layout: true <div class="my-header"></div> <div class="my-footer">Andrei Ignat , http://msprogrammer.serviciipeweb.ro/</div> --- class: center, middle # WebAPI should / must have => ( press > ) https://ignatandrei.github.io/Presentations/WebAPIBPprez.html Code at https://ignatandrei.github.io/Presentations/WebAPIBP.zip --- # Agenda 00. About me 01. Introduction to WebAPI 02. Development = Visibility 03. Development = Authorization + Authentication 04. Development = Problem Details 05. Testing 06. Production = Versioning 07. Production = CORS 08. Production = WhiteBox monitoring 09. Production = Blackbox monitoring + observability 10. Production = Rate Limit 11. Production = Cache Data 12. Production = State --- class: center, top # About me  Andrei Ignat http://msprogrammer.serviciipeweb.ro/ www.ASP.NET forum moderator YouTube 5 minutes .NET and tools : http://bit.ly/5MinTools Book Making Open Source Component : http://bit.ly/NetOpenSourceComponent Book Copy Paste from StackOverflow : https://amzn.to/2PQ8EDc Monthly meetings: https://www.meetup.com/Bucharest-A-D-C-E-S-Meetup/ --- class: center, top # Introduction to WebAPI Demo : Visibility - browse to /weatherforecast --- class: left, top # Development = Visibility Why : See your web api Open API / Swagger – read https://docs.microsoft.com/en-us/aspnet/core/tutorials/getting-started-with-swashbuckle or https://docs.microsoft.com/en-us/aspnet/core/tutorials/getting-started-with-nswag For graphQL you can use https://github.com/graphql-dotnet/server You can also see https://github.com/ignatandrei/netcoreblockly ( my pet project for integrating GraphQL + Swagger with Blockly Demo: Visibility Browse to /api/blog /swagger ( Why swagger does not generate ? - start as exe ) /blockly.html --- class: left, top # Authorization and Authentication Windows Identity : https://docs.microsoft.com/en-us/aspnet/core/security/authentication ASP.NET Identity – https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identit Identity Server ( soon to be retired , paid version available ) – https://identityserver.io/ OpenIddict – https://github.com/openiddict/openiddict-core OAuth, JWT, Cookie, 2FA s: https://docs.microsoft.com/en-us/dotnet/architecture/microservices/secure-net-microservices-web-applications/ No Demo --- class: left, top # Development = Problem Details Why : Understand problems https://docs.microsoft.com/en-us/aspnet/core/web-api/handle-errors?view=aspnetcore-3.1 https://codeopinion.com/http-api-problem-details-in-asp-net-core/ Demo: Visibility Browse to /api/blog/1 - in VS -nice page /api/blog/1 - in the exe - 500 Uncomment //app.UseProblemDetails(); See also opt.IncludeExceptionDetails Go Again to /api/blog/1 - in the exe - 500 --- class: left, top # Testing Why : https://docs.microsoft.com/en-us/aspnet/core/mvc/controllers/testing?view=aspnetcore-3.1 Postman - https://www.postman.com/ Powershell https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-webrequest?view=powershell-7 HttpRepl https://docs.microsoft.com/en-us/aspnet/core/web-api/http-repl Executing from file: https://github.com/ignatandrei/WebAPI2CLI Demo: Postman --- class: left, top # Versioning Why : Changing the endpoints See https://github.com/microsoft/aspnet-api-versioning . I do like https://github.com/microsoft/aspnet-api-versioning/wiki/Versioning-via-the-URL-Path Demo: old /weatherforecast api/v1.0/VersionExample/Name api/v1.0/VersionExample/Name Alternative: Level 3 RestAPI: https://martinfowler.com/articles/richardsonMaturityModel.html Read also why : https://blog.ploeh.dk/2020/10/26/fit-urls/ --- class: left, top # Production – CORS Why : Accessing from another site( Angular, Vue, React) https://docs.microsoft.com/en-us/aspnet/core/security/cors No Demo --- class: left, top #Production – WhiteBox Monitoring Serilog https://serilog.net/ NLog https://nlog-project.org/ Ecosystem for logs – ELK – https://www.elastic.co/what-is/elk-stack ? or amazon/opendistro-for-elasticsearch Demo: /weatherforecast https://github.com/NLog/NLog/wiki/Getting-started-with-ASP.NET-Core-3 --- class: left, top #Production –BlackBox Monitoring and Observability – RED - Rate, Errors, Duration Rate - the number of requests, per second, you services are serving. Errors - the number of failed requests per second. Duration - distributions of the amount of time each request takes. USE - Utilization, Saturation, Errors Utilization: the average time the resource was busy servicing work Saturation: the degree to which the resource has extra work which it can’t service, often queued Errors: the count of error events Read about AppMetrics – https://www.app-metrics.io/web-monitoring/aspnet-core/tracking-middleware/ Ecosystem: Prometheus --- class: left, top #Production –Rate limit – do not allow insane usage https://github.com/stefanprodan/AspNetCoreRateLimit Started my own project – do not have time to finish : https://github.com/ignatandrei/NetCoreRetarder --- class: left, top #Production –Caching data – to return latest values V1: static variable caching V2: IMemoryCache https://docs.microsoft.com/en-us/aspnet/core/performance/caching/memory V3: Distributed Caching: https://docs.microsoft.com/en-us/aspnet/core/performance/caching/distributed?view=aspnetcore-3.1 --- class: left, top #Production – Status of the system HealthChecks – https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/health-checks More HC + UI: https://github.com/Xabaril/AspNetCore.Diagnostics.HealthChecks Monitor: 1. Asp.NET Core 2. System: free space, ram 3. Databases: 4. Anything other See https://ignatandrei.github.io/Presentations/NETCoreHealthChecksprez.html#1 Demo: http://antiq.herokuapp.com/health http://antiq.herokuapp.com/healthz http://antiq.herokuapp.com/healthchecks-ui --- class: center, top # Questions? Andrei Ignat http://msprogrammer.serviciipeweb.ro/ www.ASP.NET forum moderator YouTube 5 minutes .NET and tools : http://bit.ly/5MinTools Book Making Open Source Component : http://bit.ly/NetOpenSourceComponent Book Copy Paste from StackOverflow : https://amzn.to/2PQ8EDc Monthly meetings: https://www.meetup.com/Bucharest-A-D-C-E-S-Meetup/