Backend Web API Service / REST API
- 7 minutes to read
Overview
The Solution Wizard creates a back-end Web API Service (Web API) with integrated authorization and CRUD operations powered by Microsoft EF Core and DevExpress XPO ORM library. You can use OAuth2, JWT, or custom strategies for authentication. The built-in Security System also filters out secure server data based on permissions granted to users.
The Web API creates URLs (endpoints) that allow you to perform CRUD operations from your non-XAF UI applications (for instance, .NET MAUI, JavaScript, or Blazor clients). It uses ASP.NET Core OData 8.0 (OData v4.0) to support paging, filters, and other OData options. This service can be hosted as part of a Blazor Server project or as a standalone ASP.NET Core project.
The Web API utilizes Swagger (OpenAPI) to display and test endpoints. You can also test endpoints or consume the Web API with other platforms (for example, Postman, .NET, or JavaScript).
The basic functions of our Web API Service (including the Solution Wizard) are available for free as part of our .NET App Security & Web API Service free offer. To register your free copy today, please visit our .NET App Security & Web API – Free Offer from DevExpress page.
Additional services/benefits of our Web API Service ship as part of the DevExpress Universal Subscription and include:
- Technical support and full source code.
- XAF’s administrative UI to manage users and roles at runtime using WinForms, WebForms, and Blazor apps: Getting Started Tutorial | Demos.
- Localization functions (endpoints to obtain localized captions for classes, members, and custom UI elements).
- Advanced/enterprise functions such as audit trail, endpoints to download reports, file attachments, check validation, etc.
See Also
Note
The Solution Wizard template for Web API .NET-based projects is available in Visual Studio 2022+ after you run the Universal Component Installer from the Download Manager.
See the Get Started with Web API Service topic for information on how to install all tools required to start a new Web API Service project.
How to Use
You can add the Web API to an existing Blazor Server project or create a new project with this service:
- Create a Standalone Web API Application
- Integrate the Web API into an Existing XAF Blazor Application
After you add the Web API to your project, you can use it as described in the following topics:
- Add and Protect CRUD Web API Endpoints
- Make HTTP Requests to the Web API from .NET Applications
- Execute Custom Operations on Endpoint Requests
- Create Custom Endpoints
- Access Object Space, Security System, and Caption Helper in Custom Endpoint Methods
Additionally, review our GitHub examples:
- JavaScript with DevExtreme + ASP.NET Core Web API/OData App
- JavaScript with Svelte + ASP.NET Core Web API/OData App
- Blazor WebAssembly App
- .NET MAUI (iOS/Android) App
- WinForms Application (with OData)
Authentication Options
The Web API supports all standard ASP.NET Core authentication techniques that you can specify in the MySolution.WebApi\Startup.cs (MySolution.Blazor.Server.Startup.cs) file. See the following topic for details: Authentication in Web API Projects.
Performance Considerations
You can disable logging to improve the Web API performance. To do this, set the LogLevel.DevExpress.ExpressApp option to None.
File: MySolution.Blazor.Server\appsettings.json (MySolution.Blazor.Server\appsettings.Development.json for debugging)
// ...
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information",
"DevExpress.ExpressApp": "None"
}
// ...
Use logging options other than None (for example, DevExpress.ExpressApp = Debug
) only for debugging purposes because logging reduces performance. See the following topic for more information: Log Files.
Limitations
- The capability to use custom fields in an XPO data model is not supported. The underlying ASP.NET Core Web API / OData v4 infrastructure accesses type information directly through reflection in the form of System.Type objects, which do not contain information about custom fields.
FAQ
Q: Is the .NET App Security & Web API free for commercial use?
A: Absolutely. .NET App Security & Web API is available free-of-charge. To download your copy, visit: https://www.devexpress.com/security-api-free.
When you register for a free DevExpress product, you can use your registered product for as long as your needs dictate. Should an update be made available free-of-charge, you will be notified by email or on this website. Updates that are issued free-of-charge can also be used indefinitely. Please refer to the DevExpress End User License Agreement for detailed licensing information.
Q: Do I have to include XAF UI dependencies in my project?
A: Our Web API Service relies on Visual Studio 2022 and a few non-visual cross-platform .NET packages (example). These include DevExpress.Data, DevExpress.Xpo, DevExpress.Document.Processor, and other core libraries. Though these packages have “XAF” or “ExpressApp” in their names, you do not need to pull XAF WinForms, WebForms, and Blazor dependencies in your projects.
In other words, if you do not require XAF, you are not forced to use it. Optionally, you can tell the Solution Wizard to create the Web API Service inside an XAF Blazor UI app. This could be helpful to those who wish to incorporate a web Admin Panel (watch the video) and an embedded API server within the same package (for easier hosting and maintenance). Again, this is entirely up to you. You can always use the Web API Service on a standalone basis.
Q: Will I benefit from the Web API Service if I’m not developing XAF UI apps?
A: Our Web API Service can be used outside of XAF-powered UI apps. Numerous developers have successfully used our Web API Service as a backend for their Angular, Vue, React, Blazor WebAssembly, Xamarin, and other .NET/JavaScript UI clients.
For more information in this regard, check out our DevExtreme example on GitHub. This example uses our client-side dxDataGrid with DevExpress.Data.ODataStore (just like many other CRUD apps powered by DevExtreme). We’ve also published a video series where we built a .NET MAUI mobile app that consumes our Web API Service (see also .NET MAUI example sources).
Q: Do I have to learn a lot of XAF terminology to consume the Web API?
A: As far as clients or consumers are concerned, our Web API Service is a standard ASP.NET Core OData 8.0 service – use the standard OData v4 query options to consume our API. You can also use Swagger UI, Postman, developer tools within your favorite web browser, or standard .NET/JavaScript API.
We have published dozens of .NET code examples with the standard HttpClient: Make HTTP Requests to the Web API from .NET Applications. You can find other examples in public community resources for your favorite client UI technology.
Q: Will it take hours to get started?
A: We ship a 1-Click solution to build CRUD REST API for popular usage scenarios – from zero to a running Swagger UI.
To use the free Solution Wizard in Visual Studio 2022, which creates a Web API Service, simply run the Universal Component Installer from the Download Manager and enter the credentials for your DevExpress account (free or paid/Universal). Once installed, you can select “File | New Project > Next > Next > Finish > F5” using our project template in Visual Studio 2022, and that is it.
The Solution Wizard adds all required dependencies, Entity Framework DbContext, default access control rights, a connection string, etc. For more information on our Solution Wizard, refer to the following help topic: Create a Standalone Web API Application.
Q: Can I customize the API (add custom endpoints, remove data from response, and so on)?
A: You can do everything that you can do with ASP.NET Core OData. Microsoft published lots of information in this regard here: Create web APIs with ASP.NET Core.
To save time for our Web API Service users, we documented highly popular OData customizations on our website:
- Create Custom Endpoints | Expose or Hide Business Object Properties
- Change an EDM Model Structure using ODataModelBuilder | Customize OData Options
- Authenticate Users & Authorize CRUD Operations in .NET MAUI Apps with Web API Service & EF Core (videos on YouTube)
- Add Custom Web API Endpoints To Check Permissions & Query Media Data in .NET MAUI Apps with EF Core (videos on YouTube)
- Preview Reports as PDF in .NET MAUI Apps using Backend Web API Service Endpoints with EF Core (videos on YouTube)
You can customize your own EF Core or XPO data model and fine-tune things at the XAF layer (security permissions, CRUD behavior, and so on).