1

I am looking to add Swagger documentation to my REST APIs but am wondering if it makes sense to add it to all APIs or not. Most of my APIs will only be used by a UI so if I expose for instance a POST endpoint wouldn't it compromise the database with bad data? I have another set of endpoints that I use to upload static data to another 3rd party database system downstream but again I'm having concerns with data pollution. Is this even a valid concern? GETs are the only valid REST verb that I'm seeing potentially exposable.

Additionally, should I even document an endpoint which isn't planned to be used outside a very specific use case?

linuxNoob
  • 183

1 Answers1

3

Yes, in general you should just the documentation tool cover the entire API. Having exceptions means you then need to maintain all of those exceptions, and humans are prone to error.

If you’re worried about data pollution then you should actually secure your endpoints. Hiding them will not stop a dedicated attacker.

If you’re worried that specialized one-off endpoints aren’t useful, you should reconsider having weird special cases in the same API as your public endpoints.

Telastyn
  • 110,259