ASP.NET Core Web APIs

ASP.NET Core provides two API styles: controller-based (traditional, feature-rich) and Minimal APIs (lightweight, performant). Both support JWT authentication, middleware, Swagger documentation, and API versioning.

45 min•By Priygop Team•Last updated: Feb 2026

API Patterns

Example

// Program.cs — Minimal API style (.NET 6+)
var builder = WebApplication.CreateBuilder(args);

// Services
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options => {
        options.TokenValidationParameters = new TokenValidationParameters {
            ValidateIssuer = true,
            ValidIssuer = builder.Configuration["Jwt:Issuer"],
            ValidateAudience = true,
            ValidAudience = builder.Configuration["Jwt:Audience"],
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = new SymmetricSecurityKey(
                Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"]!))
        };
    });
builder.Services.AddAuthorization();
builder.Services.AddDbContext<AppDbContext>(...);

var app = builder.Build();
app.UseSwagger(); app.UseSwaggerUI();
app.UseAuthentication();
app.UseAuthorization();

// Minimal API endpoints
var products = app.MapGroup("/api/products").RequireAuthorization();

products.MapGet("/", async (AppDbContext db) =>
    await db.Products.AsNoTracking().ToListAsync());

products.MapGet("/{id:int}", async (int id, AppDbContext db) =>
    await db.Products.FindAsync(id) is Product p ? Results.Ok(p) : Results.NotFound());

products.MapPost("/", async (CreateProductDto dto, AppDbContext db, IValidator<CreateProductDto> validator) => {
    var result = await validator.ValidateAsync(dto);
    if (!result.IsValid) return Results.ValidationProblem(result.ToDictionary());
    
    var product = new Product { Name = dto.Name, Price = dto.Price };
    db.Products.Add(product);
    await db.SaveChangesAsync();
    return Results.Created($"/api/products/{product.Id}", product);
});

products.MapPut("/{id:int}", async (int id, UpdateProductDto dto, AppDbContext db) => {
    var product = await db.Products.FindAsync(id);
    if (product is null) return Results.NotFound();
    product.Name = dto.Name; product.Price = dto.Price;
    await db.SaveChangesAsync();
    return Results.NoContent();
});

products.MapDelete("/{id:int}", async (int id, AppDbContext db) => {
    var rows = await db.Products.Where(p => p.Id == id).ExecuteDeleteAsync();
    return rows > 0 ? Results.NoContent() : Results.NotFound();
});

app.Run();

// DTOs (Data Transfer Objects — never expose entities directly)
public record CreateProductDto(string Name, decimal Price);
public record UpdateProductDto(string Name, decimal Price);

Quick Quiz

Next Module →

API Patterns

Example

// Program.cs — Minimal API style (.NET 6+)
var builder = WebApplication.CreateBuilder(args);

// Services
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options => {
        options.TokenValidationParameters = new TokenValidationParameters {
            ValidateIssuer = true,
            ValidIssuer = builder.Configuration["Jwt:Issuer"],
            ValidateAudience = true,
            ValidAudience = builder.Configuration["Jwt:Audience"],
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = new SymmetricSecurityKey(
                Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"]!))
        };
    });
builder.Services.AddAuthorization();
builder.Services.AddDbContext<AppDbContext>(...);

var app = builder.Build();
app.UseSwagger(); app.UseSwaggerUI();
app.UseAuthentication();
app.UseAuthorization();

// Minimal API endpoints
var products = app.MapGroup("/api/products").RequireAuthorization();

products.MapGet("/", async (AppDbContext db) =>
    await db.Products.AsNoTracking().ToListAsync());

products.MapGet("/{id:int}", async (int id, AppDbContext db) =>
    await db.Products.FindAsync(id) is Product p ? Results.Ok(p) : Results.NotFound());

products.MapPost("/", async (CreateProductDto dto, AppDbContext db, IValidator<CreateProductDto> validator) => {
    var result = await validator.ValidateAsync(dto);
    if (!result.IsValid) return Results.ValidationProblem(result.ToDictionary());
    
    var product = new Product { Name = dto.Name, Price = dto.Price };
    db.Products.Add(product);
    await db.SaveChangesAsync();
    return Results.Created($"/api/products/{product.Id}", product);
});

products.MapPut("/{id:int}", async (int id, UpdateProductDto dto, AppDbContext db) => {
    var product = await db.Products.FindAsync(id);
    if (product is null) return Results.NotFound();
    product.Name = dto.Name; product.Price = dto.Price;
    await db.SaveChangesAsync();
    return Results.NoContent();
});

products.MapDelete("/{id:int}", async (int id, AppDbContext db) => {
    var rows = await db.Products.Where(p => p.Id == id).ExecuteDeleteAsync();
    return rows > 0 ? Results.NoContent() : Results.NotFound();
});

app.Run();

// DTOs (Data Transfer Objects — never expose entities directly)
public record CreateProductDto(string Name, decimal Price);
public record UpdateProductDto(string Name, decimal Price);