Customizing Swagger UI: Removing the Django Login Button
settings.py
SWAGGER_SETTINGS = {
'DEFAULT_GENERATOR_CLASS': 'drf_yasg.generators.OpenAPISchemaGenerator',
'USE_SESSION_AUTH': False, # Disable session authentication if desired
}
To customize the Swagger UI to use JWT tokens instead of Basic Auth,
you need to modify the Swagger configuration to include JWT authentication
settings.py
SWAGGER_SETTINGS = {
'DEFAULT_INFO': 'path.to.your_project.urls.api_info',
'SECURITY_DEFINITIONS': {
'Bearer': {
'type': 'apiKey',
'name': 'Authorization',
'in': 'header'
}
},
'USE_SESSION_AUTH': False,
}
Example Configuration
Example
SWAGGER_SETTINGS = {
'DEFAULT_GENERATOR_CLASS': 'drf_yasg.generators.OpenAPISchemaGenerator',
'DEFAULT_AUTO_SCHEMA_CLASS': 'drf_yasg.inspectors.SwaggerAutoSchema',
'USE_SESSION_AUTH': False,
'SECURITY_DEFINITIONS': {
'Bearer': {
'type': 'apiKey',
'name': 'Authorization',
'in': 'header'
}
},
'DOC_EXPANSION': 'none',
'OPERATIONS_SORTER': 'alpha',
'SHOW_REQUEST_HEADERS': True,
'SHOW_EXTENSIONS': True,
'VALIDATOR_URL': None,
'PERSIST_AUTH': True,
'APIS_SORTER': 'alpha',
'TAGS_SORTER': 'alpha',
'JSON_EDITOR': True,
'SUPPORTED_SUBMIT_METHODS': [
'get', 'post', 'put', 'delete', 'patch'
],
'DEFAULT_FIELD_INSPECTORS': [
'drf_yasg.inspectors.CamelCaseJSONFilter',
'drf_yasg.inspectors.DjangoRestResponsePagination',
'drf_yasg.inspectors.DjangoRestResponseFilter',
'drf_yasg.inspectors.RestFrameworkDefaultSchema'
],
'DEFAULT_PAGINATOR_INSPECTORS': [
'drf_yasg.inspectors.DjangoRestResponsePagination',
'drf_yasg.inspectors.RestFrameworkDefaultPaginator'
],
'DEFAULT_FILTER_INSPECTORS': [
'drf_yasg.inspectors.DjangoRestResponseFilter',
'drf_yasg.inspectors.RestFrameworkDefaultFilter'
]
}
Most used swagger settings
settings.py
SWAGGER_SETTINGS = {
'DEFAULT_INFO': 'path.to.your_project.urls.api_info',
'SECURITY_DEFINITIONS': {
'Bearer': {
'type': 'apiKey',
'name': 'Authorization',
'in': 'header'
}
},
'USE_SESSION_AUTH': False,
'DOC_EXPANSION': 'none',
'OPERATIONS_SORTER': 'alpha',
'SHOW_REQUEST_HEADERS': True,
'PERSIST_AUTH': True,
'APIS_SORTER': 'alpha',
'VALIDATOR_URL': None,
'JSON_EDITOR': True,
'SUPPORTED_SUBMIT_METHODS': [
'get', 'post', 'put', 'delete', 'patch'
],
}
REST Framework Settings
Additionally, it's important to configure the Django REST framework settings to ensure proper authentication and permissions for your API:
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
}
The DEFAULT_PERMISSION_CLASSES setting with IsAuthenticated ensures that all API endpoints require user authentication by default, enhancing the security of your application by restricting access to authorized users only. This setting is essential for protecting sensitive data and functionality in your API.
Other Common Permission Classes
- AllowAny: No restrictions, accessible to all users.
- IsAdminUser: Only accessible to users with admin status.
- IsAuthenticatedOrReadOnly: Allows authenticated users to perform any request, but anonymous users can only perform read-only requests (e.g., GET).
By configuring these settings, you can ensure that your Swagger UI is both user-friendly and secure, providing a clear and interactive documentation experience for developers.