| name | scalar |
| description | Scalar API documentation UI for .NET 10 applications. Covers setup, themes, authentication prefill, multiple documents, layout options, and security. A modern replacement for Swagger UI. Load this skill when setting up API documentation UI, or when the user mentions "Scalar", "MapScalarApiReference", "API reference", "Swagger UI replacement", "API documentation UI", "Scalar theme", "interactive API docs", or "Try It".
|
Scalar
Core Principles
- Scalar replaces Swagger UI — Scalar is the recommended API documentation UI for .NET 10. Faster rendering, built-in dark mode, code generation for dozens of languages, and full OpenAPI 3.1 support.
- Development only by default — Wrap
MapScalarApiReference() in an IsDevelopment() check. API documentation exposes internal structure. If needed in production, add authorization.
- Disable the proxy for sensitive APIs — Scalar's "Try It" feature routes through
proxy.scalar.com by default. Disable it with .WithProxy(null) to keep auth headers local.
- Security schemes come from OpenAPI — Scalar reads security schemes from the OpenAPI document. Configure them via document transformers, not in Scalar directly.
Patterns
Basic Setup
using Scalar.AspNetCore;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddOpenApi();
var app = builder.Build();
if (app.Environment.IsDevelopment())
{
app.MapOpenApi();
app.MapScalarApiReference();
}
app.Run();
Customized Configuration
app.MapScalarApiReference(options =>
{
options
.WithTitle("Checkout API")
.WithTheme(ScalarTheme.Mars)
.WithDefaultHttpClient(ScalarTarget.CSharp, ScalarClient.HttpClient)
.WithPreferredScheme("Bearer")
.WithProxy(null)
.WithSidebar(true);
});
Authentication Prefill (Development Only)
Pre-fill credentials so developers don't have to paste tokens manually. The OpenAPI document must already include the security scheme via a document transformer.
if (app.Environment.IsDevelopment())
{
app.MapScalarApiReference(options =>
{
options
.WithPreferredScheme("Bearer")
.AddHttpAuthentication("Bearer", auth =>
{
auth.Token = "dev-only-test-token";
});
});
}
Other auth types:
options.WithApiKeyAuthentication(apiKey =>
{
apiKey.Token = "dev-api-key";
});
options.WithOAuth2Authentication(oauth =>
{
oauth.ClientId = "your-client-id";
oauth.Scopes = ["openid", "profile"];
});
Available Themes
options.WithTheme(ScalarTheme.Mars);
Multiple API Documents
builder.Services.AddOpenApi("v1");
builder.Services.AddOpenApi("v2-beta");
app.MapOpenApi();
app.MapScalarApiReference();
Or configure documents explicitly:
app.MapScalarApiReference(options =>
{
options
.AddDocument("v1", "Production API")
.AddDocument("v2-beta", "Beta API", isDefault: true);
});
Custom Route Prefix
app.MapScalarApiReference("/api-docs");
Production with Authorization
app.MapOpenApi().RequireAuthorization("ApiDocs");
app.MapScalarApiReference().RequireAuthorization("ApiDocs");
Force Dark Mode
options.ForceDarkMode();
Classic Layout (Swagger-like)
options.WithClassicLayout();
Anti-patterns
Don't Expose Scalar in Production Without Auth
app.MapOpenApi();
app.MapScalarApiReference();
if (app.Environment.IsDevelopment())
{
app.MapOpenApi();
app.MapScalarApiReference();
}
app.MapOpenApi().RequireAuthorization("ApiDocs");
app.MapScalarApiReference().RequireAuthorization("ApiDocs");
Don't Pre-fill Real Credentials
options.AddHttpAuthentication("Bearer", auth =>
{
auth.Token = "eyJhbG...real-production-token";
});
if (app.Environment.IsDevelopment())
{
options.AddHttpAuthentication("Bearer", auth =>
{
auth.Token = "dev-only-test-token";
});
}
Don't Forget the Security Scheme Transformer
builder.Services.AddOpenApi();
app.MapScalarApiReference(options =>
{
options.WithPreferredScheme("Bearer");
});
builder.Services.AddOpenApi(options =>
{
options.AddDocumentTransformer<BearerSecuritySchemeTransformer>();
});
app.MapScalarApiReference(options =>
{
options.WithPreferredScheme("Bearer");
});
Don't Leave the Proxy Enabled for Sensitive APIs
app.MapScalarApiReference();
app.MapScalarApiReference(options =>
{
options.WithProxy(null);
});
Don't Use Swagger UI for New .NET 10 Projects
builder.Services.AddSwaggerGen();
app.UseSwaggerUI();
builder.Services.AddOpenApi();
app.MapOpenApi();
app.MapScalarApiReference();
Decision Guide
| Scenario | Recommendation |
|---|
| API documentation UI | MapScalarApiReference() with MapOpenApi() |
| Development environment | Default setup with IsDevelopment() guard |
| Production API docs | Add .RequireAuthorization() to both endpoints |
| Auth testing in dev | AddHttpAuthentication() with test tokens |
| Dark theme preference | .ForceDarkMode() or .WithTheme(ScalarTheme.Moon) |
| Multiple API versions | Multiple AddOpenApi() calls — Scalar detects automatically |
| Sensitive APIs | .WithProxy(null) to disable external proxy |
| Swagger-like layout | .WithClassicLayout() |
| Custom route | app.MapScalarApiReference("/api-docs") |