FastAPI Configuration: Disable API Docs (Swagger UI & ReDoc)

4 mins0
FastAPI Configuration: Disable API Docs (Swagger UI & ReDoc)

When an application is moved from development to production, it becomes crucial to disable API docs in FastAPI. To lower security risks and maintain the privacy of internal endpoints, many teams use FastAPI disable Swagger UI and FastAPI disable ReDoc. In practice, a fintech or healthcare API frequently operates in production, where routes that ought to remain hidden may be revealed by public API documentation.

Teams can also maintain a clean surface for attackers by using FastAPI to disable the production of documents. You have control over how customers use your service when you conceal API documentation. Internal tools, paid APIs, and systems that depend on stringent access rules are good candidates for FastAPI hide API documentation.

Before moving further, run your app and visit “/docs” URL. It will show similar output to below image.

FastAPI documentation Screenshot

FastAPI Disable Swagger UI and ReDoc in Production

Imagine you run an e commerce backend that powers mobile apps and partner integrations. Your developers use Swagger UI during local testing. In production, you want FastAPI turn off documentation to avoid exposing endpoints to the public.

FastAPI makes this setup simple and readable. You only need to update the app configuration. In most real world FastAPI projects, you control API documentation settings inside the main application file. This file is usually named main.py or app.py. It is the entry point where FastAPI initializes the app and loads routes. Open that file and modify it as below:

from fastapi import FastAPI

app = FastAPI(
    docs_url=None,
    redoc_url=None,
    openapi_url=None
)

@app.get("/")
def home_route():
    return {"message": "Hello World"}

Here, we have disabled docs URL. To verify run your application using below command and go to docs URL.

uvicorn main:app --reload

When you visit /docs or /redoc, you will get a 404 error (page not found):

Conclusion: When to Hide API Documentation in FastAPI

FastAPI disable Swagger UI and FastAPI disable ReDoc should now be the norm prior to the release of your product in the production environment, as this will safeguard your routes against the hackers and, in turn, ensure that your security level is enhanced. FastAPI disable docs production can work well in the startups and in the corporate setting.

With API docs hidden, you are still left with a fast API. This is because you are only restricting access to the API documentation.