Book Review: Building Web APIs with ASP.NET Core

Book Review: Building Web APIs with ASP.NET Core

Over the years, one area that I have a great interest in, and yet I think gets nowhere near the right amount of attention is API design. So I was really interested to hear fellow MVP Valerio De Sanctis’ ideas in the new book Building Web APIs With ASP.NET Core .

API Design and Standards

I can’t tell you how many times I’ve had to work with poorly designed APIs. It affects me when working with data, but also affects almost every aspect of computing.

Recently, I needed to retrieve data from a software as a service application, and instead of providing a standard REST-based interface (like you’d expect most people to do), they provided an interface where you made a REST based call to retrieve a URL, then you needed to use the URL to download a SQLLite database file. What I really wanted was details of what had changed recently. Instead of that data, I got the SQLLite database file that held data from when they did the last build, and another SQLLite database file that held a copy of all changed rows. Processing that was an absolute mess.

Design vs Build

I liked the coverage in this book, but it’s important to realize what the balance of the book is. It’s really more about how to implement REST, GraphQL, and gRPC based API projects in ASP.NET Core. It has content on the design of the APIs but based on the title, that’s not the primary focus.

The book does cover some design principles though. There is coverage of standard design guidelines for REST interfaces.

Also worth noting that the focus is on the most common type of APIs i.e., HTTP web APIs, not on other styles like AMQP or other IoT related styles.

Other content

There were some good additions to the content in this book. For example, it was pleasing to see Swagger being used in examples. It has fast become an invaluable tool for anyone working with APIs. Similarly, there was some content on OpenAPI.

I liked seeing the discussion on caching and Redis.

Areas where I differ

I’d agree with most of what’s in the book, but there are a few areas where I disagree.

The data handling was based around the Entity Framework (EF). I can’t say I’m a fan of that. It’s ok for small low-volume systems but it really shouldn’t be used for any system that has high data handling volumes.

In terms of naming, I’m not a fan of generic column names like “Id”, “Name”, etc. in databases.

I also disagree with the author around the rationales for using a ORM at all, for these projects. And that applies even more so, to the use of code-first development with the database. In my experience, that’s a disaster for anything except toy-sized systems.

I’d like to have seen the focus on data within SQL Server be with UTF-8 based data, not nvarchar based data.

I also didn’t love how the security for working with the database was handled. Again, that’s just not a safe way to work.

On a similar security-based topic, I don’t like seeing API projects implementing their own security, even with the built-in AspNetCore.Identity framework. I’ve never thought that ASP related membership system is a good idea.

Source and Forum

It’s another book where the author has followed the trend of making a GitHub repository with the source code available to the reader. That’s always excellent. The code is based on ASP.NET Core and uses Visual Studio 2022 for examples.

There is also a forum to allow discussion between the author and readers. That’s something I don’t see often enough.

Missing Areas?

This book seems to be designed around using Microsoft based tools to build API projects that are not necessarily going to be deployed on Microsoft services like Azure.

However, a large number of people who use Microsoft based tools to build API projects will end up deploying them on Azure. And in that case, what’s missing from the book is how to use the Azure-based services to help with building your APIs.

For example, it’s hard to imagine why Azure API Management doesn’t seem to be discussed. Almost every time I’m building APIs today, they will be deployed behind Azure API Management. It will provide Microsoft Entra ID based identity services; it will provide logging; it will provide redundancy; it will provide throughput management, and much more. And those services will be far more robust than the ones you create yourself.

The other area that I thought was really missing was a discussion around using CI/CD for deployment. Given Visual Studio was used, perhaps just get the user started with connecting the projects to Azure DevOps.

Summary

This is quite a good book, and it will have been a big effort to write it. I think it would benefit though, from a more enterprise based outlook, particularly around data, source control/deployment options, and the use of Azure services.

6 out of 10

2025-05-14