Building ASP.NET Web APIs

Introduction to the Web

You can't start developing for the web without knowing the fundamentals. This module talks about the HTTP protocol used to request resources from the server. We'll explore the history and details of what is used for a browser and for a server to make sure the communication is legitimate.

• Introducing the World Wide Web
• HTTP Building Blocks
• RESTful Architecture

ASP.NET Core Web API Building Blocks

In this module you will get acquainted with the most important building blocks for any ASP.NET Core Web API application. This is the foundation of all following chapters.

• What is ASP.NET Core?
• ASP.NET Core Request Processing Pipeline
• Evolution: Web API from Controllers to Minimal APIs
• Developing Web API with Controllers
• Getting Up and Running with Minimal APIs
• Testing using Visual Studio Endpoint Explorer
• Web API Routing
• REST alternatives: gRPC and SignalR
• LAB: Building your first Web API

Dependency Injection & Testing

Dependency Injection is the art of decoupling an object from its dependencies. On top of improving maintainability and separation of concerns, it also makes testing a lot easier. In this module you will use dependency injection to create your first unit tests.

• Methods of Dependency Injection
• Dependency Inversion, Explicit Dependencies and Inversion of Control
• Understanding DI life-cycle: Singleton, Scoped and Transient
• LAB: Dependency Injection in Web API

ASP.NET Core Configuration

ASP.NET Core allows you to pick and choose where to store your configuration. No more deploying configuration with production settings in source control! We will look at the idea behind this and of course how to choose your ideal configuration.

• Different ways of getting configuration to your code
• Storing sensitive configuration in Secrets
• Using the Options Pattern
• Adding your own Configuration Providers
• LAB: Using ASP.NET Core Configuration and Feature Toggles

Endpoint Routing

On the web the URL decides what the server will do. In ASP.NET Core you will find the Endpoint Routing Middleware. A solid understanding of this middleware is required to build applications with ASP.NET Core.

• Getting Started with Routing Concepts
• Designing Routing Templates
• Route Parameter Contraints
• Understanding Route Matching
• Controllers and Attribute Routing
• Minimal API Routing
• Using Route Binding Attributes
• Understanding Routing Errors
• LAB: Routing and Constraints

API Endpoints and Controllers

Controllers and Endpoints are responsible for the flow control logic in your application. ASP.NET Core Lets you choose between traditional controllers and Minimal APIs, but no matter what you choose, you will need to understand how to work with them. In this module you will learn how to get the most out of your controllers.

• The Controller and ControllerBase Classes
• The ApiController attribute
• Model Binding and Return Types
• Hooking into the Request Processing Pipeline with Filters
• LAB: API Controllers

Minimal APIs

Minimal APIs offer a streamlined approach for constructing fast and efficient HTTP endpoints with minimal dependencies. The beauty lies in their simplicity: you can create fully functional REST APIs with minimal code and configuration.

• Core Concepts of Minimal APIs
• Creating Endpoints and Groups
• Minimal API Model Binding and Return Types
• Using Typed Results
• Minimal API Endpoint Filters

Modeling the Data in Your Web API

Web APIs expose your data to external clients. In this module you will learn how to model the data you expose correctly so that it becomes easy to maintain and easy to consume.

• Internal and External Models - How to organise resources
• Data Access with Entity Framework Core
• EF Core Performance Tips
• Using Data Transfer Objects
• Content Negotiation
• Limiting Data (pagination)
• Dealing with Batches
• Versioning: Adding New Features Without Breaking Existing Clients
• LAB: API Design and Best Practices

Request Validation and API Error Handling

People could be sending any data to your API. So you should always validate your input. In this section, we'll explore best practices for input validation, including built-in ASP.NET Core validation and the popular Fluent Validation library. We'll also cover how to provide meaningful feedback in case of errors.

• Model Binding
• Binding Source Attributes
• Controller Action Request Validation
• Minimal API Request Validation
• Idempotency and Safeness
• Potential Errors and How to Handle Them
• LAB: Model Validation

API Performance

This module reveals some great ways to keep your API quick and responsive. Ranging from tweaks that decrease load on the server, to dealing with large resources in an efficient way, improving startup time, resource efficiency and throttling requests to prevent abuse.

• Making your Backend Method Asynchronous
• Dealing with Cancellation
• Throttling requests
• Taking Advantage of Server-side and Client-side caching
• Dealing with Large Resources
• Improving Resource Efficiency and Startup Time with Ahead of Time Compilation
• LAB: Improving the Performance of your API

Documentation with OpenAPI

When you want to consume a REST service, you are dependent on the documentation of the service. And developers don't like to write documentation. No problem: using OpenAPI you can automatically generate the necessary metadata for describing your service functionalities.

• Documenting your API with OpenAPI
• Enriching your Metadata with Attributes
• Enriching your Metadata with Comments
• Using Scalar to test with an UI
• Adding XML-Comments
• Generating Client-side Code with Visual Studio and Swagger Codegen
• Caching and Build-time generation
• LAB: OpenAPI

Securing your Web API

Security is a world on its own. In this module we'll explore common techniques to secure your Web API.

• Authentication and Authorization in Web API
• Authorization Attributes and Policies
• Securing Minimal API Endpoints
• Limiting Access to your API with API Keys
• Authentication with OAuth and OpenID Connect
• Cross-Origin Resource Sharing (CORS)
• LAB: Protecting a Web API with OAuth

Server-Sent Events

Real-time updates are no longer a "nice-to-have" feature. Most modern UI applications expect live data streams of some kind from the server. For years, the go-to answer in the .NET ecosystem has been SignalR. While SignalR is incredibly powerful, it's nice to have other options for simpler use cases. With the release of ASP.NET Core 10, we finally have a native, high-level API for Server-Sent Events (SSE). It bridges the gap between basic HTTP polling and full-duplex WebSockets via SignalR.

• What are Server-Sent Events?
• Using Channels for SSE
• Using Hosted Services for Processing
• Replaying dropped events using OrderEventBuffer
• LAB: Adding Notifications using SSE

Async Patterns in Web API

When long-running operations get triggered, you don't want to make your clients wait for them to finish. In this module we will introduce a couple of patterns that allow you to decouple requests from their responses, so your clients don't get bogged down by your service.

• Async Request-Reply Pattern: decoupling Request and Response
• Webhooks: Events for the Web

Consuming Web APIs

After spending a lot of time building your shiny new Web API, it's time to jump over the fence and take a look at how people will consume it. In this module you will learn how .NET applications, as well as JavaScript applications can easily consume your Web API.

• Consuming a Web API from .NET
• Best Practices for the .NET HttpClient
• Using the Kiota OpenAPI Tool to Generate the API Client
• Consuming a Web API from JavaScript with Fetch
• Web APIs and JavaScript Frameworks
• LAB: Building a Client for your Web API