protected override bool IsAuthorized(HttpActionContext actionContext)
        {
            ApiSettings settings = EngineContext.Current.Resolve <ApiSettings>();

            // Swagger client does not support BearerToken authentication.
            // That is why we don't check for Bearer token authentication but check only 2 things:
            // 1. The store owner explicitly has allowed Swagger to make requests to the API
            // 2. Check if the request really comes from Swagger documentation page. Since Swagger documentation page is located on /swagger/ui/index we simply check that the Refferer contains "swagger"
            if (settings.AllowRequestsFromSwagger && actionContext.Request.Headers.Referrer != null && actionContext.Request.Headers.Referrer.ToString().Contains("swagger"))
            {
                return(true);
            }

            // At this point the customer making the request is already authorised by the nopCommerce FormsAuthentication, so
            // we need to make sure several things before providing access to the requested resource:
            // 1. The request is a BearerToken request - since we support only BearerToken authorization
            // 2. The Api is enabled from the plugin settings
            // 3. The provided BearerToken is valid and the corresponding client exists in the database and is active.
            var authorization = actionContext.Request.Headers.Authorization;

            if (authorization == null || authorization.Scheme != "Bearer" || !settings.EnableApi || !_authorizationHelper.ClientExistsAndActive())
            {
                // don't authorize if any of the above is not true
                return(false);
            }

            return(base.IsAuthorized(actionContext));
        }