Versioning WebApi and documenting version with Swagger

Versioning in WebApi

Note: This post draws alot of points from https://www.troyhunt.com/your-api-versioning-is-wrong-which-is/ – but is more about implementation and documentation through swagger.
So please go read Troy’s post and then come back :).
There are a couple of ways of versioning a restful api
among them are:
1. Url versioning e.g. GET http://example.com/api/v1/cars
2. Request-Header e.g. GET http://example.com/api/cars — Header: api-version: 1
There are pros and cons in both regards, Troy gets around them quite nicely.
Time to code!

Url Versioning

Easy – simply use either the RoutePrefix- or RouteAttribute

Read more about the Routing-Attribute here

Request-Header

Drawing from Troy’s post
We create a new attribute which uses a custom routing constraint

** Usage **

Effectively matching routes based on the “api-version” header.

Swagger

When using swashbuckle (swagger implementation for .Net).
It knows about the default Route- and RoutePrefixAttribute, so Url Versioning is taken care of, out of the box.
But Header versioning is not.
Fortunately, it’s quite easy to implement an OperationFilter that adds the header as a parameter to the endpoints in question.
This implementation uses a list of versions and the endpoints relativepaths to know when to add the parameter and when not to.


How would you implement the OperationFilter?

How to use the autogenerated swagger client

A detailed post on how to use an autogenerated swagger client

This blogpost will focus on the generated C# client.
To get started you basically just need 1 thing.

  1. A Swagger.Json file

Creating the client

If you already have the client you can skip this part
So you have created an API and added Swagger to it or you have been given a swagger.json file or someone else has created a swagger enable API or any combination of the above.
Now you want to create a client for, thankfully http://editor.swagger.io

Can generate a client for you.
Get your swagger.json file (if using swashbuckle the default url for the file is {your api domain}/swagger/docs/v1)
Go the http://editor.swagger.io

swaggerpaste
and paste the swagger.json file into the modal that pops up.
Note:
The editor should notify you of any errors in the schema
For this article I have used the swagger.json from the petstore example (any valid swagger will do).
If no errors arise, you are ready to generate the client.
swaggergenerateclient
Once the zip file is done downloading you should unzip and compile it using the Compile.bat file, located inside the folder.
Once compiled you can find the client and it’s dependencies inside the /bin folder.
Then just add the reference to a new project.
I will be using a basic Console Application.


Using the client

Note: The generated client has 2 dependencies namely; Newtonsoft.Json and RestSharp, these should be referenced through Nuget instead of using the ones that come with the client.
I will provide a basic run-through of how to use the client with different types of authentication, and how to use the generated client.
2 things to note about the client.

  1. All endpoints for the are located in the IO.Swagger.Api namespace
  2. All configuration options for the httpclient is located in the IO.Swagger.Client namespace
    This is where we will provide:

* Authentication
* Default Headers
* UserAgent
* etc.
3. All response models are location in the IO.Swagger.Model namespace
I will start with the configuration as this needs to be out of the way to call the API.

Client Configuration

Authentication:
The examples given are general examples and are not related to the petstore client (apart from the api naming).
I will go through 2 types of Authentication

  1. Basic Authentication
  2. APIKey authentication

Basic Authentication in the generated client is very straightforward

The above example will use the Authorization Header as transport with whatever scheme is defined in the swagger.json file.
Using an APIKey is almost as easy as Basic Authentication:
There are 2 configuration options for apiKey ApiKeyPrefix and ApiKey.
They are both directly related to the header that will be used as transport for the token.

In the above example we are using the Authorization Header as transport and we are using the Bearer Scheme (ApiKeyPrefix)
The sent header will look like the following: Authorization: Bearer {Some token value}

Endpoints

Using the endpoints is almost insanely easy. Every API endpoint is wrapped in a nice easy to use method, with input and output models.
The petstore API uses an api_key header with the value of “special-key” for authentication.
apikeyauth
The code for accessing the store inventory looks as the following

which generates the following output
clientoutput
The code for getting all pets with a particular status (to show the use of output models)

which generates the following output (as of this writing)
Petnames

End

This concludes the post, you should find that using the generated API is pretty straightforward and easy.

Throttling actions in WebApi using AttributeFilter

I recently had to come up with a solution to throttle an action in an API i’ve written.
First thing I did was to see what others had used (No reason to invent the wheel right?).
I came across this stackoverflow answer – which is basically what I will use in this blog post (mostly for a reminder to myself I guess).
Full credits go to Jarrod Dixon

The Attribute

The Annotation

Since it’s an attribute, we just annote it to an action
The attribute takes a unique name, amount of seconds and the message to return.
If the action is run more often than allowed, the action will return 409 - conflict

Remove 'Try it out!' buttons from Swagger-ui

This is a quick way of removing the ‘try it out’ buttons from specific operation types, when using Swagger-ui for documentation

This will be a short one.
When using Swashbuckle to create documentation, you might want to remove the Try it out buttons, maybe all of them, or maybe just the ones on Put on Post operations
Well I’ve created a small script that is injected into swagger-ui through the SwaggerConfig.cs
The following script will remove the TryItOut buttons from all Put and Post operations.

The script is injected through the SwaggerConfig.cs like so

Remember that the .js file needs to be an Embedded Resource else it won’t work.