Best Practices for Creating ASP.NET Core REST API using OpenAPI

Overview

ASP.NET Core is a powerful and versatile framework for building web applications and APIs. When it comes to creating a RESTful API, defining a clear and standardized interface is crucial for seamless integration with client applications. OpenAPI, formerly known as Swagger, provides a comprehensive solution for designing, documenting, and implementing APIs in ASP.NET Core. In this article, we will explore the best practices for creating an ASP.NET Core REST API using OpenAPI to ensure consistency, scalability, and maintainability.

Define API Requirements

Before diving into development, it is essential to clearly define the requirements of our API. Analyse the specific functionalities it needs to expose, the data it will handle, and the expected responses. A well-defined API specification will serve as a solid foundation for designing our API with OpenAPI.

An example of how we can define API requirements for a hypothetical "Task Management API" using OpenAPI. Assuming we're building an API for managing tasks, let's outline some basic requirements, which are as follows below.

Define Functionalities

Specify the functionalities our API needs to expose. In this example, let's consider these basic functionalities, which are listed below.

  • Get a list of tasks.
  • Get details of a specific task.
  • Create a new task.
  • Update an existing task.
  • Delete a task.

Define Data Structures

Define the data structures (models) that our API will handle. Below are the models we'll use in this example.

components:
  schemas:
    Task:
      type: object
      properties:
        id:
          type: integer
          format: int64
        title:
          type: string
        description:
          type: string
        dueDate:
          type: string
          format: date

Define Endpoints

Create endpoints for each functionality, specifying the HTTP methods, request bodies (if any), and response models.

paths:
  /tasks:
    get:
      summary: Get a list of tasks.
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/Task'
    post:
      summary: Create a new task.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Task'
      responses:
        '201':
          description: Task created successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Task'

  /tasks/{taskId}:
    get:
      summary: Get details of a specific task.
      parameters:
        - name: taskId
          in: path
          required: true
          schema:
            type: integer
            format: int64
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Task'
    put:
      summary: Update an existing task.
      parameters:
        - name: taskId
          in: path
          required: true
          schema:
            type: integer
            format: int64
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Task'
      responses:
        '200':
          description: Task updated successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Task'
    delete:
      summary: Delete a task.
      parameters:
        - name: taskId
          in: path
          required: true
          schema:
            type: integer
            format: int64
      responses:
        '204':
          description: Task deleted successfully.

By defining API requirements using OpenAPI, we create a clear and structured foundation for our API development process. The example provided outlines how to define functionalities, data structures, and endpoints for a "Task Management API." Our actual API specification would expand on these concepts, considering factors like authentication, error handling, query parameters, and more.

Remember that OpenAPI allows us to precisely document our API requirements, making it easier to communicate these requirements to our development team and ensure that everyone is on the same page before we start coding.

Install OpenAPI Tools

To get started with OpenAPI in ASP.NET Core, we need to install the required NuGet packages. The Swashbuckle.The ASP.NETCore package is widely used for integrating OpenAPI into our project. We can install it using the NuGet Package Manager or Package Manager Console. The image example below shows us how to install it via NuGet Package Manager.

NuGet Package Access via Solution Explorer in ASP.NET Core API Project.

The steps below will guide us on how to install the Swashbuckle.AspNetCore via Manage NuGet Package Manager.

Step 1. Begin by locating the ASP.NET Core REST API Project within the Solution Explorer, situated on the left-hand side of the interface. Perform a right-click on the project to unveil a comprehensive menu encompassing various choices. From this context menu, proceed to select the "Manage NuGet Packages" option, distinctly demarcated by the conspicuous red box highlighting its significance.

Screenshot: Right-clicking on ASP.net Core Rest API Project in Solution Explorer. Menu options appear, with 'Manage NuGet Packages' highlighted in red by Ziggy Rafiq

Step 2. Initiate by finding the essential "Manage NuGet Packages" option, located at the window's top left corner. Click on "Browse" (highlighted in red) below, and type "Swashbuckle.AspNetCore" in the search field. The search will display various Swashbuckle packages. Choose "Swashbuckle.AspNetCore" (highlighted in blue) and then click the "Install" button (highlighted in green) on the right, next to the chosen package's version. This completes the process.

Screenshot illustrating locating the 'Manage NuGet Packages' option. The window's top left-hand corner is highlighted, and 'Browse' is emphasized in red. In the search field below, 'Swashbuckle.AspNetCore' is entered. A list of Swashbuckle packages is displayed as a result. 'Swashbuckle.AspNetCore' is highlighted in blue. An arrow points to the 'Install' button, which is highlighted in green, positioned on the right-hand side. This button is next to the version number of the selected package in the drop-down selection by Ziggy Rafiq

Enable OpenAPI in Program

As we delve into this section, our focus turns to empowering the capabilities of OpenAPI within our application. With this purpose in mind, we will initiate the setup process that enables seamless integration with OpenAPI. This pivotal step involves configuring the necessary components that empower our application to leverage the power of OpenAPI effectively. Through the forthcoming steps, we will unlock a world of enhanced documentation and interaction possibilities for our application's API.

In the Program.cs file, configure the OpenAPI services and middleware. Add the following code in the ConfigureServices and Configure methods.

Step 1. Configure Services Method

// Configure Services method
builder.Services.AddSwaggerGen(c =>
{
    c.SwaggerDoc("v1", new OpenApiInfo { Title = "Best Practices for Creating ASP.NET Core REST API using OpenAPI by Ziggy Rafiq", Version = "v1" });
});

Step 2. Configure Method

// Configure method
app.UseSwagger();
app.UseSwaggerUI(c =>
{
    c.SwaggerEndpoint("/swagger/v1/swagger.json", "Ziggy Rafiq Demo API V1");
});

Design API with RESTful Principles

As we embark on the journey of designing our API, it's imperative to embrace the core tenets of RESTful principles. These principles serve as the foundation for creating an API that not only aligns with industry best practices but also facilitates seamless interaction and comprehension.

In this meticulous process, each API endpoint is meticulously crafted, bearing in mind the essence of nouns for resource identification and HTTP verbs for defining actions. This approach lends a level of clarity and consistency that greatly enhances the user experience.

  1. GET /api/users

    1. Action: Retrieve a list of users

    2. Description: This endpoint serves to fetch a comprehensive list of users within the system. It adheres to the RESTful principle of using the HTTP GET verb to retrieve data.

  2. GET /api/users/{id}

    1. Action: Retrieve a specific user by ID

    2. Description: By including the user's unique identifier (ID) in the endpoint, we enable the retrieval of precise user details. The RESTful nature of the design leverages the HTTP GET verb for this purpose.

  3. POST /api/users

    1. Action: Create a new user

    2. Description: This endpoint facilitates the addition of a new user to the system. Employing the HTTP POST verb aligns with RESTful principles, as it signifies the act of creating a resource.

  4. PUT /api/users/{id}

    1. Action: Update an existing user by ID

    2. Description: Through this endpoint, we empower the modification of user information. The specific user is identified by their unique ID. The RESTful approach is upheld by employing the HTTP PUT verb for resource updating.

  5. DELETE /api/users/{id}

    1. Action: Delete a user by ID

    2. Description: By utilizing this endpoint, users can be removed from the system. The targeted user is pinpointed by their ID. In accordance with RESTful principles, the HTTP DELETE verb is employed for resource deletion.

A meticulous approach to API design ensures that our endpoints not only facilitate meaningful actions but also adhere to the robust RESTful framework, enriching our API's usability and comprehensibility.

Use Data Transfer Objects (DTOs)

In our quest to establish seamless communication between clients and the API, we embrace the prowess of Data Transfer Objects (DTOs). These robust constructs serve as data containers, ensuring a structured and controlled exchange of information. Unlike exposing our intricate domain models directly, DTOs assume the role of intermediaries, proficiently governing access to data.

By wielding this strategic approach, we fortify security and mitigate the potential vulnerability of overexposing sensitive data. DTOs epitomize a sophisticated layer that safeguards the integrity of our data and promotes encapsulation.

In this code example, we draw inspiration from the "Task Management API"  we've encountered.

// Original domain model
public class TaskModel
{
    public int Id { get; set; }
    public string Title { get; set; }
    public string Description { get; set; }
    public DateTime DueDate { get; set; }
}

// Data Transfer Object (DTO)
public class TaskDto
{
    public int Id { get; set; }
    public string Title { get; set; }
    public DateTime DueDate { get; set; }
}

We have created a DTO called TaskDto that encapsulates the communication properties. Note that the Description property is omitted because DTOs provide an efficient method of sharing data. With DTOs, we can optimize the communication process and safeguard sensitive aspects of our domain model by orchestrating a controlled and purpose-driven flow of data.

In the end, Data Transfer Objects represent a strategic move toward robust communication that maintains a delicate balance between access and security.

Validate Request Data

Within the realm of building a resilient API, the cardinal principle of data integrity stands tall. This entails rigorous validation of incoming request data, an indispensable safeguard against potential security vulnerabilities and data discrepancies. The journey toward a secure and reliable API begins with meticulous validation practices underpinned by the synergy of data annotations and custom validation logic.

In the ASP.NET Core landscape, a robust validation paradigm serves as a bulwark against data inconsistencies and unauthorized access. The integration of data validation holds particular significance when harmonized with the power of OpenAPI, effectively ensuring that only legitimate and correctly structured data enters our API.

Step 1. Employing Data Annotations

Data annotations, inherent within ASP.NET Core, emerge as a formidable tool to imbue request data with an aura of reliability. Through the strategic placement of attributes, we assert validation rules that guide the permissible format and constraints of incoming data.

In this code example, we will understand how data annotations can be applied to a DTO in conjunction with our TaskModel example.

using System.ComponentModel.DataAnnotations;

public class TaskDto
{
    public int Id { get; set; }
    
    [Required(ErrorMessage = "Title is required.")]
    public string Title { get; set; }
    
    [DataType(DataType.Date)]
    public DateTime DueDate { get; set; }
}

Step 2. Crafting Custom Validation Logic

For scenarios that transcend the realm of data annotations, custom validation logic takes the lead. By extending the ValidationAttribute class, we can create tailor-made validation rules that resonate with our API's unique requirements.

In this code example below, let's consider a custom validation attribute that ensures the due date is in the future.

using System;
using System.ComponentModel.DataAnnotations;

public class FutureDateAttribute : ValidationAttribute
{
    public override bool IsValid(object value)
    {
        if (value is DateTime date)
        {
            return date > DateTime.Now;
        }
        return false;
    }
}

Step 3. Integrating with OpenAPI

The fusion of data validation with OpenAPI crystallizes in the validation constraints, becoming an integral part of our API's documentation. When a client consumes our API through the OpenAPI documentation, they are guided by these constraints, thus minimizing the chances of invalid or erroneous requests.

By coupling data validation with OpenAPI, we're forging a path of data integrity and security that resonates through every interaction with our API. The result is a fortified ecosystem where reliable and validated data forms the bedrock of seamless communication.

In this code example below, the TaskDto class is annotated with data validation attributes, ensuring that the data adheres to defined rules. The CreateTask action method employs ModelState.IsValid to verify the validity of incoming data. If validation fails, a BadRequest response is returned, including the validation errors.

using Microsoft.AspNetCore.Mvc;
using Microsoft.OpenApi.Models;

namespace TaskManagementAPI.Controllers
{
    [ApiController]
    [Route("api/[controller]")]
    public class TasksController : ControllerBase
    {
        // ...

        [HttpPost]
        public ActionResult<TaskDto> CreateTask(TaskDto taskDto)
        {
            if (!ModelState.IsValid)
            {
                return BadRequest(ModelState);
            }

            // Process valid data and create the task
            // ...

            return Ok("Task created successfully");
        }
    }
    public class TaskDto
    {
        public int Id { get; set; }

        [Required(ErrorMessage = "Title is required.")]
        public string Title { get; set; }

        [DataType(DataType.Date)]
        public DateTime DueDate { get; set; }
    }
}

Remember the keep important when this API is documented using OpenAPI, the validation constraints specified in the TaskDto class become part of the documentation. Clients accessing our API via the OpenAPI documentation are equipped with the knowledge of exactly what data is expected and the validation criteria it must satisfy. This synergy between data validation and OpenAPI augments the reliability of data interactions and ensures a secure communication channel for our API.

Step 4. Leveraging Built-in Validation Features

ASP.NET Core graciously equips developers with a suite of built-in validation features. These intrinsic capabilities work in synergy with OpenAPI, yielding a seamless integration that bolsters the API's robustness.

Within our controller actions, we can invoke the ModelState.IsValid property to effortlessly validate incoming request data. This dynamic property gauges the validity of the request data based on the applied data annotations and custom validation logic.

In this code example, we illustrative excerpt from our controller methods.

[HttpPost]
public ActionResult<TaskDto> CreateTask(TaskDto taskDto)
{
    if (!ModelState.IsValid)
    {
        return BadRequest(ModelState);
    }
    
    // Process valid data and create the task
    // ...
}

By embracing this methodology, our API empowers itself to efficiently scrutinize incoming data, weed out discrepancies, and respond to invalid data with grace.

Step 5. Enhancing Data Integrity Through Documentation

When data validation is harmonized with OpenAPI, its impact extends beyond mere code execution. It becomes a cornerstone of our API's documentation. Every validation rule, be it a data annotation or custom logic, is vividly presented within the OpenAPI documentation. This empowers developers, whether they are consuming or contributing to our API, to understand the parameters of valid data exchange.

With meticulous validation, our API's documentation serves as a comprehensive guide for clients to interact securely and effectively. Each interaction is facilitated by a robust validation process that inherently safeguards data integrity.

In essence, the process of data validation, when intertwined with OpenAPI, creates a symbiotic relationship where data integrity, security, and comprehensibility thrive in harmony. This holistic approach ensures that our API not only functions as intended but does so with a profound commitment to security and reliability.

In this code example below, our TaskDto class is annotated with data validation attributes, just as before. Additionally, a custom OpenApiDefinitions class is created to provide information for the OpenAPI documentation. This class is used to define details such as the API's title, version, description, and contact information.

using Microsoft.AspNetCore.Mvc;
using Microsoft.OpenApi.Models;
using System;
using System.ComponentModel.DataAnnotations;
namespace TaskManagementAPI.Controllers
{
    [ApiController]
    [Route("api/[controller]")]
    public class TasksController : ControllerBase
    {
        // ...
        [HttpPost]
        public ActionResult<TaskDto> CreateTask(TaskDto taskDto)
        {
            if (!ModelState.IsValid)
            {
                return BadRequest(ModelState);
            }
            
            // Process valid data and create the task
            // ...
            return Ok("Task created successfully");
        }
    }
    public class TaskDto
    {
        public int Id { get; set; }

        [Required(ErrorMessage = "Title is required.")]
        public string Title { get; set; }

        [DataType(DataType.Date)]
        public DateTime DueDate { get; set; }
    }

    // OpenAPI documentation
    public class OpenApiDefinitions
    {
        public OpenApiInfo Info {

By integrating data validation with OpenAPI, we ensure that the validation rules are an integral part of our API's documentation. When clients access our API through the OpenAPI documentation, they have a clear understanding of the validation criteria for each data attribute. This alignment between validation and documentation fosters secure and effective interactions, reinforcing data integrity throughout the API ecosystem.

Step 6. Handling Validation Errors Gracefully

Validation is a two-way street. While it ensures data integrity, it also necessitates efficient error handling when data doesn't meet the defined criteria. This engagement between validation and error handling is crucial to create a user-friendly experience for clients.

Within our controller actions, we can further customize our responses to address validation errors. This provides clients with clear insights into what went wrong and how they can rectify it.

[HttpPost]
public ActionResult<TaskDto> CreateTask(TaskDto taskDto)
{
    if (!ModelState.IsValid)
    {
        var validationErrors = ModelState.Where(e => e.Value.Errors.Any())
                                          .ToDictionary(k => k.Key, v => v.Value.Errors.Select(e => e.ErrorMessage));
        return BadRequest(validationErrors);
    }
    
    // Process valid data and create the task
    // ...
}

By enriching the response with detailed error messages, we empower clients to rectify the issues efficiently, leading to smoother interactions and a positive user experience.

Step 7.The Power of Continuous Improvement

The beauty of embracing data validation within the OpenAPI context is its adaptability. As our API evolves, so can our validation rules. With OpenAPI serving as the documentation layer, changes in validation are seamlessly reflected, providing clients with up-to-date expectations for data exchange.

By nurturing a culture of continuous improvement, we ensure that our API's validation mechanisms align with the ever-changing landscape of data security and integrity.

In this code example below, we've introduced a custom validation attribute FutureDateAttribute that validates if a date is in the future. This showcases how the validation logic can evolve and adapt to changing requirements.

using Microsoft.AspNetCore.Mvc;
using Microsoft.OpenApi.Models;
using System;
using System.ComponentModel.DataAnnotations;
namespace TaskManagementAPI.Controllers
{
    [ApiController]
    [Route("api/[controller]")]
    public class TasksController : ControllerBase
    {
        // ...
        [HttpPost]
        public ActionResult<TaskDto> CreateTask(TaskDto taskDto)
        {
            if (!ModelState.IsValid)
            {
                return BadRequest(ModelState);
            }
            // Process valid data and create the task
            // ...
            return Ok("Task created successfully");
        }
    }

    public class TaskDto
    {
        public int Id { get; set; }
        [Required(ErrorMessage = "Title is required.")]
        public string Title { get; set; }
        [DataType(DataType.Date)]
        [FutureDate(ErrorMessage = "Due date must be in the future.")]
        public DateTime DueDate { get; set; }
    }
    // Custom validation attribute for future date
    public class FutureDateAttribute : ValidationAttribute
    {
        public override bool IsValid(object value)
        {
            if (value is DateTime date)
            {
                return date > DateTime.Now;
            }
            return false;
        }
    }
    // OpenAPI documentation
    public class OpenApiDefinitions
    {
        public OpenApiInfo Info { get; } = new OpenApiInfo
        {
            Title = "Task Management API",
            Version = "v1",
            Description = "An API for managing tasks with data validation integrated.",
            Contact = new OpenApiContact
            {
                Name = "Our Name",
                Email = "[email protected]"
            }
        };
    }
}

By nurturing a culture of continuous improvement, our API's validation mechanisms remain in alignment with the dynamic landscape of data security and integrity. As we update our validation rules, OpenAPI's role as a documentation layer ensures that clients are always informed of the latest expectations for data exchange. This dynamic harmony between validation and documentation enhances the reliability of our API over time.

It is the journey of data validation within the realm of OpenAPI a holistic endeavor that encapsulates meticulous design, execution, documentation, and adaptability. By weaving together these facets, we create an API ecosystem that's fortified by validation, poised for secure data exchanges, and dedicated to offering a refined experience to both clients and developers.

Document API with Descriptive Comments

In the meticulous endeavor of crafting an API that stands as a beacon of clarity and functionality, the act of documentation assumes a pivotal role. At the heart of this process lies the use of descriptive comments—a mechanism through which we articulate the essence of our API endpoints, parameters, and responses. These comments don't merely serve as annotations; they are the pillars upon which the comprehensibility and usability of our API stand. The symbiosis between these descriptive comments and the power of OpenAPI furnishes an automated mechanism for generating API documentation. With each carefully crafted comment, we set the stage for developers to seamlessly comprehend the intricacies of interacting with our API.

Step 1. Endpoints and Parameters

Every API journey commences with endpoints—gateways to functionality. Enriching these gateways with descriptive comments acts as a guide for developers navigating through the labyrinth of capabilities. Take, for instance, the scenario of retrieving a user's details.

In this code example below, the <summary> tag provides a concise summary of the endpoint's purpose. The <param> tag expounds on the parameters' roles, and the <returns> tag elucidates the anticipated response.

/// <summary>
/// Retrieve a specific user's details by ID.
/// </summary>
/// <param name="id">The ID of the user to retrieve.</param>
/// <returns>The details of the requested user.</returns>
[HttpGet("{id}")]
public ActionResult<UserDto> GetUser(int id)
{
    // Implement your logic here
}

Step 2. Responses

Responses are the soul of API interactions—they hold the outcomes developers eagerly anticipate. Elaborating on these outcomes through descriptive comments crystallizes the understanding. Consider the act of creating a new user. Once more, the descriptive comments underpin the API interaction with insights into its purpose, the nature of the request payload, and the response to be expected as the code example below shows us this.

Step 3. Harnessing OpenAPI's Magic

As these descriptive comments enrobe our API, they forge a pathway for OpenAPI to work its magic. As developers interact with our API documentation, OpenAPI diligently translates these comments into a coherent and structured resource. The documentation reflects the essence of every endpoint, parameter, and response, extending a helping hand to developers striving to navigate the intricacies of our API.

In this code example, we have the comments above; the CreateTask method provides a clear description of the endpoint's purpose, its parameters, and its expected response. When we integrate OpenAPI into our ASP.NET Core application, it utilizes these comments to automatically generate structured API documentation. This documentation helps developers understand the API's intricacies, ensuring that they can interact with it effectively and confidently.

using Microsoft.AspNetCore.Mvc;
using Microsoft.OpenApi.Models;
using System;
using System.ComponentModel.DataAnnotations;

namespace TaskManagementAPI.Controllers
{
    [ApiController]
    [Route("api/[controller]")]
    public class TasksController : ControllerBase
    {
        // ...

        /// <summary>
        /// Create a new task.
        /// </summary>
        /// <param name="taskDto">The task's information for creation.</param>
        /// <returns>A confirmation of the task's successful creation.</returns>
        [HttpPost]
        public ActionResult<string> CreateTask(TaskDto taskDto)
        {
            if (!ModelState.IsValid)
            {
                return BadRequest(ModelState);
            } 
            // Implement your logic here
            // ...
            return Ok("Task created successfully");
        }
        // Other endpoints and actions
        /// <summary>
        /// Data Transfer Object (DTO) for task information.
        /// </summary>
        public class TaskDto
        {
            public int Id { get; set; }
            [Required(ErrorMessage = "Title is required.")]
            public string Title { get; set; }
            [DataType(DataType.Date)]
            [FutureDate(ErrorMessage = "Due date must be in the future.")]
            public DateTime DueDate { get; set; }
        }
        /// <summary>
        /// Custom validation attribute for future date.
        /// </summary>
        public class FutureDateAttribute : ValidationAttribute
        {
            public override bool IsValid(object value)
            {
                if (value is DateTime date)
                {
                    return date > DateTime.Now;
                }
                return false;
            }
        }
        // OpenAPI documentation
        public class OpenApiDefinitions
        {
            public OpenApiInfo Info { get; } = new OpenApiInfo
            {
                Title = "Ziggy Rafiq Task Management API",
                Version = "v1",
                Description = "An API for managing tasks with comprehensive documentation.",
                Contact = new OpenApiContact
                {
                    Name = "Ziggy Rafiq",
                    Email = "[email protected]"
                }
            };
        }
    }
}

Step 4. Empowering Developers, Amplifying Usability

With each comment etched in precision, the resulting documentation becomes an invaluable resource. Developers, whether novices or veterans, are equipped with the knowledge necessary to seamlessly engage with our API. Descriptive comments transcend mere code; they encapsulate our API's essence and communicate it to those seeking to harness its power.

In this code example below, we have carefully crafted comments that transcend the boundaries of mere code annotations. They encapsulate the essence of our API's functionality, clarifying its purpose and the expected interactions. Developers, regardless of their experience level, are armed with invaluable insights as they traverse our API documentation. This empowers them to harness our API's capabilities effectively and fully unlock its potential.

using Microsoft.AspNetCore.Mvc;
using Microsoft.OpenApi.Models;
using System;
using System.ComponentModel.DataAnnotations;
namespace TaskManagementAPI.Controllers
{
    [ApiController]
    [Route("api/[controller]")]
    public class TasksController : ControllerBase
    {
        // ...
        /// <summary>
        /// Create a new task.
        /// </summary>
        /// <param name="taskDto">The task's information for creation.</param>
        /// <returns>A confirmation of the task's successful creation.</returns>
        [HttpPost]
        public ActionResult<string> CreateTask(TaskDto taskDto)
        {
            if (!ModelState.IsValid)
            {
                return BadRequest(ModelState);
            }
            // Implement your logic here
            // ...
            return Ok("Task created successfully");
        }
        // Other endpoints and actions
        /// <summary>
        /// Data Transfer Object (DTO) for task information.
        /// </summary>
        public class TaskDto
        {
            public int Id { get; set; }
            [Required(ErrorMessage = "Title is required.")]
            public string Title { get; set; }
            [DataType(DataType.Date)]
            [FutureDate(ErrorMessage = "Due date must be in the future.")]
            public DateTime DueDate { get; set; }
        }
        /// <summary>
        /// Custom validation attribute for future date.
        /// </summary>
        public class FutureDateAttribute : ValidationAttribute
        {
            public override bool IsValid(object value)
            {
                if (value is DateTime date)
                {
                    return date > DateTime.Now;
                }
                return false;
            }
        }
        // OpenAPI documentation
        public class OpenApiDefinitions
        {
            public OpenApiInfo Info { get; } = new OpenApiInfo
            {
                Title = "Ziggy Rafiq Task Management API",
                Version = "v1",
                Description = "An API for managing tasks with comprehensive documentation.",
                Contact = new OpenApiContact
                {
                    Name = "Ziggy Rafiq",
                    Email = "[email protected]"
                }
            };
        }
    }
}

The integration of descriptive comments with OpenAPI nurtures a realm where developers can immerse themselves in the API's essence, thereby fostering a harmonious union between comprehension and usability. As a result, the API becomes a conduit for innovation, enabling developers to channel their creativity with the confidence that they're interacting with a well-documented and empowering resource.

In the intricate dance between descriptive comments and OpenAPI, we orchestrate an experience of unimpeded comprehension. This experience, in turn, fuels the vitality of our API and beckons developers to embark on journeys of innovation, all while enjoying the robust support of a comprehensible and fully-documented API ecosystem.

Versioning Our API

As we embark on the journey of architecting a robust and adaptable API, the importance of versioning takes center stage. The art of versioning bestows upon us the ability to uphold backward compatibility while leaving the gateway open for future enhancements. This process ensures that the intricate tapestry of our API continues to serve both current and future demands. One of the potent methods to wield versioning lies in the inclusion of version numbers—a beacon guiding both developers and clients through the labyrinth of iterations.

Step 1. Embracing the Versioning Paradigm

The foundation of versioning is rooted in a simple yet profound principle: to clearly demarcate each iteration of our API. By assigning a version number to our API, we transform it into a cohesive entity that evolves while preserving its historical roots.

In this code example below, we have the versioning paradigm embraced by including version number v1 in the route of the TasksController class. This version number clearly demarcates the iteration of the API, turning it into a distinct and cohesive entity. As our API evolves, we can introduce new versions, such as v2, while preserving the historical roots of previous versions. This way, our API remains adaptable and backward-compatible, catering to both existing and potential consumers.

using Microsoft.AspNetCore.Mvc;
using Microsoft.OpenApi.Models;
using System;
namespace TaskManagementAPI.Controllers
{
    [ApiController]
    [Route("api/v1/[controller]")]
    public class TasksController : ControllerBase
    {
        // ...
        [HttpGet]
        public ActionResult<IEnumerable<TaskDto>> GetTasks()
        {
            // Implement your logic here
        }
        // Other endpoints and actions
        public class TaskDto
        {
            public int Id { get; set; }
            public string Title { get; set; }
            public DateTime DueDate { get; set; }
        }
        // OpenAPI documentation
        public class OpenApiDefinitions
        {
            public OpenApiInfo Info { get; } = new OpenApiInfo
            {
                Title = "Ziggy Rafiq Task Management API",
                Version = "v1",
                Description = "An API for managing tasks with version 1.",
                Contact = new OpenApiContact
                {
                    Name = "Ziggy Rafiq",
                    Email = "[email protected]"
                }
            };
        }
    }
}

Step 2. Selecting the Path of URL-Based Versioning

The landscape of versioning beckons us with diverse routes, each tailored to specific use cases. Among these, the URL-based approach emerges as an epitome of simplicity and adherence to RESTful practices. In the code example below, let's suppose we have an API for tasks, and we're venturing into versioning. Here's how the URL-based approach looks in practice.

[ApiController]
[Route("api/[controller]")]
public class TasksController : ControllerBase
{
    // ...
}
[ApiController]
[Route("api/v1/[controller]")]
public class TasksController : ControllerBase
{
    // ...
}

 

In this code example above, we have the addition of /v1/ in the route explicitly indicating the API's version. This way, the existing clients continue to interact with the previous version, while newer clients can access the enhanced version seamlessly.

Step 3. Bestowing Client-Friendly Simplicity

The beauty of the URL-based approach lies in its innate simplicity. Clients intuitively navigate through the API, with version numbers acting as signposts. The result is a streamlined experience that minimizes friction and maximizes engagement.

In this code example, we have the versioning approach demonstrated by including the version number v1 in the route of the TasksController class. This version number serves as a signpost for clients as they navigate through the API. By intuitively including the version in the URL, clients experience a seamless and straightforward interaction. The result is a streamlined experience that reduces friction and encourages engagement. This simplicity in navigation enhances the usability of the API and ensures that clients can easily discover and leverage the features provided by each version.

using Microsoft.AspNetCore.Mvc;
using Microsoft.OpenApi.Models;
using System;
namespace TaskManagementAPI.Controllers
{
    [ApiController]
    [Route("api/v1/[controller]")]
    public class TasksController : ControllerBase
    {
        // ...
        [HttpGet]
        public ActionResult<IEnumerable<TaskDto>> GetTasks()
        {
            // Implement your logic here
        }
        // Other endpoints and actions
        public class TaskDto
        {
            public int Id { get; set; }
            public string Title { get; set; }
            public DateTime DueDate { get; set; }
        }
        // OpenAPI documentation
        public class OpenApiDefinitions
        {
            public OpenApiInfo Info { get; } = new OpenApiInfo
            {
                Title = "Ziggy Rafiq Task Management API",
                Version = "v1",
                Description = "An API for managing tasks with version 1.",
                Contact = new OpenApiContact
                {
                    Name = "Ziggy Rafiq",
                    Email = "[email protected]"
                }
            };
        }
    }
}

Step 4. Adaptability for the Future

Versioning isn't a mere strategy; it's a roadmap for evolution. As our API matures, new features and refinements will emerge. With the URL-based versioning approach, accommodating these changes becomes a natural progression. New iterations can be gracefully introduced, maintaining a harmonious balance between innovation and compatibility.

In this code example below, we have the API initially designed with version 1 using the URL-based versioning approach (api/v1/[controller]). As the API evolves, a new version (v2) is introduced by creating a new controller class (TasksControllerV2) with an updated route (api/v2/[controller]). This approach allows for the graceful introduction of new features and refinements while maintaining compatibility with existing clients. Each version has its own set of endpoints, actions, and DTOs, ensuring a harmonious balance between innovation and compatibility.

using Microsoft.AspNetCore.Mvc;
using Microsoft.OpenApi.Models;
using System;
namespace TaskManagementAPI.Controllers
{
    // Original version (v1)
    [ApiController]
    [Route("api/v1/[controller]")]
    public class TasksController : ControllerBase
    {
        // ...
        [HttpGet]
        public ActionResult<IEnumerable<TaskDto>> GetTasks()
        {
            // We Implementation our logic here
        }
        // Other endpoints and actions
        public class TaskDto
        {
            public int Id { get; set; }
            public string Title { get; set; }
            public DateTime DueDate { get; set; }
        }
        // OpenAPI documentation
        public class OpenApiDefinitions
        {
            public OpenApiInfo Info { get; } = new OpenApiInfo
            {
                Title = "Ziggy Rafiq Task Management API",
                Version = "v1",
                Description = "An API for managing tasks with version 1.",
                Contact = new OpenApiContact
                {
                    Name = "Ziggy Rafiq",
                    Email = "[email protected]"
                }
            };
        }
    }
    // New version (v2) introduced
    [ApiController]
    [Route("api/v2/[controller]")]
    public class TasksControllerV2 : ControllerBase
    {
        // ...

        [HttpGet]
        public ActionResult<IEnumerable<TaskDtoV2>> GetTasks()
        {
            // Implementation our logic here for version 2
        }

        // Other endpoints and actions specific to v2
        public class TaskDtoV2
        {
            public int Id { get; set; }
            public string Title { get; set; }
            public DateTime DueDate { get; set; }
            public string Priority { get; set; } // Additional property in v2
        }
        // OpenAPI documentation for version 2
        public class OpenApiDefinitionsV2
        {
            public OpenApiInfo Info { get; } = new OpenApiInfo
            {
                Title = "Ziggy Rafiq Task Management API",
                Version = "v2",
                Description = "An API for managing tasks with version 2.",
                Contact = new OpenApiContact
                {
                    Name = "Ziggy Rafiq",
                    Email = "[email protected]"
                }
            };
        }
    }
}

Step 5. Harnessing Header-Based Versioning

While the URL-based approach garners favor for its simplicity, another avenue is header-based versioning. This method involves specifying the version number in the request header. While it offers flexibility, it may require more client-side effort to incorporate the header. Below is a code example showing us the Header-based versioning.

// Header-based versioning
[ApiController]
[Route("api/[controller]")]
public class TasksController : ControllerBase
{
    // ...
    [HttpGet]
    [ApiVersion("1.0")] // Version specified in the header
    public ActionResult<IEnumerable<Task>> GetTasks()
    {
        // Implementation of your logic here
    }
}

Step 6. In Summation

Versioning our API encapsulates the ethos of evolution within its framework. By employing version numbers in URLs or headers, we extend an olive branch to both current and future stakeholders. We align ourselves with RESTful principles, ensuring compatibility and simplicity for clients. This meticulous approach doesn't just enhance our API; it nurtures an ecosystem that thrives on the continuous synergy between innovation and accessibility.

In this code example below, we have the API versioned using URL-based versioning (api/v1/[controller] and api/v2/[controller]). Each version is encapsulated within its own controller class (TasksController and TasksControllerV2). Additionally, custom OpenAPI documentation classes (OpenApiDefinitions and OpenApiDefinitionsV2) are defined to describe each version of the API. The custom ApiVersionAttribute demonstrates how we can create our own versioning attributes to encapsulate versioning behavior, providing a seamless way to apply versioning across multiple controllers. This approach aligns with RESTful principles, allowing for compatibility and simplicity for clients while fostering a dynamic ecosystem that thrives on innovation and accessibility.

using Microsoft.AspNetCore.Mvc;
using Microsoft.OpenApi.Models;
using System;
namespace TaskManagementAPI.Controllers
{
    // Version 1
    [ApiController]
    [Route("api/v1/[controller]")]
    public class TasksController : ControllerBase
    {
        // ...
    }
    // Version 2
    [ApiController]
    [Route("api/v2/[controller]")]
    public class TasksControllerV2 : ControllerBase
    {
        // ...
    }
    // OpenAPI documentation for version 1
    public class OpenApiDefinitions
    {
        public OpenApiInfo Info { get; } = new OpenApiInfo
        {
            Title = "Ziggy Rafiq Task Management API",
            Version = "v1",
            Description = "An API for managing tasks with version 1.",
            Contact = new OpenApiContact
            {
                Name = "Ziggy Rafiq",
                Email = "[email protected]"
            }
        };
    }

    // OpenAPI documentation for version 2
    public class OpenApiDefinitionsV2
    {
        public OpenApiInfo Info { get; } = new OpenApiInfo
        {
            Title = "Ziggy Rafiq Task Management API",
            Version = "v2",
            Description = "An API for managing tasks with version 2.",
            Contact = new OpenApiContact
            {
                Name = "Ziggy Rafiq",
                Email = "[email protected]"
            }
        };
    }
    // Custom versioning attribute
    [AttributeUsage(AttributeTargets.Class, Inherited = false, AllowMultiple = false)]
    public class ApiVersionAttribute : RouteAttribute
    {
        public ApiVersionAttribute(string version) : base($"api/{version}/[controller]")
        {
        }
    }
}

Summary

Creating a formidable and meticulously documented RESTful API in the ASP.NET Core ecosystem, fortified by the power of OpenAPI, is not only a step but a stride toward delivering an unparalleled experience to the consumers of our digital offerings. This article serves as a compass, guiding us through the intricate terrain of best practices that promise not only consistency, scalability, and maintainability but a symphony of success resonating through the entire lifecycle of our API.

Illuminating the Pathway to Excellence

Our journey toward API excellence is adorned with the jewels of best practices elucidated within these digital pages. Infusing these practices into the very DNA of our API engenders a structure capable of scaling with grace, maintaining its integrity over time, and assuring a frictionless experience for both creators and consumers.

Evolution as a Guiding Principle

In the ever-evolving landscape of technology, the importance of keeping our API specification in sync with reality cannot be understated. This document metamorphoses into a guiding light, reflecting the very essence of our API's evolution. OpenAPI, the versatile ally, acts as the bridge that spans the chasm between API architects and eager consumers, facilitating a harmonious exchange of insights and expectations.

Embracing the Beyond: Aspects Beyond the Horizon

While this article encapsulates a comprehensive discourse on creating well-documented APIs with OpenAPI and ASP.NET Core, it merely marks the horizon of a broader realm. Security, authentication, and authorization stand as vigilant sentinels, while the orchestration of CRUD operations, data access, and business logic, though deserving of extensive exploration, are reserved for another chapter.

Beyond Words: The Code Unveiled

Our journey is incomplete without delving into the tangible expressions of our discourse. Code, a language understood by machines and humans alike, provides the canvas upon which our concepts manifest. As we explore further, rest assured that code examples will guide our path, unveiling the magic that lies beneath the surface.

In Closing: The Odyssey Continues

As we partake in this digital odyssey of API craftsmanship, remember that the path to excellence is a perpetual voyage. It thrives on adaptation, nurtures innovation, and celebrates the art of crafting APIs that transcend code and transform it into impactful experiences. Our role as architects is unending—continuously refining the art, reinventing the approach, and reshaping the landscape of digital interaction.

The Code Examples are available on my GitHub Repository:  https://github.com/ziggyrafiq/ASP.NET-Core-REST-API-Best-Practices-with-OpenAPI

Please do not forget to follow me on LinkedIn https://www.linkedin.com/in/ziggyrafiq/ and click the like button if you have found this article useful/helpful.

 


Capgemini
Capgemini is a global leader in consulting, technology services, and digital transformation.