RESTful Web API in .NET Core - The Beginners Guide (.NET 10)

Open Visual Studio 2026 and create a new web api project with dotnet ten, enabling https and open api support, using controllers with no authentication.

Add the Scalar NuGet package, configure program.cs to map the Scalar API reference, and load scalar/v1 to view and test the weather forecast endpoint with light or dark themes.

Configure the project launch settings to make scalar the default url, so the app opens scalar documentation automatically and exposes all endpoints without manual navigation.

Test a weather forecast endpoint to see api requests returning data with status 200, then clean the project to start from ground zero, leaving only Program.cs and Appsettings.json.

Learn how to create your first API endpoint by building a controller that must end with controller, inherits from the controller base class, and uses the API controller attribute.

Create your first endpoint by adding a get villas action in a controller that returns a string, decorate with route and http get attributes, and test it with scalar UI.

Learn how to name routes in a restful .NET Core API by configuring controller and action routes. Use explicit static routes like api/villa to avoid ambiguity with multiple get endpoints.

Add a get villa by id endpoint using route parameter binding to extract the id from the url path and pass it to the method.

Explore parameter binding in restful .NET Core APIs, retrieving id and name via route, query, and header, with notes on constraints and upcoming from body and form.

Install NuGet packages for Entity Framework Core SQL Server and tools, connect to a local database, create a DbContext, and enable migrations for CRUD.

Create an application dbcontext inheriting from dbcontext, configure it in program.cs to use sql server with the default appsettings.json connection string, and run migrations to create an empty database.

Create a villa model with id, name, details, rate, square feet, image, created and updated date; add a dbset to the application dbcontext and run a migration to update database.

Seed villa data into the database by overriding on model creating and seeding with data, featuring five villas, and enable automatic migrations at startup to apply pending updates.

Turn the get villas endpoint into an async list by injecting the application db context, querying the villa DbSet with Entity Framework Core, and verifying the endpoint returns all villas.

Enhance the rest api by returning proper http status codes with IActionResult, adopting asynchronous endpoints using Task<IActionResult> and await for non-blocking, scalable villa retrieval.

Retrieve a single villa by id using entity framework, with try-catch error handling and status codes 400, 404, and 500, including not found messages.

Create villa by posting villa data to an http post endpoint. Validate input, return bad request when data is missing, and persist via application db context with save changes asynchronously.

Explore posting a villa via a RESTful .NET Core API, handle validation, required fields, and default values, and learn why DTOs improve create operations.

Use a villa create data transfer object as a middle layer to expose only necessary json properties, never exposing database entities, and map to entities with input validation.

Replace manual mapping with AutoMapper by configuring maps in program.cs, inject IMapper, and map Villa DTO to Villa (and vice versa) to streamline properties and testing.

learn to return the created resource with its id using CreatedAtAction in a restful .net core post, yielding status 201 and the complete villa object.

Showcases a put endpoint to update a villa by id using a villa update DTO, with ID validation and EF Core tracking to persist changes.

Delete in action demonstrates implementing an http delete endpoint to remove a villa by id using entity framework, returning no content on success and 404 on not found.

Implement validation on the update endpoint to prevent duplicate villa names by a case-insensitive check against other villas, excluding the current id, and return a 409 conflict with a message.

Learn to implement a uniform API response with a dedicated response object, replacing inconsistent plain text errors, and apply duplicate-name checks when creating a villa plus a response model.

Define api response with properties like success, status code, message, data, errors, and timestamp, using a placeholder type for data. Implement the response in villa controller in next video.

Learn to prevent exposing database entities by using Villa DTOs, mapping with a mapper, and returning Villa DTOs for get, create, update, and delete operations in a .NET Core API.

Learn to implement a consistent api response in .NET Core by returning a structured response for get by id or bad request, including status code, errors, success, message, and data.

Learn to implement static factory methods for API responses in .NET core, using extension methods to generate standardized responses for not found, bad request, conflict, ok, created, and no content.

Implement a consistent api response wrapper for villa endpoints using an api response object, IEnumerable<VillaDTO>, a mapper, and ok and not found returns with a success message.

Implement a standardized api response across the villa controller, returning an api response object for all actions, with dto mapping, and messages for created, updated, not found, and errors.

Test api endpoints for get, create, update, and delete to ensure consistent responses and status codes like 200, 201, 404; updates require providing all fields, since put replaces all values.

document api endpoints using produces response type, listing status codes like 200, 201, 400, 404, 409, 500 and villa dto models (create, update) used for get, post, put, and delete.

Create a local authentication flow by adding a users table with id, email, name, password, and role default customer; map to the context, and implement login and registration endpoints.

Create authentication DTOs for login and registration, including login request DTO with email and password validation, login response DTO with a token and user DTO, and registration request DTO.

Implement login and registration endpoints using an auth service, return a user dto, generate a JWT token for sign-in, and add a check to prevent duplicate emails.

Define and implement the auth service interface for a .NET Core RESTful API, including register, login, and email-existence endpoints, with registration/login request DTOs and nullable user/login responses.

Implement the art service endpoints, integrate with the auth controller, and use a mapper with application db context to check email uniqueness via any async, using a case-insensitive comparison.

Implement a register endpoint that validates email existence, maps the registration DTO to a user, assigns a default customer role, sets the created date, and saves the user.

Configure the auth service in program.cs and implement the registration workflow in the auth controller, validating input, checking email uniqueness, and registering the user to return a created response.

Test the registration endpoint as an http post from the body, correct parameters, and resolve an entity framework core string comparison issue with to lower to register a user.

Implement login endpoint in auth service, validate email and password from the login request DTO, map user to a user DTO, and return a JWT in the login response DTO.

Generate a secure JWT token by reading the secret from JWT settings in app settings. Create token descriptor with user claims and sign it with a symmetric key using Sha256.

Implement a login API endpoint that generates a JWT token from a login request DTO and returns a login response DTO, handling 200, 400, and 409 status codes.

Demonstrates configuring explicit login and register routes for a restful api, showing login flow, token generation, and token claims like name, id, email, and role.

Configure jwt bearer authentication middleware and call app.use authentication before authorization to secure the villas endpoint, installing the jwt bearer package and validating tokens.

Practice authenticating requests by logging in to obtain a JWT token, then pass it in the authorization header as a bearer token to access protected endpoints like get all villa.

Configure authentication by adding a jwt bearer security scheme with a document transformer in program.cs, applying a global security requirement to all endpoints via OpenAPI.

Enforce controller level authorization with action level overrides, showing how roles like customer and admin access differ; handle 403, 401, and allow anonymous for specific actions using bearer tokens.

Comment out authorization to keep the API endpoint fundamentals simple as you continue with the next steps.

Add a villa amenities model with a foreign key to villa and a one-to-many navigation. Create migrations and build CRUD endpoints, DTOs, and a villa amenities controller.

Create and map villa dtos for a dotnet core rest api, configure automapper to populate villa names, and implement crud for villa amenities endpoints.

Configure AutoMapper in program.cs to map villa amenities to villa amenities dto and back, adding rules to populate villa name from the related navigation property when available.

Create and refine villa amenities endpoints by updating the controller, renaming dtos to villa amenities dto, aligning routes with restful conventions, validating villa existence, and stamping created at on creation.

Demonstrates building and testing CRUD endpoints for villa amenities in a .NET Core RESTful API, including update, delete, validation, and error handling.

Create an MVC web project to consume the villa api endpoints in dotnet ten, starting from ground zero with authentication none, naming the project Royal Villa Web.

Create a shared dto library, move dto files into it, update namespaces and project references, and configure api and web projects to run simultaneously.

Create an API request model in the web project with an API type enum (get, post, put, delete) default get, and properties type, url, data, and token to authorize requests.

Design a dynamic base service in the web project to handle any api request with a generic type T and a response model, using http client factory injection.

Implement a base service that uses an http client to call APIs, serialize requests to JSON, map API type to http method, send, and deserialize responses to a generic type.

Define a generic villa service interface with async CRUD endpoints (get all, get, create, update, delete) using villa DTOs, plan token support, and implement it in the villa service class.

Implement the villa service by extending the base service, injecting the http client factory, and wiring configuration to build endpoints for create, get all, get by id, update, and delete.

Configure a lenient cors policy that allows any origin, any header, and any method to access the api, exposing headers and integrating with the service builder and app pipeline.

Install and configure AutoMapper in the .NET Core web project, update the DTO mappings in Program.cs, and align villa-related data transfer objects to enable mapping in the home controller.

Register a named http client royal api in program.cs, configure its base address from configuration, set the json accept header, and register the villa service as a scoped dependency.

Inject the villa service and mapper into the home controller, call get all async to fetch villa DTOs via a generic API response, and pass the data to the view.

Debug and fix an api call by configuring a named http client and relative uri in Program.cs, resolving invalid uri errors to successfully fetch the villa list.

Create the home page UI by turning pre-built HTML and CSS templates into an MVC view that shows nine villas with a pure HTML/CSS carousel using an IEnumerable<Villa DTO> model.

Implement a dynamic villa cards grid using a for-each loop, displaying image or placeholder, showing price, name, details, occupancy, and square feet, and enhance the home page with bootstrap icons.

Improve the home page icons and spacing, then create a villa management navigation with a VillaController and index action to retrieve villas, and update the layout with a Bootstrap icon.

Build a villa management view and index in a .NET core app, reuse the home page model, and display villas with counts, average rate, and total square feet.

Iterate the villa list with foreach to display image, name, and a 50-character details snippet, handling null or empty details and adjusting the dto for create, edit, and delete.

Add a villa create template by implementing a get create endpoint that returns an empty create view, wiring the villa form to post to the API with basic validation.

Define the villa create dto and enable client-side validation with asp-validation-for in Razor views, and adjust nullable properties to control validations for name, details, occupancy, square feet, and image URL.

Create a post endpoint in MVC, receive a villa create dto, validate with model state and anti-forgery token, then redirect to index after success while handling errors.

Implement a villa delete workflow in a .NET core RESTful API, including get and post delete endpoints, ID validation, and a delete view with a populated, disabled form.

Follow the delete in action by posting the villa id to the delete endpoint, return an api response with a data object, and redirect to the index action after success.

Implement edit functionality by retrieving the villa by id, mapping data to a Villa update DTO, and posting updates through the update async endpoint with validation and current image display.

Implement the auth service interface by creating an auth service with login and registration endpoints, using login and registration request dtos, exposed under the api/auth route.

Implement the auth service to handle login and register asynchronously with login and registration request DTOs, without tokens, and configure post endpoints /login and /register in program.cs.

Create an mvc auth controller in the .NET core project, wiring login, registration, access denied, and logout actions with the auth service, login request/response DTOs, anti-forgery validation, and views.

Implement login and register UI templates with pure HTML and CSS, wire them to ASP.NET Core auth actions, and update navigation to connect login, register, and home routes.

Implement a functional register view by wiring the registration post to the auth controller with a registration request DTO. Handle success and error via temp data and validation.

Implement a login view by wiring the login post action, adding validation for email and password, and integrating asp validation with a validation summary, plus linking to registration.

Test registration in the .NET core restful API by signing up a user, observing success and duplicate errors, and preparing for login configuration in the next video.

Register cookie authentication in Program.cs and call UseAuthentication before authorization. Configure cookie options (HTTP only, 60-minute expiration, sliding expiration) and login path and access denied path to redirect to login.

Explore how the built-in dotnet identity populates the user object via claims principal, checks is authenticated, and renders a dropdown with the logged-in user and a logout action.

Implement logout in a .NET Core RESTful web API by signing out with HTTP context sign out async, then redirecting to the home index, and confirming login status and email.

Enable authorize on API endpoints and fix token flow so an admin login exposes data. Save the bearer token in the web app and pass it with API requests.

Store the model token in a server-side session by configuring distributed memory cache and session, injecting HTTP context accessor, and saving the JWT token under a session token key.

Inject the http context accessor to retrieve the session JWT token, attach it to API requests via the authorization header, and verify token-based access to villa data.

Learn how role based access controls secure api and mvc endpoints by enforcing admin-only create, update, and delete permissions while allowing view access for others.

Refactor the app by moving token handling into the base service, remove token usage from endpoints, and verify villa management works after updating the home controller and building the project.