Making APIs available publicly

Amjad Khan 21 Reputation points
2022-04-21T17:25:48.52+00:00

I have a .NET6 Blazor wasm application https://invoicis.com. The app was built using standard Blazor wasm template with individual accounts authentication and hosted options turned on. The Client application uses http calls to get and send data to the server. The Server project has controllers to perform various functions. Controllers use the [Authorize] attribute to allow only authenticated access. All is well and good.

Now I want to make all the APIs that I have in my Server project available to third party applications. How should that be accomplished?

  1. Should I create a new API project and rewrite all the code that I have in my existing controllers into the new API project?
  2. How will third party access to my APIs be authenticated? Right now invoicis.com uses the built in Identity Server to register and authenticate clients. The controllers use the same authentication. The login page lets users login and then the APIs just work. So my questions is if I make the APIs available to third party, how will they (1) register and (2) login so they have access to my controllers? What is the standard way of doing this?
ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,199 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bruce (SqlWork.com) 56,846 Reputation points
    2022-04-21T18:32:44.097+00:00

    your apis are already public. you might want to add a swagger ui to allow docs and creation of client callers.

    the blazer template uses oauth with jwt tokens. so callers of your api, would use your oauth server to get a token. the template uses the Duende oauth server.

    https://docs.duendesoftware.com/identityserver/v6

    check that their license meets your requirements. then a client wanting to call the public api would use:

    https://docs.duendesoftware.com/identityserver/v6/tokens/requesting/

  2. Bruce (SqlWork.com) 56,846 Reputation points
    2022-04-21T20:59:56.5+00:00

    in the server project you would replace:

    builder.Services.AddIdentityServer()
    .AddApiAuthorization<ApplicationUser, ApplicationDbContext>();

    with the configuration requirements of the identity server you are using. it should have the documentation to configure. but probably:

    https://learn.microsoft.com/en-us/dotnet/api/microsoft.extensions.dependencyinjection.oauthextensions?view=aspnetcore-6.0

    0 comments
  3. near 1 Reputation point
    2022-04-22T18:02:23.567+00:00

    Thank you very much for creating this… this is really helpfull !

    www.neareshop.com

    0 comments