Provided by: libswagger2-perl_0.73-1_all bug


       Swagger2::Guides::ProtectedApi - Protected API Guide


       It is possible to protect your API: You can either use a "Custom route" or an "Around
       action hook". Both can serve the same purpose, but the around action hook can be
       customized for every API resource.


   Around action hook
       The "x-mojo-around-action" value is optional, but can hold the name of a method to call,
       which wraps around the autogenerated action which does input and output validation. This
       means that any data sent to the server is not yet converted into $input to your action.

       Here is an example method which match the "x-mojo-around-action" from "Swagger
       specification", "MyApp::authenticate_api_request":

         package MyApp;

         sub authenticate_api_request {
           my ($next, $c, $action_spec) = @_;

           # Go to the action if the Authorization header is valid
           return $next->($c) if $c->req->headers->authorization eq "s3cret!";

           # ...or render an error if not
           return $c->render_swagger(
             {errors => [{message => "Invalid authorization key", path => "/"}]},

       "x-mojo-around-action" is also inherited from most levels, meaning that you define it
       globally for your whole API if you like:

           "x-mojo-around-action": "MyApp::protect_any_resource",
           "paths": {
             "/pets": {
               "x-mojo-around-action": "MyApp::protect_any_method_under_foo",
               "get": {
                 "x-mojo-around-action": "MyApp::protect_just_this_resource"

   Custom route
         use Mojolicious::Lite;

         my $route = app->routes->under->to(
           cb => sub {
             my $c = shift;
             return 1 if $c->param('secret');
             return $c->render(json => {error => "Not authenticated"}, status => 401);

         plugin Swagger2 => {
           route => $route,
           url   => "data://api.json",

         @@ api.json
         {"swagger":"2.0", ...}


       Jan Henning Thorsen - ""