Building ASP.NET Web APIs

Introducing REST and Web API

For .NET developers, ASP.NET Web API is the way to create REST services. This module introduces students to the REST architecture, and the framework that brings it to ASP.NET Core. Throughout the training, students will learn best practices for building internal APIs (first-party clients) and Public APIs (third-party clients).

• Introducing REST
• Building a simple Web API
• Consuming a Web API
• Documenting your API with Open API
• Internal vs. Public APIs

ASP.NET Web API Building Blocks

In this module you will get acquainted with the most important building blocks for any ASP.NET Web API application. This is the foundation of all following chapters.

• Getting Up and Running with Minimal APIs
• Adding Structure to your Web API with Controllers
• Web API Routing
• Inspecting the Request Processing Pipeline
• LAB: Building your first Web API

Endpoint Routing

On the web the URL decides what the server will do. In ASP.NET Core you will find the Endpoint Routing Middleware. A solid understanding of this middleware is required to build applications with ASP.NET Core.

• Getting Started with Routing Concepts
• Defining Routing Templates
• Route Parameter Contraints
• Route Parameter Transformers
• Understanding Route Matching
• Using Attribute Routing
• Routing Attributes
• Understanding Routing Errors
• LAB: Routing and Constraints

API Controllers

Controllers are responsible for the flow control logic in your application. ASP.NET Core has some tricks up its sleeve to optimize your controllers for Web APIs. In this module, we will explore them and apply them to our application.

• The Controller and ControllerBase Classes
• The ApiController attribute
• Action Methods and Action Results
• Hooking into the Request Processing Pipeline with Filters
• LAB: API Controllers

Minimal APIs

Minimal APIs offer a streamlined approach for constructing fast and efficient HTTP endpoints with minimal dependencies. The beauty lies in their simplicity: you can create fully functional REST APIs with minimal code and configuration.

• Core Concepts of Minimal APIs
• Controllers vs Minimal APIs
• Model Binding and Return Types
• Creating Endpoints
• Minimal API Filters

Dependency Injection & Testing

Dependency Injection is the art of decoupling an object from its dependencies. On top of improving maintainability and separation of concerns, it also makes testing a lot easier. In this module you will use dependency injection to create your first unit tests.

• Methods of Dependency Injection
• Dependency Inversion, Explicit Dependencies and Inversion of Control
• Unit Testing your Components
• Stubbing, Mocking & Faking
• LAB: Dependency Injection in Web API

Modeling the Data in Your Web API

Web APIs expose your data to external clients. In this module you will learn how to model the data you expose correctly so that it becomes easy to maintain and easy to consume.

• Internal and External Models - How to organise resources
• Mapping to Your Data Store with Entity Framework Core
• Using Data Transfer Objects
• Error Handling
• HATEOAS

CRUD

People could be sending any data to your API. So you should always validate your input. Here we will look at best practices, validation options, and how to send feedback in case of errors.

• Model Binding
• Binding Source Attributes
• DTO Validation
• Idempotency and Safeness
• Potential Errors and How to Handle Them
• LAB: Model Validation

Best Practices when Designing a Web API

Returning a 202 Accepted status code is easy. When to return it, that's another question. In this topic we'll dive into some best practices to create a properly designed API.

• Content Negotiation
• Dealing with Batches
• Cross Origin Resource Sharing (CORS)
• Limiting Data
• Service Oriented Architecture
• LAB: API Design and Best Practices

API Performance

This module reveals some great ways to keep your API quick and responsive. Ranging from tweaks that decrease load on the server, to dealing with large resources in an efficient way, and throttling requests to prevent abuse.

• Making your Backend Asynchronous
• Dealing with Cancellation
• Throttling requests
• Taking Advantage of Server-side and Client-side caching
• Dealing with Large Resources
• LAB: Improving the Performance of your API

Managing your Web API

Once you release your API, your work is done, right? Not exactly. How do you handle a changing domain model? What's the best way to keep track of who's using your API? In this module, we take a look at how to manage an in-production API

• Versioning: How to Add New Features to your API Without Breaking Existing Clients
• Limiting Access to your API with API Keys
• Leveraging Azure API Management as a Platform to Oversee All of Your APIs

Documenting your REST service with the OpenAPI Specification

When you want to consume a REST service, you are dependent on the documentation of the service. And developers don't like to write documentation. No problem: using Swagger you can automatically generate the necessary metadata for describing your service functionalities.

• Swagger and Swashbuckle
• Enriching your Metadata with Attributes
• Enriching your Metadata with Comments
• Adding XML-Comments
• Generating Client-side Code with Visual Studio and Swagger Codegen
• LAB: OpenAPI

Securing your Web API

Security is a world on its own. In this module we'll explore the common techniques to secure your Web API.

• Authentication & Authorization in Web API
• Authorization Attributes and Policies
• Authentication with OAuth and OpenID Connect
• Working with Roles and Scopes
• LAB: Protecting a Web API with OAuth

Actions and Remote Procedure Calls

While REST is all about exposing resources in a uniform way, for first-party clients, it might be a better idea to expose actions. The haydays of SOAP are far behind us, but newer and better technologies like gRPC have taken its place. In this module you'll learn all about when and how to use Remote Procedure Calls.

• Actions VS Resources: A Practical Comparison
• Exposing Actions in Web API
• Introducing gRPC
• Creating and Consuming gRPC Services
• LAB: Creating and Consuming gRPC Services with Blazor

Async Patterns in Web API

When long-running operations get triggered, you don't want to make your clients wait for them to finish. In this module we will introduce a couple of patterns that allow you to decouple requests from their responses, so your clients don't get bogged down by your service.

• Async Request-Reply Pattern: decoupling Request and Response
• Webhooks: Events for the Web

Consuming Web APIs

After spending a lot of time building your shiny new Web API, it's time to jump over the fence and take a look at how people will consume it. In this module you will learn how .NET applications, as well as JavaScript applications can easily consume your Web API.

• Consuming a Web API from .NET
• Best Practices for the .NET HttpClient
• Using the Swagger CodeGen Client
• Consuming a Web API from JavaScript with Fetch
• Web APIs and JavaScript Frameworks
• LAB: Building a Client for your Web API