Viewing REST API by using the Swagger user interface
You can access the Swagger user interface to view and test any RESTful APIs that are annotated with the supported annotations.
Important:
- For security reasons, Swagger should not be exposed in your live production environment.
You can restrict it from being exposed in the following ways:
- If the REST API ports are not required to be exposed externally, ensure that they are blocked by
your firewall rules. These ports include
8006
, and3738
. - If you need to expose these ports:
- Disable the REST Discovery API for the WebSphere Commerce Server. For more information, see Enabling and disabling the REST Discovery API.
- Ensure that you configure your web server to block access to the following swagger endpoints:
- https://hostname:3738/search/resources/swagger
- If the REST API ports are not required to be exposed externally, ensure that they are blocked by
your firewall rules. These ports include
- The Swagger UI is provided to you as-is. It contains the WebSphere Commerce REST API and other information that is related to the Swagger backend. Customizing the Swagger UI, for example, to display custom resource handlers, annotations, or extra data is not supported.
Procedure
- Start the WebSphere Commerce test server.
-
Log in to your starter store as a Site Administrator.
Note: Logging in to the store sets up the security tokens so that you can make REST calls from Swagger. Although you can still view the REST resources in Swagger, failing to log in to the store with the appropriate permissions prevents you from running any REST calls from Swagger.
-
Access the Swagger UI by using a web browser.