Configuring OpenAPI (aka: Swagger API)

I spent way too much time looking for a way to get Swagger to accept my tokens. I almost gave up on getting it to work. Once I got it to work I realized that I could've saved myself some frustrating moments by just using Postman.

So, I don't want to spend too much time on this topic only because you'll never use it in production. It's very much a convenience to have and should only be used for internal documentation.

Since I got it working I thought I would share the solution with you. In the real world you would use a client like Postman to accomplish the same. Swagger is great for internal documentation & testing but you should never expose it to the public internet.


  • https://stackoverflow.com/questions/43447688/setting-up-swagger-asp-net-core-using-the-authorization-headers-bearer
  • https://swagger.io/docs/specification/authentication/
  • https://www.thecodebuzz.com/jwt-authorization-token-swagger-open-api-asp-net-core-3-0/
  • What is Swagger: https://swagger.io/docs/specification/2-0/what-is-swagger/
  • Don't use Swagger in Production: https://security.stackexchange.com/questions/211638/swagger-on-production-apis

I finished! On to the next chapter