Add an authorization header to your swagger-ui with Swashbuckle

April 27, 2017July 21, 2018 mattfrear Codeasp.net-webapi, swagger

Edit July 2018: I’ve blogged a better way to do this. Add an authorization header to your swagger-ui with Swashbuckle (revisited).

Out of the box there’s no way to add an Authorization header to your API requests from swagger-ui. Fortunately (if you’re using ASP.NET), Swashbuckle 5.0 is extendable, so it’s very easy to add a new IOperationFilter to do it for us:

public class AddAuthorizationHeaderParameterOperationFilter : IOperationFilter
{
    public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription)
    {
        if (operation.parameters != null)
        {
            operation.parameters.Add(new Parameter
            {
                name = "Authorization",
                @in = "header",
                description = "access token",
                required = false,
                type = "string"
            });
        }
    }
}

Now all you need to do is register it in your EnableSwagger call:

configuration
    .EnableSwagger(c =>
    {
        c.SingleApiVersion("v1", "Commerce Services - Discounts");

        foreach (var commentFile in xmlCommentFiles)
        {
            c.IncludeXmlComments(commentFile);
        }

        c.OperationFilter<ExamplesOperationFilter>();
        c.OperationFilter<AddAuthorizationHeaderParameterOperationFilter>();
    })
    .EnableSwaggerUi(config => config.DocExpansion(DocExpansion.List));

Once that’s done it’ll give you an input field where you can paste your Authorization header. Don’t forget to add the word “bearer” if you’re using a JWT token:

Edit July 2018: I’ve blogged a better way to do this. Add an authorization header to your swagger-ui with Swashbuckle (revisited).

12 thoughts on “Add an authorization header to your swagger-ui with Swashbuckle”

Matt Parker says:

December 26, 2017 at 7:18 pm

Still works. Thanks!

Reply
Dinesh Singh Malik says:

April 1, 2018 at 10:27 am

Works with Swashbucke 5.6.0 as well

Reply
Dev says:

April 27, 2018 at 8:58 pm

Thanks for sharing. This only works for POSTs. My apis have some GETs that require a token and no other inputs, params, etc, Therefore the authorization input field does not show for this.

Reply
- mattfrear says:
  
  July 21, 2018 at 1:51 pm
  
  I’ve just blogged a better way of doing this, which should work for GETs https://mattfrear.com/2018/07/21/add-an-authorization-header-to-your-swagger-ui-with-swashbuckle-revisited/
  
  Reply
- Anonymous says:
  
  July 23, 2020 at 1:55 pm
  
  Put these lines of code.
  
  if (operation.parameters == null)
  {
  operation.parameters = new List();
  }
  
  Reply
Anonymous says:

May 2, 2018 at 8:06 am

Brilliant!

Reply
Peter Ivanov says:

May 2, 2018 at 8:06 am

Brilliant!

Reply
Anonymous says:

May 18, 2018 at 3:13 am

YES!

Reply
mattfrear says:

July 21, 2018 at 1:45 pm

I’ve blogged a better way to do this here https://mattfrear.com/2018/07/21/add-an-authorization-header-to-your-swagger-ui-with-swashbuckle-revisited/

Reply
Chris Ward says:

October 10, 2018 at 10:27 pm

How do I use this but exclude it from one or two methods?

Reply
- mattfrear says:
  
  October 11, 2018 at 1:28 pm
  
  I recommend you do it the correct way, as blogged here https://mattfrear.com/2018/07/21/add-an-authorization-header-to-your-swagger-ui-with-swashbuckle-revisited/
  
  If done that way then it will only be present for whichever of your actions have an [Authorize] attribute.
  
  Reply
Ronsy Mathew says:

June 6, 2021 at 12:48 pm

Ok I have a doubt in my scenario, I want to pass the token to all the default headers in each API the user needs to accept.

Reply