---
title: Secure the API Explorer
description: The REST API Explorer serves up interactive REST API documentation. The API Explorer can help you identify endpoints, and run REST calls against those endpoints. To protect production servers from unauthorized API descriptor requests, IDM requires authentication, by default. The property authEnabled protects static web resources from public view.
component: pingidm
version: 8
page_id: pingidm:security-guide:security-api-explorer
canonical_url: https://docs.pingidentity.com/pingidm/8/security-guide/security-api-explorer.html
keywords: ["Security", "REST", "API Explorer"]
---

# Secure the API Explorer

The [REST API Explorer](../rest-api-reference/api-explorer.html) serves up interactive REST API documentation. The API Explorer can help you identify endpoints, and run REST calls against those endpoints. To protect production servers from unauthorized API descriptor requests, IDM requires authentication, by default. The property `authEnabled` protects static web resources from public view.

Default `ui.context-api.json` file

```json
{
    "enabled" : true,
    "authEnabled" : true,
    "urlContextRoot" : "/api",
    "defaultDir" : "&{idm.install.dir}/ui/api/default",
    "extensionDir" : "&{idm.install.dir}/ui/api/extension"
}
```

To disable the API Explorer, set the following property in your `resolver/boot.properties` file:

```properties
openidm.apidescriptor.enabled=false
```