpoints. To achieve this Springfox implementation of Swagger has provided some annotations which we learn step by step.

  1. Using @ApiIgnore

This annotation we can use at Method as well as Controller level. This annotation when applied hides the end-point from the end-user.

Hiding single endpoint using @ApiIgnore

    @ApiIgnore
    @GetMapping(path = "/get-by-id/{id}")
    public Product getById(@PathVariable Integer id, Model model){
        Product product = productService.getProductById(id);
        return product;
    }

Hiding All the EndPoints of the Controller Class using @ApiIgnore

@ApiIgnore
@RestController
@RequestMapping("/product")
public class ProductController {
    @Autowired
    private ProductService productService;
    
    @ApiOperation(value = "Search a product with an ID",response = Product.class)
    @ApiResponses(value = {
            @ApiResponse(code = 200, message = "Successfully retrieved the product"),
            @ApiResponse(code = 401, message = "You are not authorized to view the resource"),
            @ApiResponse(code = 403, message = "Accessing the resource you were trying to reach is forbidden"),
            @ApiResponse(code = 404, message = "The resource you were trying to reach is not found")
    }
    )
    @GetMapping(path = "/get-by-id/{id}")
    public Product getById(@PathVariable Integer id, Model model){
        Product product = productService.getProductById(id);
        return product;
    }
}

2. Using @ApiOperation

This annotation we can use only to hide the particular endpoint of the Controller Class. Suppose in our ProductController class we want to hide /get-by-id/ endpoint from the end-user. We will set the hidden attribute of the @ApiOperation annotation to true. By this, that particular API will be hidden from the Swagger Documentation but the rest of the APIs will be exposed to the end-user.

@RestController
@RequestMapping("/product")
@Api(tags={"Online Store Controller"}, description="Operations pertaining to products in Online Store")
public class ProductController {
    
    @Autowired
    private ProductService productService;

    @ApiOperation(value = "Search a product with an ID", hidden=true)
    @ApiResponses(value = {
            @ApiResponse(code = 200, message = "Successfully retrieved the product"),
            @ApiResponse(code = 401, message = "You are not authorized to view the resource"),
            @ApiResponse(code = 403, message = "Accessing the resource you were trying to reach is forbidden"),
            @ApiResponse(code = 404, message = "The resource you were trying to reach is not found")
    }
    )
    @GetMapping(path = "/get-by-id/{id}")
    public Product getById(@PathVariable Integer id, Model model){
        Product product = productService.getProductById(id);
        return product;
    }

    @ApiOperation(value = "Add a product")
    @ApiResponses(value = {
            @ApiResponse(code = 200, message = "Successfully added a Product"),
            @ApiResponse(code = 401, message = "You are not authorized to view the resource"),
            @ApiResponse(code = 403, message = "Accessing the resource you were trying to reach is forbidden"),
            @ApiResponse(code = 404, message = "The resource you were trying to reach is not found")
    }
    )
    @PostMapping(path = "/create")
    public ResponseEntity createProduct(@RequestBody Product product){
        productService.saveProduct(product);
        return new ResponseEntity("Product saved successfully", HttpStatus.OK);
    }

    ...
}

3. Using @Hidden

This annotation also we can use at Method as well as Controller level. This annotation when applied hides the end-point from the end-user.

Hiding single endpoint using @Hidden

    @Hidden
    @GetMapping(path = "/get-by-id/{id}")
    public Product getById(@PathVariable Integer id, Model model){
        Product product = productService.getProductById(id);
        return product;
    }

Hiding All the EndPoints of the Controller Class using @Hidden

@Hidden
@RestController
@RequestMapping("/product")
public class ProductController {
    @Autowired
    private ProductService productService;
    
    @ApiOperation(value = "Search a product with an ID",response = Product.class)
    @ApiResponses(value = {
            @ApiResponse(code = 200, message = "Successfully retrieved the product"),
            @ApiResponse(code = 401, message = "You are not authorized to view the resource"),
            @ApiResponse(code = 403, message = "Accessing the resource you were trying to reach is forbidden"),
            @ApiResponse(code = 404, message = "The resource you were trying to reach is not found")
    }
    )
    @GetMapping(path = "/get-by-id/{id}")
    public Product getById(@PathVariable Integer id, Model model){
        Product product = productService.getProductById(id);
        return product;
    }
}

More Tutorials on Swagger –

Integrate Swagger2 with Spring Boot REST API

How to document Controller and Model class using Swagger2 in Spring Boot REST project

How to Disabled Swagger-UI in Production in Spring Boot Project