Building ASP.NET Web APIs

Introduction to the Web

You can't start developing for the web without knowing the fundamentals. This module talks about the HTTP protocol used to request resources from the server. We'll explore the history and details of what is used for a browser and for a server to make sure the communication is legitimate.

• Introducing the World Wide Web
• HTTP Building Blocks
• RESTful Architecture

ASP.NET Core Architecture

ASP.NET Core is Microsoft's framework for building all sorts of modern web applications. In this module we'll take a look at how it processes requests, and what kinds of applications we can build with it.

• What is ASP.NET Core?
• ASP.NET Core Request Processing Pipeline
• Server- versus Client-Centric Applications
• ASP.NET Core Technology Overview

ASP.NET Web API Building Blocks

In this module you will get acquainted with the most important building blocks for any ASP.NET Web API application. This is the foundation of all following chapters.

• Getting Up and Running with Minimal APIs
• Adding Structure to your Web API with Controllers
• Web API Routing
• Inspecting the Request Processing Pipeline
• LAB: Building your first Web API

Endpoint Routing

On the web the URL decides what the server will do. In ASP.NET Core you will find the Endpoint Routing Middleware. A solid understanding of this middleware is required to build applications with ASP.NET Core.

• Getting Started with Routing Concepts
• Defining Routing Templates
• Route Parameter Contraints
• Route Parameter Transformers
• Understanding Route Matching
• Using Attribute Routing
• Routing Attributes
• Understanding Routing Errors
• LAB: Routing and Constraints

API Controllers

Controllers are responsible for the flow control logic in your application. ASP.NET Core has some tricks up its sleeve to optimize your controllers for Web APIs. In this module, we will explore them and apply them to our application.

• The Controller and ControllerBase Classes
• The ApiController attribute
• Action Methods and Action Results
• Hooking into the Request Processing Pipeline with Filters
• LAB: API Controllers

Dependency Injection & Testing

Dependency Injection is the art of decoupling an object from its dependencies. On top of improving maintainability and separation of concerns, it also makes testing a lot easier. In this module you will use dependency injection to create your first unit tests.

• Methods of Dependency Injection
• Dependency Inversion, Explicit Dependencies and Inversion of Control
• Unit Testing your Components
• Stubbing, Mocking & Faking
• LAB: Dependency Injection in Web API

Modeling the Data in Your Web API

Web APIs expose your data to external clients. In this module you will learn how to model the data you expose correctly so that it becomes easy to maintain and easy to consume.

• Internal and External Models - How to organise resources
• Mapping to Your Data Store with Entity Framework Core
• Using Data Transfer Objects
• Error Handling
• HATEOAS

Modeling your database with EF Core

When a database is designed, the idea is to normalize data, i.e. avoid duplicate data. When designing the object model for an application you try to come up with a design which is best suited for solving your business problems. This means that mapping tables to classes one-on-one is often a bad idea. Entity Framework Core allows us to map the relational world to the world of objects, allowing more complex mapping.

• What is Entity Framework Core?
• The need for Object Relational Mapping
• Methods of configuration
• Creating and applying migrations
• Table and column mapping
• Modeling properties
• Handling Concurrent updates
• Modeling relationships
• Modeling inheritance hierarchies
• LAB: Mapping your entities to the database with EF Core

CRUD

People could be sending any data to your API. So you should always validate your input. Here we will look at best practices, validation options, and how to send feedback in case of errors.

• Model Binding
• Binding Source Attributes
• DTO Validation
• Idempotency and Safeness
• Potential Errors and How to Handle Them
• LAB: Model Validation

Best Practices when Designing a Web API

Returning a 202 Accepted status code is easy. When to return it, that's another question. In this topic we'll dive into some best practices to create a properly designed API.

• Content Negotiation
• Dealing with Batches
• Cross Origin Resource Sharing (CORS)
• Limiting Data
• Service Oriented Architecture
• LAB: API Design and Best Practices

API Performance

This module reveals some great ways to keep your API quick and responsive. Ranging from tweaks that decrease load on the server, to dealing with large resources in an efficient way, and throttling requests to prevent abuse.

• Making your Backend Asynchronous
• Dealing with Cancellation
• Throttling requests
• Taking Advantage of Server-side and Client-side caching
• Dealing with Large Resources
• LAB: Improving the Performance of your API

Managing your Web API

Once you release your API, your work is done, right? Not exactly. How do you handle a changing domain model? What's the best way to keep track of who's using your API? In this module, we take a look at how to manage an in-production API

• Versioning: How to Add New Features to your API Without Breaking Existing Clients
• Limiting Access to your API with API Keys
• Leveraging Azure API Management as a Platform to Oversee All of Your APIs

Documenting your REST service with the OpenAPI Specification

When you want to consume a REST service, you are dependent on the documentation of the service. And developers don't like to write documentation. No problem: using Swagger you can automatically generate the necessary metadata for describing your service functionalities.

• Swagger and Swashbuckle
• Enriching your Metadata with Attributes
• Enriching your Metadata with Comments
• Adding XML-Comments
• Generating Client-side Code with Visual Studio and Swagger Codegen
• LAB: OpenAPI

Securing your Web API

Security is a world on its own. In this module we'll explore the common techniques to secure your Web API.

• Authentication & Authorization in Web API
• Authorization Attributes and Policies
• Authentication with OAuth and OpenID Connect
• Working with Roles and Scopes
• LAB: Protecting a Web API with OAuth

Actions and Remote Procedure Calls

While REST is all about exposing resources in a uniform way, for first-party clients, it might be a better idea to expose actions. The haydays of SOAP are far behind us, but newer and better technologies like gRPC have taken its place. In this module you'll learn all about when and how to use Remote Procedure Calls.

• Actions VS Resources: A Practical Comparison
• Exposing Actions in Web API
• Introducing gRPC
• Creating and Consuming gRPC Services
• LAB: Creating and Consuming gRPC Services with Blazor

Async Patterns in Web API

When long-running operations get triggered, you don't want to make your clients wait for them to finish. In this module we will introduce a couple of patterns that allow you to decouple requests from their responses, so your clients don't get bogged down by your service.

• Async Request-Reply Pattern: decoupling Request and Response
• Webhooks: Events for the Web

Consuming Web APIs

After spending a lot of time building your shiny new Web API, it's time to jump over the fence and take a look at how people will consume it. In this module you will learn how .NET applications, as well as JavaScript applications can easily consume your Web API.

• Consuming a Web API from .NET
• Best Practices for the .NET HttpClient
• Using the Swagger CodeGen Client
• Consuming a Web API from JavaScript with Fetch
• Web APIs and JavaScript Frameworks
• LAB: Building a Client for your Web API