Building and Securing a RESTful API for Multiple Clients in ASP.NET
We all seem to be building RESTful APIs these days. But REST is bigger than that: it's an architectural system. If you're looking to learn what REST really is and how to build a RESTful API with Web API, aimed at multiple client types (web/mobile), this is the right course for you.
What you'll learn
We all seem to be building RESTful APIs with ASP.NET Web API these days. But REST is bigger than that: it's an architectural system. If you're looking to learn what REST actually is and how to build a RESTful API with ASP.NET Web API, aimed at multiple client types (web/mobile), you're in the right course. This course is filled with best practices concerning URI design, data shaping, paging, caching, and versioning. It's very demo-driven, and we start from scratch. It contains an API and two different clients: an ASP.NET MVC client and a mobile client. To top it off, you'll also learn all about securing both client apps and the API with OAuth 2.0 and OpenID Connect. The focus is on what works for standardized API development for multiple (possibly cross-platform) clients.
Table of contents
- Introduction and Designing Resource URIs 5m
- Interacting with Resources 4m
- HTTP Status Codes 3m
- Demo - Solution Overview and Getting a List of Resources with GET 9m
- Demo - Getting a Single Resource with GET 5m
- Demo - Formatters and Result Formatting 2m
- Demo - Creating a Resource with POST 4m
- Demo - Updating a Resource with PUT 3m
- A Few Words on PATCH 2m
- Demo - Partially Updating a Resource with PATCH 4m
- Demo - Deleting a Resource with DELETE 2m
- Demo - Relations and URI Mapping 6m
- Demo - Sorting 4m
- Demo - Filtering 2m
- Implementing Paging Support 2m
- Demo - Paging 5m
- Summary 1m
- Introduction to Data Shaping 2m
- Demo - Allowing Field-level Selection with Data Shaping 4m
- Demo - Allowing Inclusion of Associations with Data Shaping 4m
- HTTP Caching 4m
- Demo - HTTP Caching 3m
- Breaking REST with OutputCache 1m
- Versioning Strategies 4m
- Demo - Versioning Strategies 7m
- What About Transactions? 3m
- Summary 1m
- Introduction 2m
- Demo - Retrieving Resources 7m
- Demo - Creating Resources 3m
- Demo - Editing Resources 3m
- Demo - Deleting Resources 1m
- Demo - Sorting Resources 1m
- Demo - Paging Resources 6m
- Demo - Data Shaping 2m
- Demo - Editing Resources (partial) 5m
- Demo - Versioning 3m
- Demo - Filtering Resources 3m
- Choosing Where to Use HttpCache 2m
- Demo - Caching 8m
- Summary 1m
- Introduction and a Few Important Definitions 2m
- An Old, Familiar, yet Insufficient Approach (Forms Authentication) 2m
- A Better, yet Insufficient Approach (WS-Federation) 4m
- Introduction to OAuth 2.0 2m
- OAuth 2.0 Client Types 2m
- OAuth 2.0 Protocol Endpoints 1m
- Authorization Code Grant 4m
- Implicit Grant 3m
- Client Credentials Grant 1m
- Resource Owner Password Credentials Grant 3m
- Introduction to OpenID Connect 2m
- Hybrid Flow 1m
- Summary 1m
- Introduction and MVC Client: Choosing the Correct Flow 2m
- Demo - Hybrid Flow 8m
- Demo - UserInfo Endpoint 3m
- Demo - Claims Transformation 6m
- Demo - Role-based Authorization 4m
- Demo - External Providers (Facebook) 6m
- Demo - User-specific Data - Client Responsibility 2m
- WP Client: Choosing the Correct Flow 1m
- Demo - IIS Express and Windows Phone 3m
- Demo - Implicit Flow 9m
- Summary 2m
About the author
Kevin Dockx is a freelance solution architect, author & consultant, living in Antwerp (Belgium). He's mainly focused on solution/application architectures & security for web-based (API) applications built with .NET, but he also keeps an eye out for new developments concerning other products from the .NET stack. He's a Microsoft MVP and board member of the RD MS Community. He's also a regular speaker at various (inter)national conferences & user group events, and works on various open source pro... more