Create Restful Web Api's From Start To Finish with .Net Core & MySQL | Asfend Yar | Skillshare

Create Restful Web Api's From Start To Finish with .Net Core & MySQL

Asfend Yar, Microsoft MVP

Play Speed
  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x
87 Lessons (4h 22m)
    • 1. Introduction

      1:20
    • 2. Course Structure

      1:51
    • 3. Tooling and Prerequisites

      0:53
    • 4. What is API

      2:08
    • 5. Create A Web Api Project

      2:03
    • 6. Project Architecture

      6:09
    • 7. Http Verbs

      1:19
    • 8. Create Models

      2:32
    • 9. Create Controllers

      1:00
    • 10. Http Get Request

      2:55
    • 11. Http Post Request

      6:10
    • 12. Http Put Request

      2:40
    • 13. Http Delete Request

      2:41
    • 14. Code First Approach

      0:46
    • 15. Install MYSQL and Workbench

      4:41
    • 16. Configure MySQl Nuget Package

      1:39
    • 17. DbContext Class

      6:03
    • 18. Database Conection String

      3:58
    • 19. Database Ensure Created

      3:18
    • 20. Handling Get Request

      2:02
    • 21. Handling Post Request

      2:00
    • 22. Handling Put Request

      2:39
    • 23. Handling Delete Request

      2:53
    • 24. Http Status Codes Overview

      0:48
    • 25. Status Code in Get Request

      3:25
    • 26. Status Code in Post Request

      1:17
    • 27. Status Code in Put Request

      3:09
    • 28. Status Code in Delete Request

      2:21
    • 29. Content Negotiation Overview

      2:18
    • 30. Implement Content Negotiation

      3:05
    • 31. Migrations Overview

      1:58
    • 32. Drop The Database

      2:00
    • 33. Implement Code First Migrations

      2:18
    • 34. Adding Data

      5:11
    • 35. Validation Overview

      2:09
    • 36. Implement Model Validations

      6:17
    • 37. Routing Overview

      1:59
    • 38. Implement Attribute Routing

      3:15
    • 39. Sorting Overview

      1:35
    • 40. Implement Sorting

      5:41
    • 41. Paging Overview

      1:40
    • 42. Implement Paging

      7:25
    • 43. Searching Overview

      0:43
    • 44. Implement Searching

      3:30
    • 45. Caching Overview

      2:27
    • 46. Response Caching

      2:33
    • 47. Add Cache Support in Web Api s

      1:28
    • 48. Cache Duration

      2:25
    • 49. Cache Location

      3:38
    • 50. Security Overview

      1:48
    • 51. Auth0 Account Setup

      0:56
    • 52. Auth0 Tenant Domain

      2:08
    • 53. Auth0 Api Setup

      1:54
    • 54. Implement Auth0 Support in

      1:48
    • 55. Auth0 Database Setup

      3:07
    • 56. Authentication Api Endpoint

      4:55
    • 57. Implement Signup Api Endpoint

      3:35
    • 58. Implement Resource Owner Password Endpoint

      6:04
    • 59. JWT Overview

      5:02
    • 60. Implement Authorization

      5:09
    • 61. Testing Authorization

      3:28
    • 62. Problems in Authentication

      4:45
    • 63. User Claims

      11:30
    • 64. User Specific Get Method

      2:17
    • 65. Allow Anonymous Attribute

      1:39
    • 66. Create Azure Account

      1:18
    • 67. Create Azure Web App

      3:48
    • 68. Create Azure MySQL Server

      2:46
    • 69. Connect Azure MySQL Serverwith MySQL Workbench

      3:23
    • 70. Adding Connection String

      3:50
    • 71. Adding Migrations

      1:46
    • 72. Publish Web Api To Azure

      1:29
    • 73. Allow Access To Azure Services

      0:49
    • 74. Testing Api Endpoints

      4:23
    • 75. Api Documentation

      5:48
    • 76. Overview of the Project

      1:02
    • 77. Create Expresso Project

      0:47
    • 78. Understand The Relation Between Tables

      2:22
    • 79. Adding Models

      4:13
    • 80. Adding Data Annotations

      2:57
    • 81. Adding Connection String and DbContext Class

      4:01
    • 82. Implement Migrations

      1:45
    • 83. Understand the Controllers And Methods

      1:39
    • 84. Menus Controller

      7:12
    • 85. Get Menu Method

      2:37
    • 86. Reservations Controller

      5:22
    • 87. Final Words

      0:19

About This Class

Welcome to the Complete Rest Api's course with Asp.Net Core and C# For MAC Users

Are you tired of boring outdated and incomplete courses , then let's dive in to this course.Well I'm Asfend Microsoft Most Valuable Professional (MVP) and Xamarin MVP and in this course I'll explain you every single aspect of restful web api's with asp.net core and c#. Yeah I know there're lot of courses over the internet but there's never a single guide that teaches you how to create a complete web api's in asp.net core. And the purpose of this course is to train you to build your own Restful web api's in asp.net core. 


The main focus of this course is on the Restful Web Api via Asp.NET Core and C#. So if you're familiar with C# , Asp.Net and Entity Framework Or if you want to create the Restful web api's in Asp.Net then this is the right course for you.

If you don't have any idea about Rest Api then don't worry because in this course we'll cover all the Rest Api concepts.

By getting this course, you can be rest assured that the course is carefully thought out and edited. And I'm always happy to make the helpful content for the students.

So by the end of the course, you'll completely understand:

  • How to create a Rest Api via Entity Framework Code First Approach with all the advanced functions.

  • Connect Your Rest Api's with MySQL Server

  • Implement Status Codes

  • Adding Migrations in Web Api's

  • Adding Content Negotiation

  • Implement Validation in Web Api's

  • How to add the Routing and Custom Methods

  • Implement Sorting , Paging & Searching

  • Implement Authentication and Authorization and secure your Api with JWT

  • Setup Auth0

  • Adding Caching inside the Rest Api's

  • Create MySQL Server on Microsoft Azure

  • Deploy Web Api on Microsoft Azure

  • Create A Real World Coffee Shop Api From Scratch to End (No Copy paste code I'll explain you each and every single line of code so that you can create a complete Real World Apis in Asp.Net Core happily)

Remember...

After this course you'll get all the  Source Code and along with this I'll also share  the links and helping material for the Rest Api's with you but you need your personal Azure Portal where you can launch your web api.

Transcripts

1. Introduction: Hi, welcome to this course, The Complete Guide to build desk APIs with ASP.net core, where you will learn to design and develop RESTful APIs. May dominant chord. My name is aspirin and I'll be leading you through this course. I began my career as a software engineering intern at Microsoft, and then I became the generalist, Microsoft most valuable professional. I designed this course so that anyone can seeking to develop and launch the rest API from start to finish. By the end of this course, you will be able to develop the RESTful APIs of your choice. In this course, I'll be taking you to the world of desk will APIs. And we'll cover all the concepts of best APIs with ASP.net goal. I guarantee that there is no course out there that is as comprehensive and easy to follow. The ideal student for this course is the existing ASP.net or C-Sharp developers that wants to expand their existing skills. Or those who have some knowledge of c-sharp programming language. And mustard learn dot ASP dot core web APIs. Feel free to take a look at the course description. And I will look forward to seeing you inside this course. 2. Course Structure: In this course, you'll learn how to build an API with ASP dot core. So let me show you what is coming up over the next few sections. In the next section, we'll start out with the basics and introduction to the web DPI, including how such a project is structured. Then we will implement all the functionality you would expect from an API, getting, creating, updating, and deleting the resources. Next will connect every API with MySQL server database while quote first approach. Then we will implement the returning resource, status codes and content negotiation in the web API. At this point, you will be very much familiar with ESP dot core web APIs. Then we will jump towards some intermediate concepts. And there you will learn database migrations, modal variations, routing, searching, filtering, and Beijing. Right after that, we will move towards the advanced concepts. And there you will learn authentication and authorization, caching and of course, API deployment to Microsoft Azure. In this course. I will also explain you how to document your RESTful APIs. At this point, you will be very much familiar with ASP.net code, web APIs. And you are in a position to make RESTful APIs of your choice. Once you complete all these sections, then we will apply all the ASP dot unquote Web API concepts. And we'll get a coffee shop Web API discourse. Often this course, you will have a very good understanding of how to build an API from scratch to finish. So there are a lot of things together and I will see you inside the next section. 3. Tooling and Prerequisites: Before starting this course, just make sure to download the Vi Studio for Mac community edition. If you are using some other additions of V's to your Mac like Enterprise edition, then it's okay. But Community Edition is free. So I will recommend you that if you can't afford the Enterprise edition, then just go ahead with that community edition. I have attached a download link of the video so that you can download and install it in your machine accordingly. Although this course covers the beginner, intermediate, and advanced level programmers or knowledge of C-sharp is must for this course. Because if you don't have a C-sharp knowledge, then it's really difficult for you to pick the ASP dot and Core Web API concepts. All right, that's all I want to talk about. I hope you are on the same page. Now, let's start learning. 4. What is API: In this video, we'll talk about what is API. So let's get started. Well, API stands for Application Programming Interface from its office can interact with each other. I guess you don't get it. Well, this definition is 100% correct according to the software developers who are already familiar with the API because they know how to use API. But the problem is with those people who are not familiar with the API. So our focus is to target those people so that they can easily pick every single concept behind APIs. Let's start with an example. Well, once you try to reserve an airplane ticket, you book it from various websites. Let's say you book the flight ticket from your favorite airline company website like ME, dates. But how many times do you actually book your flight ticket from the emulates website? You rarely does that. You use other travel agencies, websites like low fares.com. But how's that possible that you are booking the emulates airline ticket from the low fears website, but still you are getting the ticket. And that's what API comes in. Now, you are thinking, how is that possible to book the immediate airline ticket from the low fares website, get the actual ticket of Emirates Airline. Well, that's because the low fees website is connected with the MLS website. Why? Epi and whenever you will book the airline ticket from the low phase website, your order and necessary details will go directly to the emanates websites via API to speak clearly. And API is the messenger that takes request from you and tells the system what you want to do and then returns the response back to you. And in this course, we're going to learn the RESTful APIs with ASP.net code and C sharp. So let's begin. 5. Create A Web Api Project: In this module, we're going to look at how to create an ASP.net code Web API project inside of your Studio for Mac. So let's turn on your MacBook. Then the first thing I'm gonna do is just open the view studio and simply go to the new option. And here we need to choose a template for our Web API project. On the left-hand side, we have this dominant core option. And under this option, just click this application. And then this will display all the templates on the right-hand side. In this course, we're going to make a RESTful APIs. So we're going to use this API template. You can also choose a programming language from this dropdown. For example, if you want to make API via F-sharp programming language, then you can select that as well. But I'm going to use the c-sharp programming language. So let's keep this as it is. Then let's click Next. And here we need to configure the API. All we need to do is just named this project. You can name your project whatever you like. I'm gonna name it course ABI. Next, we have version control option. At the moment, we are not going to push our code to the GitHub. So let's denote this and just get this project. And soon we'll Studio is going to get an ASP dotted chord Web API project. Here. On the left-hand side, you will see this solution window. By default. It's already there. But somehow, if you don't see this, then just go to this search bar and just search for solution. And here we go. So we have created our project, and now in the next module, we're going to explore the project architecture. 6. Project Architecture: In the previous module, we have QCD, ASP.net code, Web API project. And now in this module, we're going to understand the architecture of our application. So let's explore the architecture of dotted core web EPA project. Here inside the studio, you'll see a solution window. And inside this, we have our solution and our project. Inside the project. The first thing is dependencies. And in this dependencies, all the references of the DLL files, SDKs, and negate packages. Whenever we will install some nigger package, then we'll studio, we'll put that new get package in this dependencies section. Then we have our controller's folder. In this Controllers folder, we will add our controller classes, which basically responsible for getting data, adding data, updating, and deleting the data from the database. And by default, there is a value controller class already placed inside this Controllers folder, which we will talk in a moment. Then we have a properties and we'll also talk about this in a moment. Right after that, we have this www root folder. And in this www root folder, we will add our static content. Like if you want to add some HTML, CSS, or JavaScript files, then you have to place those files in this www root folder. Then we have another file and that is App settings.js IN. When we will work with the Entity Framework, then we will put that database connection string in this app settings.js file. But right now we don't have any database. So let's ignore this file and we'll come to this file when we will work with the database. Then we have two different files. The one is program file and the other is startup dot cs file. Well, let's open this program.cs file. That's the entry point of the application. If you have worked with the C-sharp console applications and Java applications, then you know that there is one main method and this main method is used to run the application. Well, same is the case with dot unquote replication. Well, this main method contains a build web host method. And that's basically used to get a host Miller build it and then run it. And whenever a call goes to the main method, we'll use this startup gloss. Now, we need to figure out what basically the socket class is and how to deal with the Santa Claus. For this purpose, let's open this startup class. And inside this class, you will see that we have two methods. One is configure services and the other is configured method. Well, it's already seeing that this method gets called by the runtime. And we basically use this method to add services to the container. Also, this method is used to add that dependency injection. If you are an intermediate and expert developer and what to implement that dependency injection pattern inside your web APIs. Then Microsoft made this easy for you. Because now with a speedometer cold applications, you can implement a dependency injection quite easily. But at the moment, dependency injection is not our topic. This method is used to handle the services in an application like MVC Celsius, authentication services or Entity Framework services. Later in this course, we'll use the Entity Framework services in this method to work with the database. And now you are thinking that what's the purpose of this second method that is configured method. In this method, we basically used the services to configure the HTTP request pipeline. Now let me get this application. And soon we'll Studio is going to launch the web browser. And here we go. Now you will see that the following data appears in my web browser. And that's because if we go to the values controller, then this values controller has a get method which basically return two values. Now the question is why we are getting these values? To answer this question, I'm going to expand this properties and open this law settings dot JSON file. And you can see that in this file, our launch URL is defined, and currently it's being set to API slash values. And that's why when we run the application, then this default URL will be invoked and we get that data from this controller. Now let me go to the values controller. And there we have two different getMethod. In order to call this getMethod, we need to use the following wrote address. Now in order to access this method, let's pass that URL. And here we go. This time, we are getting the value from this getMethod. Now, if you want to make this method as a default URL, then just copy this route address. Then in the last settings, just base it and run this application. This time, you'll see that our application, we'll call this second getMethod. And again, if we revert ever launch URL and run this application again, then you'll see that it will call a falling getMethod. Alright, so that's the brief overview of this project. And don't worry about anything like the code in the starter file or in the program file, because this is a built-in boilerplate code that comes along with dot dot encode project. And you don't need to panic about this code. All right, I will catch you in the next module. 7. Http Verbs: Let's understand the different types of HTTP verbs. Remember that in the world of rest APIs, we don't use the term grid, that is, create, read, update, and delete. Rather we use the following Institute be verbs. That IS, GET, post, PUT, and delete. Let's compare the database operation with HTTP works well. In rest API, we have post rather than create. Read is replaced by GET, PUT, insert, update, and of course, delete remains the same. Well the working is still same. Gate is used to read and get all the data from the external source or database. Post is used to add some kind of data inside the database. Put is used to update the data and delete is used to delete that data. Before we move forward with this web APIs, I will recommend you to install this postmen in your machine. It's open source software and moves US this postman software to call HTTP verbs. You can also find the link of this software along with this video. All right, see you in the next module. 8. Create Models: In this module, we will learn how to add the models in the web TPA project. Well, let me tell you that models or see subclasses that holds the properties. Amplitude add a modal class in the web API project. But adding the model in this project directly is not a good approach. And the approach of adding the moral clauses is to add a modal folder and then add the modal classes in that folder. And this is a good way to architecture the code. So first, I'm going to add a models folder. So what I'm gonna do is I will click on this project kit, a folder, and then it models. Right after that. I'll need to add a class in this folder. In order to add a new class. I'm going to tap these models folder, then Add New File. And I'm going to pick the MTC subclass. And then it goes, alright, just add this class. Now in this class, I'm going to add some properties like id, title, author, and description. Basically in this section, we're going to get a quote API. And to make a coat EPI, we need fuel, things like goat id, title, author, and description. So I'm going to add a first property, that is Heidi. Well, we'll Studio allows us to get the property via snippet that is brought and price hit the tab key. And this will make our life easier. This soccer snippet, locate a seashell property for us. Now, i'm going to change the data type of this property to integer. Then just name this property to ID. Just like that. I'm going to add another property of type string and the image title. Similarly, I'm just adding the property of type string and name this to author. Just like that. Let's add another property of type string and then this property to description. Alright, this is just our model gloss. And in order to work with the APIs, we need to add controller and extend methods. So let's try to add a controller in the next module. 9. Create Controllers: In the last module, we have added the modal glass, and now in this module we're going to work with dot controllers. So in this controller folder, we'll add a control classes. Now what I'm gonna do is just click on the folder, then add a new file right after that. Deselect that ASP dot and court template from this list. Then on the right-hand side, if we scroll down a little bit, we'll get a Web API controller class. Deselect this, then just name this controller to course controller. At that's a naming convention. Your controller name must ends with the keyword controller. Alright, let's add this, and here we go. Now let's revise the previous concepts that we have explored in the previous module, and these are HTTP verbs. So let's try to implement the HTTP verbs in the next module. 10. Http Get Request: In this module, we're going to implement the HTTP works and actions. But before this, let's get rid of this code so that I can explain you all the things from the scratch. Alright, so I'm going to delete these methods from this controller class. Now we can to work with the HTTP verbs. But before this, let's get a list of course. And just initialize this. Then inside this list, let's add a new object of coat plus. And let's set some static values for these properties. At the moment, I'm going to use the static data here. But as we will move forward in discourse, will get the values from the database. But for now, I'm using some static data here. Alright? So you know that when we want to retrieve the data API, then we have to use the get method. So all we need to do is just add a getMethod here and just change the return type of this method to innumerable. Because this method will tell me the list of course. So that's why I have changed the return type to innumerable. Then simply read on that course list. Let me add the HTTP GET attribute on top of this method. And this HTTP GET attribute specifies that when we call a get request from the web browser or from the postmen, then it will execute this method. Before moving forward, let me run this application. Now in the web browser, you'll get this data from the values controller. Because the default route of the controller is values controller. And in order to call this court's controller, we need to pass API slash courts in the URL. So inside the browser, let's add API slash controller name, which in our case is the Course controller. But remember one thing here. You don't need to specify the full name because the keyword controller is a convention. And this course is actually our controller name. So let's pass this controller name in the URL, then hit Enter and heavier. You'll see a list, of course here in the JSON format. Alright, this is a GET request. Now let's try to implement the post request in the next module. 11. Http Post Request: In the last module, we have explored the GET request. Now we're going to implement the post request. So let us go to the studio. And this time I'm going to add another method, but this will be a post method. And that's basically used to create a coat or insert a coat. In short, this method is used to add the record. So what I'm gonna do is I'll add a method of type White and emit post. Well, this method is choose to add a record. And therefore, we need to specify the full object of this class as a parameter. So let's pasta code object here. This function don't need to return anything. And that's why I have set the return type of this function to void. Now we're going to add this code inside the course list. So I'm going to call the helper method of this course list. And that is, and then pass the scope object here. Let me add the HTTP post attribute on top of this method. And this HTTP post attribute specifies that when we call a post request from the postmen, then it will execute this post method. Also, please make sure to set this list to static so that we can share a single copy of this list throughout this controller. Now the question is, how to pass the data to this quote object. Well, that's a good point because in the previous attempt, we have send a get request to this method via API slash courts. And we have got these quotes from this list in JSON format. But this time, instead of getting the course from this list, we have to provide the CT data. But now the question is from where we're going to add the court, because in the web browser, it's not possible to send the post request. So let's open the postmen. And then let's run this application. Well, I believe that you have installed a postman. If not, then Conley downloaded from Google and just install it. Now in order to send a request from the postman, we need the API URL. So let me copy this API URL and just base it inside the postmen because it's supposed to request. So let's say it's the ACDP work to post. Then just select this body tap because we're going to pass that data to our API in JSON format. So let's select the application slash JSON. Now the interesting thing is that how is it possible to pass the data from this body section to the post method that we have written in duct controller class. Well, in order to get the data from this body, we have to tell the post method that kindly get that code data from the body. So let's stop this execution. Then. I'm going to add from body attribute along with this code object. Now let's run this application again and end up postmen, I'm going to derive some decent data here. Well, that's the syntax of JSON or JavaScript Object Notation. Everything goes into curly brackets. And if we have more than one record, just like in case of our courts that we have gone from the get request, then we will further put those records in a square bracket. All right, let's add some decent data here. And in the JSON, we basically deals with key value pairs. Editing on the left-hand side is the key, and editing on the right-hand side is the value. So we have four properties in our court loss. So let's add the ID key and set its value. In order to write some other data, we need to add a comma separator. Then just write the key that is titles. And just set the value. Similarly, add an author and set the value. Finally, just add description. And I'm going to provide a value here. So far, so good. Now in order to send a request, let's add a breakpoint with this post method. And then from the postmen, let's send this post request. And soon the breakpoint will be triggered. And you will see that anything that we have provided in the body of this post request will go to this quote object. So let's count into this execution. And here we go. Now, in order to check whether this code has been added to our list, let's call the get request. And this time you'll get this third goat. And remember one thing, this code has been added to this list temporarily. And as soon as we will stop this application, it will no longer be available. Let me show you what I'm going to say. So if I stop this execution and again on this and send a get request, then this time you will see that we don't get a third goat. And that's because the newly-created coat is only available as far as we remained active in this application. Once we stop this application, the newly-created quote will no longer be available because we don't have any database. But don't worry, we will use the database as we move forward in this course. But right now, we will need to understand the basics of APIs so that we can pick the advanced concepts easily. So far we have implemented the two methods. The one is get and the second is post. Now it start to explore the PUT request. So it's discussed up put requests in the next module. 12. Http Put Request: As I told you earlier, port is used to update the record. And it's just like a post request. But we have to provide one additional parameter and that is IID. And that's because let's take some real-time example. Anytime you want to update your record from the database, you have to provide the ID so that you can only update the record against some specific ID and save the result with this PUT request. So in order to put our update, that data will get a specific index of this court list and just pass the ID and assign this code object to that particular index off this list. Also, let me add the HTTP PUT attribute on top of this method. And this HTTP PUT attribute specifies that when we call a PUT request from the postmen, then it will execute this method. Also inside this ACT PUT attribute will pass one additional thing and that is this ID. What that means is we'll send the ID to this method along with the URL. And that's why I have written this ID here. For better understanding. Let's run this application. Now let's say I'm going to update this code. So let's add some decent data in the postmen. And we have already added some decent data here, but we have worked with the post request. Then in the post man, I'm going to change the HTTP verb to put. Then along with this API slash quote, we have to provide the ID. Right after that. Just swish it obvious studio and let's add a breakpoint along with this method. Alice tried to send the PUT request. And as soon as we send the request, this midpoint will be triggered as you will see the data associated with this request. So let's continue our execution. And here we go. Now at this goat index, you will get a new record. For the sake of clarity, let's call the get request. And here this time you will see that at this index, our code has been changed. But as we already said, it's only available as soon as we remain active in this application. Once you stop this application, it will no longer be available. Now let's try to add that delete request in the next module. 13. Http Delete Request: In this module, we're going to implement the HTTP delete request inside of our API. And for this purpose, let's go back to the studio and let's get a new method. Then. Net this method to delete because this method will not eaten anything. So I'm going to set the return type of this method to white. And this delete method will only accept one parameter, and that is id. And when we provide the ID along with this request, then it's simply delete that particular code against that ID. So in order to remove the quote less coulda helper method. And that is the move at. And this method will accept this ID and we'll delete the code against that ID. Right after that. Let me add the HTTP delete attribute on top of this method. And this HTTP delete attribute specifies that when we call the delete request from the postmen, then it will execute this method. Also, we need to put this ID inside this HTTP delete attribute. And it means that we'll pass the ID to this method via route URL. Alright, Let's run this application again. Now let's copy the URL, then paste it inside the postmen. And of course, this time I'm going to use that delete method. So let's pick the HTTP web to delete, and then let's send the delete request against this ID. And the court has been deleted. But for the sake of clarity, let's color get request. And here we go. You'll see that instead of two courts, we only have one court left. And the other quote has been deleted. But as it told you, the scope of this deletion is only as we remain active in this application. And if you stop this application and again on this, then you will see that this code again appears. Don't worry, we will move forward in this course and we'll handle this one database. But for now, we have covered this module and now we have a good idea of HTTP verbs. So in the next module, we're going to explore the Entity Framework and we will set up the database. So I will catch you in the next section. 14. Code First Approach: So far we have developed our API in a static way. Now we're going to work with the database. And we'll look at the data from the database with the help of quote first approach. Obviously you are thinking that what is quote first approach? Well, in the first approach, we basically don't design our database and tables, would simply create our model classes and ask entity framework to make the database and the desired table for us. So in precise, we don't get a database and tables with some GUI or graphical user interface. When we work with the court first approach. Then it's the responsibility of entity framework to make the database and the tables for us. So the court was approach in the next lesson. 15. Install MYSQL and Workbench: Before moving forward, let me tell you a few important things. Well, as you know that we have working on Mac machine, and unfortunately, we're not allowed to run them Microsoft SQL Server directly on the Mac machine. There are some ways to run the Microsoft SQL server on the Mac machine, like we get installed the MS SQL server on the Mac machine with the help of Docker. But Docker is not to a topic. And instead of Microsoft SQL Server will install the MySQL server on our Mac machine. So let me open the web browser and simply search for MySQL server. This open decide. And by default, if you pick our operating system, but if it's showing some other operating system that you could pick the Mac OS from this list. Right after that, you will find a download link for MySQL server for Mac OS. Just download this file, macOS DMD archive, and lets the download is complete. Then just initiate that installer and follow the steps. If you agree to the license terms conditions, click Agree. If you want to install this MySQL server to some other location, then pick the location. I will install this in the default location. So let's click Install, then enter the username and password for the computer you are locked into. Then click install software. Alright, then you are presented with this dialog box. And here we need to get a password for our MySQL server root user. So let's get a password here, then finish the installation. Now let's wait for that configuration to the Lord. Now I'm going to open the MySQL server. So just go to the System Preferences. There. You'll find the My SQL server. Just open this. You'll start and stop my SQL server from here. Alright. Now we need one more thing where we can see our database. And so all we need to do is just go to the same URL where we have Donnelly our MySQL server. Then we will see this MySQL Workbench option. Just click this. And we need to dollar this MySQL workbench for our Mac OS. So let's download this workbench. And once it's downloaded, let's open this. And here we go. We have been asked to put this workbench in the application folder. So just wrecked this workbench to this application folder. And it's going to verify the workbench. Just wave a few seconds. And once it's done, we're going to open the MySQL Workbench. And here we need to connect our workbench with our MySQL server. Let's click this. And here we need to provide the password for our MySQL server. So I'm going to add the password. And here we go. Our webpage is now connected with the MySQL server. So that's all from the submission guide. Now I will catch you in the next module. 16. Configure MySQl Nuget Package: Hi, in the previous module, we have installed the MySQL server and MySQL workbench tool. And now begin to configure our dotted Core Web API project so that we can add a sport for MySQL inside of our core web APIs, what I'm going to do is just open the Vi Studio and they're just go to the project and add new packages. And this will open a new window. And we need to install this package so that our ASP dot and core web EPA project can sport the MySQL server. Alright, in the search bar. This search for the following new get package, MySQL dot data dot Entity Framework Core. Then I'm going to add this new get package inside my project. So let's add this package. And we just need to accept the license agreement right after that. Our 3D Studio Max is doing the installation of this package. And once the installation is finished, we'll get the message here that seeing MySQL dot data dot entity favorite toward successfully added. So far we have installed the MySQL needed package for our Web API project. And now in the next module, we'll make a connection with our MySQL server and database wire connection string. All right, I will catch you in the next module. 17. DbContext Class: In the previous module, we have installed the new get package for MySQL. Now we're going to make a connection of our Web API with the MySQL server via code first approach. So let's get started. Inside the studio. I'm going to delete this controller because the data that comes from this controller is hard-coded. And now we want to get that data from the database. So just delete this controller. Now begin to explore the code first approach. Well, in Entity Framework, when we will work with the code first approach, then it will automatically get our database as well as tables. So let's understand this with implementation. First of all, we just need to add a folder and net this folder to data. Then inside this folder, I'm going to add a new class. Just nip this class to courts DB context. Well, you can give any name for this class, simply add this class. Then we just need to inherit this class from DB context. Well, this DB context comes from the entity fever code namespace. And we have to resolve the namespace of this class. Well, this class is, it's possible to work with the database. I mean, it's just impossible to get the data from the database, insert the data in the database, deleted data, and even update the data. For this DB context class. To be able to do any useful work, it needs an instance of DB context options glass. The DB context option instance carries the configuration information such as the connection string to use, database provider to use, et cetera. The easiest way to pass an ace this off dv contexts option class is by creating a constructor, then less past DB context class as a parameter to the constructor. Notice that this class have a generic parameter and we want these TV contexts options to apply to her quote DB cortex class. So let's specify this as argument for genetic parameter. Next, we need to provide a name for this parameter. I'm going to name it options. Now we want to pass this options to the base DB context class. We're going to do that by calling the base class constructor, by using the base keyword. Then dispatch this option to the base class constructor. Then inside the courts DB context class, I'm going to add one property. So let me add a property here. Now the question is what this property is going to return? Well, it's good to turn the DB set of coat. So resolve the namespace of this quartz glass. Then let's name this property two quotes. Well, at runtime, Entity Framework will map this DB set property with our database table name. For example, we named this property here as quotes. Then active favorite, we'll get a table inside the database with the same name, that is quotes. Alright? Now there is another thing that we need to do and that is to create a controller. So what I'm going to do is I will simply add a new controller inside the controllers folder. And this time I'm going to pick this Web API controller. And then this controller, two quotes controller. Let's add this. At this controller comes with some built-in methods. And we have already explored these HTTP methods. Now in this controller, we will modify all these methods so that we can create, read, update, and delete that data when we execute these HTTP methods. We have already worked with a controller, but this time we're going to work with the database. So right now we have GET, post, PUT and delete methods already present here in the controller. And now it's our responsibility to work with these methods and provide a database operations. So let's start with it and let me tell you important thing. This course, Dv contexts is responsible for that database crud operations. And this class will interact with the database behind the scenes. So just get a feel of type course DB context in the Course controller. And name it underscore coats DB context. Right after that, let's add a constructor and pass the course DB context object as a parameter. Then we need to assign these quotes DB context to this field. With this field, now we can access everything that's present in the course DB context class. Well currently this getMethod is returning the innumerable of string, but we actually want to return the innumerable of quote. So let's pass the quote class here. And now course DB context. We can call the Course property that's present in the course DB context class. At this written all the lists of course from the database. Now the important thing is that we have to set the connection string of the database so that our API can communicate with the database. So let's try to add the database connection string in the next module. 18. Database Conection String: In this module, we're going to add the database connection string. So let's look at the course DB context class. Well, the Entity Framework will look at the connection string with that name, that is goats DB context. It means to work with the database, we must need to get a connection string. In order to get a connection string, I'm going to the startup dot cs file. And as I already told you, whenever we want to add some services in our project, we need to define here as well. And in our case, we're working with the entity favorite. So just go to the configure services method and let's add a DB context. There. We just register a given context as a Service. We just need to pass over courts DB context class. Then here we need to define a connection string for the database. But now the question is what kind of database we're going to work really? Well in this course, we're going to work with the MySQL server database. So in order to access the MySQL server, which used a lambda expression. Then we'll write use MySQL. And we need to resolve the namespace for this. Right after that. In the parenthesis, we just possible connection string. Here. We're going to pass the connection string. Well, there are many ways to pasta connected listing here, but at the moment, let's go ahead with the simple one. As we move forward in this course, I will show you how to pass the connection string via some other way. But right now, let's keep it simple. And they're willing to pass the connection string. I have attached a connection string syntax along with this video. So you just need to download this file, then copy the connection string and this piece, this here in the double-quotes. Wind to change a few things here. First of all, let's open the MySQL workbench. There. You can see that my server name is localhost. So we need to pass server name equals localhost. Then my user ID is loot. And you just need to add the right password that you have used earlier during the MySQL server installation. All right, then just pass the port number here. You can find the port number from your MySQL Workbench. Then just pass the name of your database. I'm going to give a falling name to my database. You can name it whatever you like. Then you will see this allow public key retrieval equals two and SSL mode equals none. Currently, we don't want to add much security on our connection string. And that's why we have disabled the SSL mode. And we allow the MySQL server creative the public-key. Well, MySQL server will send the public key in encrypted format. But at the moment, we didn't want to use any kind of encryption. And that's why we have just said the allow public-key retrieval equals true. In short, we want to allow the potentially insecure connection to use our MySQL server. Don't worry about this because later, when we will work with the maximum Azure, then Azure will do this for us. Alright? So this is our connection string, and that's the name of our database. But this database is not created yet. So let's try to get a database in the next module. 19. Database Ensure Created: In the last module, we have set up the connection string. And now in order to get a database, we need to perform few other steps. Let's go to the configure method. And in the configured method, let's add the course DB context object. And then from this object, we call this database property. And just ensure whether it's created or not. Well, ensure cage it will check if the database exists or not. If it exists, no action will be taken. And if there is no database exists, then this in shortage, it will get a database and the entire schema of the database as well. Also, this method is only useful if you don't want to update a database in near future. But in our case, as we move forward in this course, we'll add more properties in our model class. And that means we need to implement the migrations inside the database. But for now, let's keep it simple and let's use this insured created goat vary as we move forward, I will show you how to implement the migrations. Alright? And it started to run this application. In order to check the database. Let's go back to the MySQL workbench. There. You can see our database is present here. If you will not see your database often reading your ASP dotted Core Web API, then just refresh the MySQL Workbench. And you will see the database here. Alright? In this database, our course table is present, which we have created via DB set property that's coming from the courts DB context class. Now let's open this table. And there we don't have any data. So let's try to add the data inside this table. All right, here, we don't need to add the ID because it's auto incremented. Whenever we add a property with the keyword ID in the C-sharp model class, like we did in the class. Then additive river is smart enough to make this as a primary key and auto-incrementing. Alright, so this id is a primary key of this quote table and it's auto-increment it. And in the title, author and description, we just pass some values. Alright, here we go. But just apply these changes to the database. All right, changes have been applied. Now if we run this application and send a get request to the API slash scores, then we will get that data from the database. Well, that's pretty awesome. So far we have created our database and work with a get method. Now, in the next module, we'll continue our work with another overloaded getMethod. So I will catch you in the next module. 20. Handling Get Request: In this module, we're going to explore the other overloaded getMethod. Well, in our project, we have to get methods. The one is used to return all the course from the database, and the other is not implemented yet, which basically used to return only a single quote against some specific ID. So let's start with the first thing I'm gonna do is just make the return type of this method to coat. Because this method will return the code object. Well, it our previous getMethod, we have got all the quotes from that quote DB context object. But right now we are only interested to get the single quote. So let's DB context object. Then just call the Course poverty, that comes from this course DB context class. And finally, use the built-in helper method that is fine. And inside this method, this pass, this ID. And this find method will return only the code that matches with this ID. Now just stored the result in a court where he will and then written this quote. Alright, now it's time to run this application. And if we set the route of this controller to API slash courts, we'll get all the course from the database. But let's assume that instead of getting all the course, we just need some particular coat. So we need to add the ID along with this route URL. And here we go. This time we get only some particular torte against this ID. Well, that's pretty awesome. So far we have not covered the error handling. As we move forward in this course, we will cover the edit handling as well. But before this, we need to explore the post PUT and delete requests. And let's try to explore these requests in the next module. 21. Handling Post Request: In this module, we're going to explore this post method. So the starting work, well inside this post method, I'm going to pass the code object. Then I'm going to use this db cortex object and call the Course property. And with that, we're going to call the helper method, and that is et. And inside this helper method, we're going to pass this goat object. Now once we add a coat to the database, we need to tell the database to save our changes. So far this group is, I'm going to call a safe changes method. And this will save the changes in the database. Don't worry, we'll cover the error handling later in this course. But for now, let's run this application. And as you know that in order to call the post request, we definitely need a postmen. So I'm gonna switch to the postmen. And let's add some decent data for title, author, and description. Well, the ID is auto increment it because this time we're dealing with the Entity Framework. And the Entity Framework will automatically increment the ID in the database. This send the post request. Here we go. Now for the sake of clarity, let's call a get request. And you'll see that our code has been added and lets them back to the MySQL workbench. And if we reverse the table, then we'll get a new record that we have added via postmen. Well, that's a post request. And in this way, we'll add the data inside the database. And that's all from the post request. Now, in the next module, we're going to implement the PUT request. See you in the next module. 22. Handling Put Request: In this module, I'm going to show you how to handle a PUT request inside the web API. So without wasting any time, let's switch to the new studio. This put method is just like a post method. This is only a slight difference between these two methods, and that is the put method will also take the ID parameter. Now inside this method, first, we just need to call the DB context object. And along with that, let's use this course property that we have defined in the course DB context class. Then after this, this call, this built-in helper method, find. And inside this method, I'm going to pass this ID. And this fine method, we'll find a record against this ID that we will provide. Well, this whole line means that it will fetch the quote from the database against the idea that we'll pass in this method. All right, now let's store the result in some kind of variable so that we can use this further. I am going to name it entity. Right now with this slide, we can access all the properties of this quote class. Now I'm going to update the record. So what I'm gonna do is I'll simply call this title property with this entity. Then let's use this quote object and then call the title property. Well, this will replace the previous title property with this new one. Alright? Similarly, let's do that kind of thing, or other properties like Author and description. And here we go. Now in order to save the changes, just call a Save Changes method along with this db cortex object. Now let me get this application and just issue a get request. Now, I want to tell you that I'm going to modify this records. So just switched to the postmen. There. First of all, let's use the HTTP worked to put. Then we just need to add some decent data. Let's add some JSON in the request body. Off or adding some decent data. Let's pass the ID along with this API URL, and finally, just send the PUT request. For the sake of clarity, let's check the record by simply sending that get request. And here you can see that our record has been updated. That's all from a PUT request. Now in the next module, we're going to explore the delete request. So I will catch you in the next module. 23. Handling Delete Request: In this module, I'm going to explore the delete request. So let's switch back to the studio and let's try to understand the delete request. This direct method will take one parameter and that is id of integer type. And on behalf of this Id, it will delete the record. Well, this delete method is just like this GET request. Inside this delete method. First of all, let's use this dv contexts object. Then use this course property that comes from this course DB context class. At there. Let's call a function that is find. Well, in this fine method, let's pass the ID. And this function will basically get the code against this ID. And we'll store it in some variable. And then it quote. Then we're going to remove the code against the id by using this helper method that is removed. And in order to call this helper method, let's use this course DB cortex object. And along with that, let's use the courts property. The, let's call the remove method. And simply posture quote here. Then let's save the changes in the database by using Save Changes method. So we have edited the functionality in this delete request. Now, in order to check this, we first need to run this application. Here. I'm going to send a get request. I want to remove the code against this ID. So all we need to do is just switch to the postmen. Then set the HTTP verb to delete and ask you to remove the code against this ID. So let's pass this ID along with this API URL. Then just send the request. Now just check whether the court has been deleted or not. So I'm going to initiate the GET request. And here, now you will see that this code is no longer available. And it means this code has been deleted successfully. Right now we have successfully implemented that GET, post, PUT, and delete requests inside the web API. Well, this data comes from the MySQL database that exist locally on my machine and literal in this course, we will deploy this API and database on Microsoft Azure so that it can be live on the internet and can be accessible on every single device. So that's all from this module. And I will see you in the next section. 24. Http Status Codes Overview: Http status codes are standard response codes given by websites, servers on the internet. The courts help identify the cause of the problem when a webpage or other resource doesn't load properly. Http status codes are sometimes called Browser error codes are internet edit course. I'm sure you have seen that kind of error code. So whenever you request a resource on the server, and if it's not found, then you will receive an adder. And basically there is a huge list of HTTP status code. And I have attached a document with this video so that you can read the status code and the functionality. Let's try to add the status code in our Web API. 25. Status Code in Get Request: In this module, we're going to add the status code inside our Web API. And we'll start with a get request and get to the studio. And let's try to add the status code inside of a project. I'm going to start with the getMethod. We will need that to a 100 status code. That is okay. Whenever we want to add the status code that we have to face some kind of error. And that is, we cannot return the status code within this method because this method is of type enumerable. And in order to return the status code, we will need to set the type function two i. And here we go. I actually offer some shortcuts for the status code. Like if you want to implement a status code that is of course 200, then simply call the ok. method and just pass the code object. And this Okay method will it in the status code 200, as well as all the rest of the course. If you want to eat and the 400 or bad requests error, then simply then the bad request function. If you want to return for four, are not phone status code, then simply then the not phone method. That's the beauty of I. But what if you want to return some other status codes? The shortcut method doesn't go over all the possible status codes. For this purpose, we will use the status code function, which accepts an integer parameter. And we can pass our status code here in integer form it why simple. If you aren't written 200 status code, then pass 200 here. If you want to return for 01 status code, then past 401 here. In fact, you can pass here the status code according to your choice. But it's almost impossible to remember the status code by number. And that's why Microsoft has made this easy for us. Now. We don't need to remember the status code while numbers. All we need to do is just use this status Scores class. That comes from this namespace, that is Microsoft dot ASP net Gore dot HTTP. And with this status code class, we can access the status code of a mature. So here you can see that we have a list of status codes. And the name of the status code tells us what the status code is about or what number it will return. For example, status code created is equal to 201 and status code bad request is equal to 400. So that's the logic behind the status code. In the GET request. We just need to turn that 200 status code. And we can simply written this okay method because this method means that it will it end that 200 status code. All right, if we run this application and send the get request, and if our request is successful, then we'll get a status code 200. 26. Status Code in Post Request: The status code 201 is for created. What that means is whenever you will need to add something on the server, and if it's created, then the server will respond back to you and send the status code 201. And it means your record has been created. So let's try to add the status code in the post method. Well, first of all, I'm going to change the type of this method to ay action is L. And simply return the status code. Then just past the status code that we want to expect. In our case, It's status code created a21. Now let's run this application. And just wished to the postmen. There, I'm going to add some decent data. And right after that, just send a post request. I must record escape it. The server will send the status code 201. It means that our record has been created successfully. 27. Status Code in Put Request: In this module, I'm going to add the status code in the PUT request. First of all, let's say that ten times of this method do action research, then less than an OK method. Now listen this application. And let's try to update the record against this ID. Alright, here in the postman, I'm due to air some decent data and then send the PUT request. And soon we'll get a 200 status code. What if you want to expect some message along with this status code? Well, let's do it. Just switch back to the studio. There inside the ok. method. Let's add a message that is record, update it successfully. And now once again, run this application. At this time. If we send a PUT request, then you will get both the status code as well as the message in the response body. Now what if you want to update the record against the ID that doesn't exist in the database. Well, if we send a PUT request against some ID that doesn't exist in the database, then we will get an exception message. So we solve this first. And if the user, we'll try to update the record against some ID that doesn't even exist in the database. That instead of this exception message, we need to show some decent message to the user. All right, let's jump back to the studio. And there you can see that this line, we'll get the record against this ID. And if there is no racket found that we need to check whether this entity is null or not. If it's null, then just write the NOT_FOUND status code and just pass the message that is low racket found against this ID. You can also pass your own message here. Now, we need an else block that will be executed when the record phone. So let's add an AES block and put everything inside this else block. Alright, once again, run this application. This time, let's send the PUT request against this ID. And you will see that our record has been and successfully updated. Now, let's sit a request against the ID that doesn't exist in the database. And this sign, you will get a message here and that is no record phoned against this ID. Alright, that's awesome. Now let's try to add the status code in that delete request. 28. Status Code in Delete Request: In this module, we're going to add the status code in the delete method. So first of all, let's change the return type of this method. Do I? Then let's attend the Aki method and just pass a message here that is deleted. Now, let's run this application. And this time I'm going to delete this record. So let's pass the ID. I send the delete request and you'll see that our record has been deleted. Alright? Now what if we delete the record against the ID that doesn't exist in the database. Well, we'll get an exception page. So we just need to do the same thing that we have applied earlier on the put method. First, we'll check if this quote is null. Then let's add the NOT_FOUND status code with some message. And if the code is not null, then the following code will be executed. You can wrap this code in the else block just for the sake of clarity. Once again, we're going to run this application. And this time, let's try to delete a record that doesn't exist in the database. And here we go. We'll get a status code here with the message. Alright, that's awesome. We can also do the same thing on the second overloaded getMethod. In this second overloaded getMethod, just stay the return type to action is l. And then let's check if the court is null, then simply then the NOT_FOUND method. Otherwise, let's attend the ok. method and pass this quote here. So that's basically the usage of status code. There are a couple of status course that we will need to add to the API according to our choice. All right, see you in the next module. 29. Content Negotiation Overview: In this module, we will see the web API content negotiation. So what is content negotiation? One of the standards of RESTful services is that the client should be able to decide the format of response from the server. For example, if the client wants the response in XML or JSON format and so on. When a client sends a request to the server, that request includes something gall except header. Using this except header, the client can specify the format which they want from the server. For example, if the extra credit is XML, the server sensory response in XML format. If it is JSON, then the server sends the response in JSON format. Let's understand this content negotiation inside of an API. So let's run this application and then just copy these APIs URL. Right after that, I'm going to open the postmen and just paste this API URL here. Then we just need to provide the excepted value. So I'm going to click on this header step. Then just set the excepted value to application slash JSON. And then just initiate this request. We have got the data in JSON format. Now let's click on the headers and see the content negotiation. Once you click on the header, the content type is application slash JSON. That means the client has requested the output in JSON format. Well by default in ASP dot and cold Web API, the response comes in JSON format. Euler. If you want to get the response in XML format, then you just need to specify the acceptor value to application slash XML. And if we initiate the request, then this time we got our data again in the JSON format. And that's because by default or ASP dot core Web API only spores just informally. And in order to receive the data in XML format, we need to configure our dot with core grep EPA project so that it can support the XML format. So in the next module, we'll implement this feature. 30. Implement Content Negotiation: In the last module, we have seen that our dotted code Web API cannot handle the XML data and our response, all this comes in JSON format. So just switch back to the studio. And there, let me open this startup file. And then into Configure serves this method would just need to add the add XML serializer formatter along with this MVC service. Alright, this line will return the response occurring to a virtualized. Let's run this application again. And in the postman, if I send that request with executive value to XML, then you will see that let's pose comes in XML format. And if I type the accept header value to application slash JSON, then we'll get this pause in JSON format. So far so good. If the client wants the XML format, then he will have to provide the excepted value to application slash XML. And he will get the data in XML format. Depending upon the accepted value in the request, the server sends the response. This is called as content negotiation. Remember one thing. If we don't send the accepted value, then by default this will be in the JSON format. So I'm going to remove the accepted value, execute this request. And now we've got our response in JSON format. Because in ASP dot score, by default response comes in JSON format. Now will understand what a web EPA does when we request for specific data. Remember the Web API controller data that we want to send to the client. In our example, the Course controller, we have genetic course list which we want to return to the client. What's the list of the course is generated, the job of the controller is done. It's going to have that list to the web EPA pipeline, which then looks at the extraordinary value. And depending upon the format which client has requested, Web API will choose the appropriate format for formatting the data. For example, if the client has requested data in XML format, the web API uses XML formatter. If the client has requested for JSON data, the web API uses JSON formatter. These formats are nothing but classes and they are called media type format is alright. That's our from ESP dotted Core Web API, content negotiation. Now, I will see you in the next section. 31. Migrations Overview: In this module, we're going to explore the core first migrations. But before this, I want to tell you that why we need good first migrations. In order to understand this, suppose that after some time you have been asked to write one property in your existing port glass for quote, typed. So far we have four properties in the CTE class. Now we're going to write another property. So let's add a property of type string and name it die. This property is basically used to tell the nature of the code. Whether the code is about love, romance, fight, et cetera. After adding this property less than this application. And inside the web browser, let me send the request. And here you will see that we don't get any data inside of a web browser. And the reason we're getting this issue is because we have changed our model class poverty's. Well, as you know that in the startup class we have used this database dot insure gated method. And this method told us that it will only be useful if you want to create your database first-time. And once you later change any specific model, this method will not help you. Also, this method is only useful when reassured that will not change. Our database columns are Schema, and now we have changed our model class. So this method will not work further. So how we can solve this problem? Well, if you believe that you will not change your model class in the future, then you can simply use this insured created methods. And if you assured that you will change your database schema in the future, then you will need migrations. So in the next module, I'll show you how we can implement the code first, magicians inside our Web API. 32. Drop The Database: In the previous module, we have added one property in our class. And when we send a get request, then we've got a problem. Now we going to fix that problem with help of migrations. But before this, let us commit this database dot insure created code. Because now we don't need this. Now if we're going to add the migrations. So in order to add the migrations, just click on your project and go to the Tools. Just click this open in terminal. Now this will open the terminal window. Here inside the terminal, we'll add the migrations. But as you remember that, we have already added our database and the course table with the help of database dot insure gated method. So we first need to drop the database before adding the first migration. If you have not edit the database yet, then you don't need to drop the database. But as you know that in the MySQL Workbench, we have this database and the course table. So let's drop the database by using the command in the terminal. And that is.net EMF database drop. And let's hit Enter. And we have been asked us you shows you want to drop the database. If yes, then just type y and hit Enter. And here we go. Our database has been dropped. So if I go to the MySQL workbench, then this time you can see that there is no database exists and our database has been dropped. Alright, so far we have dropped our database. Now, in the next module, we'll create the database and it's schema with the help of migrations. Alright, I will see you in the next module. 33. Implement Code First Migrations: In the last module, we have dropped the database. Now. We need to create the database again with the migrations. So in that terminal desktop.net EMF migrations and then just give a name to your migrations. Well, I'm going to give a folding name to the migration that is initial period. And you can name it whatever you like. But mostly we give it a name that identifies the kind of a change that we have made in our domain model. Alright, just hit enter. And here we go. Our migrations on edit with this name. Now back to the studio. And inside the solution, we have a new folder that is migrations. And this look under migrations, we have a new C-sharp class. Let's open this. So here we have a migration. Well, as you can see that we have two methods. The one is up and the second is down. As you can see, the APV method contains code for creating database objects. And that down method contains code for dropping our deleting database objects. And so far we have edit migrations, but we're not done yet. And that's because we need to update the database. Whenever we will apply the migration, then we need to update the database to save our changes. So what I'm gonna do is I will go to the terminal window. And here I'm going to add a command that is.net EMF database update. And let's hit Enter. And here this is going to apply the changes to a database. Now startle and this application. So let's run it. And this time, if we send the get request to this API slash quotes, then will get these two square brackets. And it means that an API is working fine, but we don't have any kind of data inside of a database. So in the next module, we're going to add the data inside the database. All right, see you in the next module. 34. Adding Data: In the last module, we have added the code first migrations inside of a web API. And now in this module, we're going to add the data inside the database. Well, there are multiple ways to add the data. The first is to send the post request, and the second is to add the data directly inside the database. Let me first go to the database and as some data here. Alright. Now if I switch back and send a get request again, but this time you will see that we have got data in JSON format. And this data comes from the database that lets try to update this record by using HTTP PUT method. So inside the postmen, I'll need to add the JSON data. Then let's add the ID in the URL. And finally, let's send the PUT request. And here we go. The data has been updated. But if we send a GET request and you can see that all the fields are updated successfully, except this type field. Well, let me switch back to the studio. And there, let's open this course controller. And let's go to the PUT method. Then you can see that we have used these properties to update the record, but we have missed up property and that is go type. So all we need to do is just use a code type property here and update it accordingly. Alright, now let's run this application. And let's try to update this record once again. Now, if we send a get request, then this times you can see that a record has been successfully updated. Alright. Now I'm going to add another property inside my code's class. So let's add a property of type date, time and give it a falling name that is created. Then let's go to the course controller. And in the PUT method, let's add this created_at property and assign the value. Alright. Now once again, if we'd had this application and issue a get request, then we'll get this opening square bracket. And no data appears here inside the web browser. And that's because our model class has been changed. And again, we need to add the migrations. So let's open this terminal. And there we just need to add the migration. So I'm going to use the following command that is.net EMF migrations. And then give the name to the migration. I will give a falling limb. That is, he didn't add edit. Alright. And when we hit Enter, then this will add another migration. Once again, we just need to update the database by using the following command, that is.net EMF database update. Now let's run this application. And when we send the request, then all data is coming from the database. But this createdAt date is getting the default date value. Well, core first migration has done this and we have not specify this date inside of a database. So let's go to the database and less quickly update this date value here. Now again, if we issue a request, did you see that this time everything is working fine. Now, I'm going to post a new coat. So let's copy this URL and then switch to the postmen. And they're less paste a URL and just change the HTTP verb to post. Then I need to add some just in detail. Let me quickly add some JSON data. And now it's time to send the post request. And here we'll just for the sake of clarity, let's issue a get request. And here you can see that our new code has been added successfully. Let's switch back to the MySQL workbench. And if we refresh the code table, then hays, you can see that our new record is present inside the table and we have successfully implemented the code first migrations. I hope you have enjoyed this concept. And if there is any question, then please feel free to ask me on the keyboard. Alright, I will see you in the next section. 35. Validation Overview: In this module, we're going to explore the modal validation. So if you are very new in model validation, then this module is for you and murdered variation in ASP dot unquote MVC, an ASP dot and cold Web API or very similar. Once you understand that concept, you get implemented anywhere. But not a question is why we need to validate a model. Well, let's assume that you have been asked to provide the code description within a 100 words via API or some kind of UI design. And instead of providing the coat description in 100 words, you provide 1000 of words. Well, that doesn't make sense because the whole code description will go to the database and safe inside it. And it will destroy our data. Debt presence inside the database. Let's take an example. Suppose you have been asked to provide a phone number. And instead of providing a valid phone number, you provide a mixture of strings and numbers. Well, we all know that this phone number is in the wrong format. So what happens is when someone provide the wrong phone number, then this will go inside the database and will destroy your data because this cannot be a valid phone number. Let's assume that you want to get the full number of Tom adventures. Send a get request. You'll see a number with this formula, that is ABC seven. Well, this is actually not a valid phone number. Another question is, who is responsible for that kind of mistake? Well, it was the task of backend developer and he will lead to take it off the validations. So in our case, we are back-end developers and it's our responsibility to add those validations so that the user can only provide a valid data. Now, in this section, we're going to understand them model validations. So let's start the model validation in the next module. 36. Implement Model Validations: In this module, we're going to explore the validations. In order to add the addition, we need to understand the data NO dishes. So let's understand that data annotation with an example. Well, data in addition, ASP dot and core framework means add extra meaning to the data by adding attribute texts. The advantage of using data in addition feature is that by applying data attributes, we can manage the data definition in a single place. And we don't need to rewrite the same rules in multiple places. So let's try to add the data in addition in the core class. But before this, let me show you why we need validation. Let me quickly run this application. And inside the postmen, let me post a new coat. So just try some decent data. And in the title and description, suppose I don't write anything. And when I send the request, then the request becomes successful. And our record has been created. For the sake of clarity, let's issue a GET request. And here you'll see that this record is added, but the core title and description is not present here. So that's why we need to add validations. All right, let's go to the quote class. And we all know that good title cannot be null. So just add attribute on top of the core title. And if you want to set the length of string, then just use dusting. Let attribute, pass the value. Now let's jump towards the author. Well, if you are, an author field cannot be null, then just add a required attribute on top of the author. And if you want that author name cannot be more than 20 characters. Then just specify the string let attribute and past 20 here. All right, then let's move towards description. Just like Arthur, we don't want the empty description. So let's add a required attribute. And then we don't want to get the code description with more than 500 characters. So let's add the string, let attribute to 500. Alright, just like that, put this required attribute or other properties. Right now, I have added a data integration in that quote, glass. But the game is not over yet because we need to perform something as in the controller class. Another question is, once we send the post request, then how will tell the post method in the controller class debt whether the data is valid or not. Well, it's simple. We just need to set the if condition and simply check whether the model state is valid or not. If it's not valid, then just return the bad request status code, pastor model state as a parameter. Otherwise, if the data is in a valley forward, then the folly code will be executed. Well, let me explain this code again. This model state is a collection of key and value pairs that are submitted to the server during post requests. It also contains a collection of error messages. The Israeli property will be true when the values are attached correctly to the model and know very rigid rules are broken. We also need to validate the model in the request. Now, I'm going to run this application once again. And here we go. Well, we are interested to check the modularization via post requests to just go to the postman. And let's add the same data that we have sent earlier. And remember, in this JSON data, we don't have our title and description value. These are empty. So let's issue a request and we'll get this error message. And if I complete the title and description and send the request again, that this time our record has been added successfully. Now let's say we want to update the record against this ID. So in the postmen, let's set the HTTP verb to put this pass the ID. Then let's use this just in data as simply send the request is successfully updated. Now if we want to update the data in which we don't specify the title and description value, then we'll get an error message because we cannot update the record without these fields. And in order to update the record, we must need to provide values in the title as well as in the description. Well, this data integration is super awesome. So far we have discussed a model validation with data. In addition, in ASP dot Core PPI, don't worry about the mail and food validation. Because as we move forward in this course, I will show you how to handle the mail and food traditions. Alright, that's all from this module, and I will see you in the next section. 37. Routing Overview: In this module, we'll discuss attribute routing introduced in ASP.gov web API with an example. Let's look back to the studio and there inside the course controller, you will see that we have to our loaded getMethod. And we have added these methods with HTTP GET attributes. Now just for the sake of clarity, let's add another getMethod. And the purpose of this getMethod is to accept one parameter of type integer and simply written that variable. Well, I've did write this method just for the sake of clarity. And once we understand the attribute routing, then we will apply the concepts in the upcoming module. So let's add a method here and name it test that's basically used to accept an id parameter and simply done this ID. Now, let me get this application and inside the web browser, let's issue a get request against this method. Well, just add the ID along with this URL, and this will return the code against this ID. In simple words, the call goes to this getMethod and this test method will not be executed. Now, if we add the HTTP GET attribute deck or double of this method, run the application and again send the request. Then this time we'll get an error. And it's saying that we have two methods of same signature or multiple actions fought against this request. Because right now we have to get methods that accepts the ID parameter. And that's the reason we're getting this error because when we send a request than ever, Web API cannot differentiate between these two methods. So we have to resolve that kind of error. Well, we'll solve this attribute routing. So let's understand the attribute routing in the next module. 38. Implement Attribute Routing: In this module, we're going to talk about the attribute routing in the last module. When we set a get request, then we got an error because ASP dot and Core Web API cannot differentiate between these two get methods that accepts the same parameters. Now, let's see how to resolve this attribute routing. So what I'm gonna do is switch to the wheel Studio. And here on top of this test method, we will add the route URL. Now we can write our own route on top of this method. And this is called attribute routing. Well, when we call this getMethod, then our route becomes API slash goats. And when we call this getMethod, then the routes URL becomes API slash slash ID. And now we need to add our own route here. So inside the HTTP GET attribute, let's add the action token. Will put this action token inside the square brackets. Right after that, we need to pass the route parameter for this ID. So in order to add this ID here, we need to use the slash and then introduce stop curly brackets and put our ID here. Now once again, I repeat that we have set a different route to call this method. Finally, when we call api slash courts than the call goes to this getMethod. And when we add ID along with this request, then the call goes to this getMethod. And in order to call this test method, we need to use this route that is api slash slash and then our ID. So let's run this application. And inside the web browser, if we use api slash quotes, that it will load all the coats. And if we specify the ID along with this URL, that it will load the specific coat. And in order to call this test method, let's use this route that is api slash slash test. And then just add an ID. And if we send the request that this time you'll see that our request is successful. And we're seeing the response from this request. That's basically the attribute routing is. So far in this module we have covered the attribute routing. Now as we move forward in this course, we will utilize this attribute routing except in the searching and filtering section. Also IC desk method, just to explain you the attribute routing concept. And now we don't need this method, but don't worry. In the searching and filtering section, I will show you the practical implementation of attribute routing. And there we will implement this attribute routing in a better way. Alright, that's all for this module. See you in the next section. 39. Sorting Overview: In this module, we're going to look at the sorting or filtering in ASP.net code Web API. So before jumping into the new studio, I've been to tell you what basically the sorting is. I guess you are already familiar with the sorting, not the, let me show you a picture. Well, if you look at the allele express e-commerce website, then it will be clear to you. So I have says that the laptop in the search bar, and then I have got all the laptops in this list. However, you can see that we have price options at the top of this list. So with this price tag, we have two carrots. If we click this lower carrot than all the laptops appears in this list, but with the price lower to higher in the ascending order. And if we click the upper carrot, then the laptop appears for the prize from higher to lower or descending order. So that's basically the sorting is. But right now we don't have our Web API like the AliExpress. We have created our course API and we will apply the sorting itself in our courts API. But there is no price field inside our model glass. So how we can solve the CO2. That's why we have edit a property in our class that is created. This is a date property, and we'll sort the courts according to that date. So in the next module, we'll get the sorting functionality inside a web API. Alright, see you in the next module. 40. Implement Sorting: In the last module, we have talked a little bit about sorting. Now we're going to apply the sauteing in our API so that we can sort our data when we send the get request. So first of all, let me show you what we're going to build. Suppose if we send the request with sorting equals descending in the API, then the getMethod will send the latest scores first on the top. And as we scroll down, we'll get the oldest quotes. If the user sent a request with the sorting ascending, then this getMethod will start the course with respect to the createdAt date property. And then the getMethod will send the courts to the user in the ascending order, means the oldest quotes appears first. And as we scroll down, we'll get the new boats. And if the user doesn't specify neither ascending or descending, and the getMethod will attend all the course to the user. Right now this method is returning all the course to the user. So we need to modify this method a little bit. Before working with this method, just make sure that return type of this method is set to I action is L. Alright? Now let's add a parameter in this getMethod. And this parameter will be of type string. And I'm gonna name it sought. Right now. I'm going to sort the courts according to the date. So we just need to pass either ascending or descending in the API URL as a parameter. And on behalf of that ascending or descending, the list of course, will be returned. So first of all, let's add an inevitable or IQ table. Of course. Now you are thinking that what's the difference between I enumerable or IQ level? Let's understand this with an example. The main difference from a US perspective is that when we use innumerable, we can see a lot of resources. For example, if you are working against our remote database, you have the option of fetching data from the table in two ways. One way is inevitable and the other way is curable. Say for example, you have a product table with 200 products and you want to get all the products whose cost is greater than $25. If you do this with an eye enumerable, then what happens is that the database loads all the products and passes them across the wire to your program. Your program then filters the data in the database. This R select steady from products and it ends every product to you. And on the other hand, we have iq variable. At, with IQ variable, we can do this code. The code looks the same but the difference is that the SQL executed will be selects Delic from products. Will cost is greater than 25. From your point of view, this looks awesome. However, from a performance perspective, you will only get two records across the network. It off 200 records. Let's turn back to the studio and let's add an IQ of goats and give it a name. Now let's add statement here. And inside the statement, let's add a case. First. We're going to check if the case is descending. Then just call the orderBy descending function with respect to the courts heated at Poverty. And just pass this to the iq variable of quote. Then we'll just check if the case is in the ascending order. Then just get that goes in the ascending order by using orderBy function. And pass this to the IQ. Of course. As you know that there is always a default statement that will be executed when the case is neither ascending or descending. In that case, the default statement will be executed. So let's add a default statement and then just get the course from the database. And finally, return the courts inside this schematic. Now, let me add this application. And along with this API URL, this tried to set the sort descending and then just initiate the GET request. And as you can see that the courts with date appears in the descending order. However, if we pass the ascending order in the APIs URL, then you can see that the course will appear in the ascending order. And if we don't pass neither ascending or descending, then the default statement will be executed and we'll get all the quotes. So that's basically the sorting is, you can apply the sorting concept to any of your ASP dot and Core Web API. Alright, that's our from the sorting section. And I'll see you in the next module. 41. Paging Overview: In this lesson, we're gonna learn what basically the paging is. In this modern era, when there are tens of data to share and consume, we cannot send all the data in one go to one consumer. We need to slice the data into pieces. In this world, every next device is consuming API in some way or another. If we consider the iPhone, it consumes API. The Windows Surface tablet consumes API, and the devices consumes API. The IoT devices also need API. In other words, API is required everywhere. With these APIs, we don't always send a single row of data. We send large chunks of data. And to display this data, we're going to use Beijing. Well, paging is mostly used on every big websites like Facebook, YouTube, Twitter. A sutra painting is not limited to add the number at the bottom of the page. Facebook and Twitter are using Beijing with the scroll functionality. Whenever we scroll our webpage, the new call goes to the API and it will load the new data for us. However, at the time of recording this video, google issues in the bundling paid functionality. Now in this course are focused is to implement the pacing inside of our API. We will not go with this front end because this front end design is the responsibility of front-end deliver. And in this course, our whole concerned is with the backend development. So let's implement this spacing in the next lesson. 42. Implement Paging: In this module, we're going to explore the PG. So let's tap into the studio and is understand how we can implement the paging in ASP.net goal Web API. Alright, now we're going to apply the paging 2A Web API. But let me add a new method so that we can pick the concept easily. Lets add a method and limit paging coat. You can name it according to your choice. Then make sure to change that ten type of this method to i Action Result and add an HTTP get attribute on top of this method. And we will specify a route litter. Alright, now, we didn't want to send all the data in one request. We want to send the data in chunks for this purpose, this big don't our scenario step by step. First, we will need to provide the piece number. The purpose of page number is that from which page we're going to retrieve the data. Second, will need to provide a p size. Well, the purpose of page size is to show the number of records spawn one-page, then get all the data from the database and apply the simple skip and take algorithm to get the specific result. So let's apply this one by one. The first thing we're going to pass in this method is page number. And the second parameter is bh size. We'll get the record from the database with course DB, Gore-Tex dot goats property. Well, this line will fetch our data from the database. Right after that, I'm going to return the ok. method. And inside this okay method, let's use that skip and take algorithm to get the specific result. Let me quickly add the skip and take algorithm and then I will explain you this code. We will first skip the paste number minus one and multiply the result with the page size. And then take the base size. Now, let me tell you the basics of Skip and take algorithm. In order to understand this tip and take algorithm, let's suppose we have ten records inside the database. And instead of sending all the records in one request, we want to send the data in chunks. For example, in the first attempt, if the user is on the first page, then we'll send five records to the user. And in the second attempt, when he will be on the second page, then we'll send the other five records. And for this purpose, we'll use the skip and take algorithm. Let's assume that a user is on the first page and he requested just five records. So what happens here is this line will take all the records from the database and store it in a variable. And then the call goes to this line in which we have specified a page number minus one. Well, if the user is on the first page, then one goes here. And the page size that is five goes here. Of course, one minus one will be 0. And if we multiply editing with this 0, the answer will always be 0. Then display size will go here in this desc method. At this Whole line will just take the first five records from the database. Now let's suppose that if the user is on the second page and he requested five records. So what happens here is that the pace number that is two goes here and the pay size that is five goes here. Now two minus one is 11 multiplied with the page size. That is five. And the author is of course five. So it will simply skip the first five records and then take the next five records. So that's the basic of this skip and take algorithm. Well, in order to understand this mechanism when to run this application. But before this, just specify the attribute routing on top of this method. Now, let's run this application. And let's use our wrote URL here, that is api slash slash Beijing goat. And then add a question mark and add page number and page size. Let's assume that I'm going to get the data from the first page. And on this page I just need five records. So this initiate the GET request. And here we go. We'll get only five records. And if we want to get the record from the second page, then just past based number and boom area. This time we have got the records from the second page. Similarly, we can also get the record from the third page. If the third page have some Racket's. Also, we can reduce the page size. For example, let's say we only want to record spawn every page. Then all we do is just add a size equals two. And here we go. Now we will only get two records on every page. That's pretty awesome. So hope you have got this concept. Well, we can also do it with code better because if someone left the page number and page size, then we need to return that data from the first page with five records. So how we can implement this functionality? Well, just switch back to the studio. And they're just applied the nullable types with these page number and page size parameters. By using the question mark. Then check if the values are not nil. Then take the page number and page size values. Otherwise, just take the default values for page number that is one, and pay size that is five. Then let's store these in some variables. And now in the SCHIP and take algorithm, we need to use these variables. Now, let's run this application once again. And this time, when we pass the page number and page size, you will see that the data comes perfectly. But when we forgot to add the page number value and page size value, then again that it appears because this will automatically pick the first page and five records. Alright, let's all follow aging section. I hope you have enjoyed this concept. Now. I'll see you in the next module. 43. Searching Overview: In this lesson, we explore the search functionality in our web API. But before diving into the code, let me tell you what basically the searching is. So if you go to Google and type something in the search bar that you will see the list of items appear in the dog. Don't. Suppose if I type the word android, then you'll see that the list of Android searches appears in this list. So that's basically the searching is the same thing is also present inside the Facebook and Twitter such Bar. We're going to implement this search functionality in our Web API. So let's implement this functionality in the next lesson. 44. Implement Searching: In this module, we're going to implement the search functionality in the web API. So let's turn back to the studio. And then let's assume that we're going to find some particular code against that type. For example, if the user provide the code type equals action, then he will only get the codes available in the action category. Similarly, if you type romance, then he will get the corps elected to romance. So in order to implement the searching, will need to send the q distinct parameter along with this web API. Just like this. Let me show you how we can achieve this. So I'm going to add a function name as such quote, and then set the return type of this function to i x minus L. Well, this is just like a novel getMethod. Alright? Now inside this method, we will pass one parameter. And that is type, because we want to send the courts to the user according to the type. Now, this is a GET request. So let's add an HTTP get attribute on top of this method. And then in order to get the result from the database, we will need to apply a link. You'll hear that basically is used to get the course from the database. And then inside the vir. And it is used a lambda expression to check if the code type starts with acuity that we are going to pass in the getMethod. So let's add this parameter here and just store the result in some kind of variable. And finally, just return the variable with this okay method. When we invoke this function, then it will return the quote according to the type. But the problem here is that this is a custom function. So we need to set the attribute routing on top of this function. So let me quickly add an attribute routing and then let's set the Action Token here. Alright, that's all. Now, living in this application. And just issue a request according to this route. Let's suppose I want to get the course related to love category. So in The curious thing, let's pass the type equals love and send the request. Here. We will only get the court's related to love. Pilar. If we just pass the character Elliott, then all the courts type started with the character appears here. Well, that's really awesome. Now, it's really easy to implement this search functionality inside our Web API. Well, implementing this system shelter is the responsibility of that can do the purse. And showing this to the user interface like Google or Facebook is the responsibility of front-end developers. Or we can see it will be handled on the front end. So that's all from this module, and I'll see you in the next section. 45. Caching Overview: In this section, we're going to explore caching inside our ASP dot and core web APIs. Well, caching is a technique of storing frequently used data or information in a local memory for a certain time period. So next time, when the client requests the same information, instead of retrieving the information from the database, it will give the information from the local memory. The main advantage of caching is that it improves the performance by reducing the processing burden. Well, caching is very important feature when we are talking about the performance of our application. For example, if someone wants to get the data from this web service, then he will need to invoke the GET request. And then the call goes to the server and return the data in JSON format. However, if the same user repeat stuck all again and again, or suppose he will send the get request after every second. That it means there are 60 calls per minute from a single user. And what if you have millions of users? Well, it's terrible and to have to pay a heavy amount for each API call to the hosting services are vase. You have launched your API like Azure or Amazon, etc. So how we can stick the user from this? Well, it's quite simple. We can apply a caching for this purpose. Now let's assume that we have applied a caching on the GET request of this core service. And suppose the time for the caching is 60 seconds. It means the user can send only one request to the server in one minute. Let suppose we send a GET request to the server. And the server will send the JSON data, and that data will be cache on the client side. Now, if we again send the same request within one minute, then the call does not go to the server. Rather, we will get the data from the cache. And if we send the request after one minute, then the call goes to the web server and we will get that JSON data from our web server. And then this data will be stored again in the cache for one minute. Now, let's see how we can implement the caching inside the ASP dot and core web APIs. Alright, Stephen me because I will be right back in the next module. 46. Response Caching: There are many types of caching, like client-side caching, server side caching. But in this course, we're going to talk about the response caching. Now the question is, what is response caching? And why we're not going to talk about the client-side and server-side gushing. Well, right now Microsoft ASP doctrine only spores response caching. And in the future, they have planned to introduce the client and server side caching. So let's talk about the response caching with an example, which usually think that a client sends a request to the server, then silver will send that data to the client directly. Well, that's not true because there is a middle layer that is possible between the client and the server communication, and we call it a proxy server. Suppose a client want a coat data from the server, so he will send a get request and the proxy server will take this request and proceed this request further to the web server. And the web server will process that request and utilize some computational resources and then send the response back to the proxy server. Let's suppose we want to catch you the response for 60 seconds. So this proxy server will accept this response and gassy and send it back to you immediately. Well, in this whole process, the proxy server will cache the data. Now let's say we have said that gassy time to 60 seconds on the proxy server. And that means if you send the request again within 60 seconds, then the call goes to the proxy server. And will they tend the same data that was gathered in the proxy server? And this time no Paul goes to the server and it means there is no load on the server and no computationally sources what involved. And it would also save the bandwidth. And suppose if the client sends the request after 60 seconds, then first it will go to the proxy server. And the proxy server will send the request to the web server. And the web server will process the request and then return this back to the proxy server. And this proxy server will send the data to the client and cache the data for an other 60 seconds. So let's implement the response caching inside the ASP dot and core web APIs. 47. Add Cache Support in Web Api s: In this module, we're going to configure the response caching in our Web API. So just go to the studio and let's open the start-up dot cs file and scroll down to this configure services method. Now, in this method, we will add our middleware for response caching. So just use the services dot edx response caching method, which will add the response caching to the ASP dot and core. And then in the Configure method, will tell our Web API to use this response caching. So just go to the configure method. And they're just use this sparse caching by using app.use response caching. Now let's go to the courses controller. And there this tried to add this pose caching attribute on this GET request. So what I'm gonna do is I will add this post gash attribute on top of this getMethod. And here we go. Alright, now inside this attribute, we'll add a few other things like duration and location. To enable the caching, we must need to pass the duration. So let's understand the duration and location in the next module. 48. Cache Duration: In this module, we're going to explore the cash donation. So let's go to this response gash attribute. And they're, let's say we want to catch the response for 60 seconds. So just pause duration equals 60 here. All right, now let's run this application. And here inside the web browser, I'm going to send a request to this point. But before this, let's add a breakpoint along with this GET request. And then let's issue a get request from the web browser. As we said, the requests, the call goes to these getMethod. Alright, let's continue this request. And here we got a response in the web browser. Now, let's send the get request again. And this time you can see that no, Paul goes to that getMethod. It means our supposed cache is working. Now let's go to that postmen. And there, if we send the get request, then you will see that the call is the getMethod. Alright, let's continue our request. And here we go. Now, if we send a request again, you will see that this time it will hit the breakpoint again. And it means that our postman caching is not working well. In order to solve this, let's go to the settings of the postmen and they're under this heterosexual. You'll see this Sen, no cache header option. Just turn it off. Now let me tell you what's the function of this centre? No cache header. Well, according to the postman documentation, sending a low cache header will make sure you get the freshest response from your server. So if we turn it on, then it will always get the latest response from the server and it will not cached the data. That's why we have to turn it off. Now, let's issue a get request again. And this time the call goes to the getMethod. Let's continue this. And then I'm going to issue the request. At this time. No call goes to the getMethod and then suppose will be returned from the cache store. Alright, that's awesome. So far we have discussed the dispose cash duration. Now in the next module, let's discuss the dispose cache location. All right, see you in the next module. 49. Cache Location: In this module, we're going to explore the cache location. So let's understand that cache location with an example. There are three different values we can assign to allegation that one is any, the second is client, and the third is none. Let's go to this getMethod. And then on top of this GET request, we have added a response cache attribute there. Inside this, let's add a location. Then we can assign the location from over twice. If we assign that it's most guys delegation to any, that it means the cash will be stored on the client side as well as on the proxy server. If we use this Gleick gash, that it means the cash will be stored only on the client side. And of course, if we select it to none, then no cash will be stored. Also, if you don't specify the location, then by default, the cache will pick that any location means the cash will be stored both on the client side as well as on the proxy server. All right? You need to take special care when sitting the location for the cache. Because sometimes implementing cash is not appropriate when you are dealing with banking transaction and the record that will update immediately. Setting that suppose cache location to any is also challenging sometimes. Lets understand this with an example. Suppose the client send a get request at the proxy server, will take that request to the server, and the server will perform some processing on that request and response back to the proxy server. And the proxy server will get the response for 60 seconds or whatever time you have specified for the cash at, then the proxy server will send this post to the client. The client is happy because he has got the response, let's say the admin of the server, since the data within 60 seconds. And suppose within 60 seconds to nuclides B and C send a GET request. But as you know that the proxy server has already cached the data for 60 seconds. And it means both the client B and C will get the previous copy of the data. And after 60 seconds, if they will send the request, then they'll get the new copy of the data. So you'd have to take special care while implementing caching. Sometimes it's best to implement the cache location to any, but not always. It's better to implement the client side caching only by choosing disposed cache location two client so that the cache will be stored on the client side. Let me add this application and heavy go. Just go to the postmen and they're just issue a get request. And we'll get the JSON data. Now, if you click on the header step, then here's you can see that the max, each of our request is 60 seconds. And this private disposed to the active, indicates that let us suppose is chooser specific. It can still be guessed, but only on a client device. However, if we go back to the studio and set the response guy's luggage should do any, that it means that our cash will be stored both on the client side as well as on the proxy server. Let's run this application again. And this time if we issue a get request, then here inside the header, you can see that now we have a public directive. And it means that cash is stored both on the client device as less or the proxy server. Alright, that's all from the cache. Now, I will see you in the next section. 50. Security Overview: Security in itself is very complicated and tricky topic. I'll try to explain how we can achieve it in Web API. When we plan to create an enterprise level application, we especially want to take it off authentication and authorization. These are two techniques and makes her application secure. In our case, mix, our Web API driven more secure. Authentication is all about the identity of an end-user. It's about validating the identity of a user who is accessing our system, that he is attempted gated enough to use our resources on, not does that end user have a valid credentials to log in or systems? Credentials can be in the form of username and password. Wounds use dot token-based authentication techniques to understand how we can achieve authentication in Web API. On the other hand, we have authorization. Authorization should be considered as a second step after authentication. To achieve security, authorization means what all permissions dot authenticated user has to access web resources. If there's user allowed to access or perform actions on that resource. This could be achieved by setting roles and permission for an end user who is authenticated, or can be achieved through providing a secure token. Using Vicent, end-users can have access to other services are resources. So in this module, our goal is to secure the rest APIs where token-based authentication. Alright, so from the next module, we're going to implement the authentication and authorization inside our API. See you in the next module. 51. Auth0 Account Setup: In this module, we're going to explore the ortho. But before this, we need to set up our ortho account. Setting up an account is very easy. All you need to do is just open the web browser and search for this website that is auto.com. Then select these used ortho for free option. But it will open the following page. I can sign up with GitHub, Google or Hotmail account. I can also sign up with other accounts. So let me add my username and password here. And then click on the sign-up option. And here we go. Here we see this. Welcome to Otho page. And there we need to define our teen and domain name. Now the question is, what is Tina domain name? Let's understand this in the next module. 52. Auth0 Tenant Domain: In this module, we're going to explore the auth Tina domain. Well, once we get an account, we will be asked to create a tenet. This the logical isolation unit and the tenant domain name you choose here will be used for the API and points of your clients. A few of the characteristics of tenant. The tenant name has to be unique. That didn't name cannot be changed after creation. If you choose to host your data in Europe or Australia than UT, the nib will have a suffix, issue or issue. Let's give a name to our tonight. I'm going to give a falling name, but you have to choose a different name. Alright, here we go. When you get your tenant, you ask for revision, you want to use. This choice affects which original sub-domain will be assigned to. U and v are good, it will be hosted. So if you pick x2 s, Then the name forward will be your Tina name dot dot.com. For Europe, it will be your TDA name.edu dot com. And for Australia, it will be your TDA dim dot dot, dot.com. So here I'm going to pick this US seizure. It will tell us that there were Tina to a Nim will be this one. Alright, let's click this next option. Here. We need to tell the account type is asking us, are shooting this account for yourself or on behalf of the company, aren't getting this occurred for myself. So I'll choose this personal option. Then. Let's get an account. And so it will set up our account and we'll get this desperate option. And by using this dashboard, we can get our application and manage it. So far in this module, we have created our teen and domain. Now, in the next module, we'll get application inside this auto account. Alright, I will see you in the next module. 53. Auth0 Api Setup: In this module, we're going to create an API inside the ortho portal. So let's switch to the Ortho dashboard. And then on the left-hand side, we have this EPA option. Just click this, and then select this credit API. And here we need to give a user friendly name to API. Let's give it a falling name. Then we need to add the identifier here for our API. So we need to add the route address, our website. So what I'm gonna do is especially WE studio. And there I've written on this application, and this is my URL. So I'm going to copy this local host address and paste it here. Alright, you can put the identifier here according to your choice, but it's recommended to pass the URL of your EPI. Then we have to select the signing algorithm. Well, these algorithms are used to sign the token. Let's go ahead with this RSA P256 algorithm. Let's get this API. And here we go. The API is now ready. And here she could see that we have a nice Quickstart that tells us what basic steps will lead to set up the auto JWT inside the project. Right now we have different options here, like C-sharp NodeJS at PHP. As you know that we're targeting ASP.net code means the programming language we're using is C-sharp. Just select this C-sharp option. Now in the next module, we'll add this code inside the ASP dot core web API project. I will catch you in the next module. 54. Implement Auth0 Support in : In the previous module, we have created the API inside the auth Portal. And now we're going to implement the Otho functionality inside of it, dotted core API. So here in the optical portal you can see the step one. Well, Stephan is saying that cuz a JWT library. Well, we didn't need the library because we're going to use the trusted Microsoft new luggage for sporting JWT. And our SPDR Core Web API project comes with the Microsoft authentication library. So let's go to the second step. And there's you can see that add these lines of code inside the startup class. So this copied these lines of code. Then switch back to the studio. And there, let's open the starter file. And let's paste these lines of code in this configure census method. You can see the values here. So we need to resolve the namespace. Let's add the namespace. And here we go. Once again, let's jump back to the portal. And as you can see that in order to enable the authentication middleware will need to use this quote. Let's copy this code. Then in the studio. Let's base discord in that configured method. So far we have added the JWT sport inside our dotted Core Web API. Now in the next module, we'll set up the database. All right, I will catch you in the next module. 55. Auth0 Database Setup: In the previous module, we have implemented the JWT sport inside the web PPI. And now we're going to add the database inside the portal. Now the question is, why we took it a database inside the odds portal? Because when someone will sign up to access the web API, then the user email of that person will go into the database. And our database. We took those details and save it. Let me go to the auth portal. And there let's go to this connection. And below this, you can see this database option. Let's click this and then we're going to get a new database connection. So just click this option. And then here we need to define our connection name. You can provide any user friendly name here. I'll need to provide the name here. And then simply negate this connection. Now you will see this message error that says you want to delete disconnection. Dot press this because this will delete your connection. Alright, now I just go to this try connection option and just check whether this database collection is working or not. So if you go to this test option that it will take us to the new page. And there we can see this error that says something failed. And the reason of this error is because the connection is disabled. Lemme tell you that we need to allow our API to use this database connection. So let's go back to the auth portal. And then I'm going to click this application option. And now up to, to allow my API to use this database connection. You can also see this default option here. Just ignored this and simply unable the application to use this database connection. Now once again, let's click on this try connection option. And here we go. This time it will open a new auth sign-up page. And they're happy to sign up by using some random email and password. Alright, here we go. The sine of is successful, connection is working. Now, let's close this because this is just for testing our database connection. Now, if you go to the user section, then she can see that the details of the distribution user is present here. Alright, but displaying this Ortho sign-up page is just for testing purpose. In case of our API will do everything from the postmen. Alright, so far in this module, we have connected the database connection. And now in the next module, we're going to start working with the authentication API inside the postmen. Alright, see you in the next module. 56. Authentication Api Endpoint: In the previous module, we have set up the database inside the auth portal. Now in this module, we begin to act with indignation API web postmen. So let's go to this auth portal. And there on the top corner you'll see this documentation option. Just put the cursor on this option. And you will see the authentication EPA option. Just click this authentication API, and then it will open the following URL. And on this page we have lot of EPA and points, but we are interested to use the sign-up API end point. So if I click this signup option that it will open all a sign-up parameters that we will need to send the sign-up request. Alright, now at the bottom of this documentation page, you can see this option that is run in postmen. I'm going to click this option and then it will take me to this page. And there I had been asked to open the Postman Chrome extension and that's of course deprecated and no longer sport it. However, on the other hand, we have this option that is both men for Mac. So let's click this option. Also make sure you have installed the postmen. Then we have asked to open these kind of links in the postman. So I'm going to open this in Bozeman. And soon we'll see that it will be opened in the postmen. Alright, here in the postman, you can see that on the left-hand side, we have a collection of this auth authentication API. Now let's expand this. And here we have different sections of API endpoints. Well, we are only interested to use the db connection section that contains the sign-up and points and get access tokens section that will contain the source Owner Password end points. So let's delete the remaining sections because these sections are just creating the mess. Object to delete all the unnecessary sections. Now we have just two sections here, and these are DB connection and get access to it. So in the DB connection, we have a signup and point. Let's click this. And it will open this in the postman. And here in this API URL, you will see this Ortho underscore domain variable. Well, here we need to define our Auth DNA domain that we have set up earlier when we have auth account. Also, if we go to the Resource Owner Password endpoint that's present in that get access tokens section. Then we will also need to put our Auth D1 domain here. So what if you have been asked to put your tenant domain name into multiple sections? Well, it's simple. You need to do is just copy this Ortho and discord domain and then go to this postmen managed environment section. And there you'll see this pop-up. Just click on this Add option. And then in the available fields, just put ortho underscore domain that comes from the URL of the API. And then in the initial and current value, just put the auth Tina domain that you have created earlier. In order to find the tina domain, just go to this API section. And inside your API, display this quickstart option. Then if we scroll down that you will find the tenant domain name. So let's copy your domain name. You don't need to copy this HTTPS protocol because our OT API would take it off this HTTPS. Alright, so let's copy this D1 domain name and then put it in this initial and current value. Now, just give some user-friendly name to your environment. Let's give it an m, that is our domain. Now on the right-hand side, you'll see that currently Postman is not using any environment. So we need to select the environment that we have created. Just select this domain environment from this dropdown. And here we go. Now we are ready to consume the auth signup and point. So let's explore the sign-up endpoint in the next module. 57. Implement Signup Api Endpoint: In the previous module, we have set up our API collection in the postmen. And now we're going to use the sign-up endpoint to register the new user. So let's click the Sign Up endpoint that's present in this DB connection section. Well, this is a post request. And if we go to the body of this request, then you will see that there are few parameters present here and we need to add the values for these parameters. The first parameter is client ID. Then we have email, password and our connection. Our need to register the user object to pass the email of the new user. And then I'm going to put the password here. Now the question is how to find a client ID and a connection values? Well, it's quite simple. Unit to do is just switch to the auth dashboard and they're just open the application. Don't use this default application. Our application is this one. And if I click on this application, then here we can see all the details. We're interested USDA client ID. So let's copy the client ID, then switch back to the postmen. And let's paste this client ID. Not a question is what we're going to put in that connection? Well, in that connection, we need to put our database connection name. So let's go back to the dashboard. And there, let's go to the connection. And I'm going to open this database. And here you can see the database. Let's copy the name of this database and end up postman. I'm going to paste this database name in front of connection parameter. Now if I send a request that you will see that the status code becomes 200. And in the response window, we got some decent data like the user ID. Now, what this signup request does, well, this request will lead us to the new user. And if the user registration is successful, then is simply send the user ID in the response body. Now less than this request again. And this time we'll get the error message in the response body because this user already exist and we have used the same email for this user. And desolate isn't. We're getting this adder. Now let's add some other user and then send the request. And here we go, status code 200, and our request is successful. Now just go to the dashboard. And there, if we click on this user section that you'll see that we have all the users present here that we have registered while postmen. So far in this module, we have learned how to register the user via auth sign-up request. Now in the next module, we will see how to get the access token, wire source, Owner, Password and point. Alright, I will see you in the next module. 58. Implement Resource Owner Password Endpoint: In the last module, we have explored the sign-up and point to the just to the user. And now in this module, we're going to explore the Resource Owner Password endpoint to get the access token. So let's go to the postmen. And in the get access tokens section. You see this is source honor possible endpoint. Let's click this. And now we're going to call this API endpoint, that is OAuth slash token. Well, this is a post request and it will send us that token. Now let us go to the body of this request. And here you can see that we have few parameters. In order to get the access token, we need to pass the values to these parameters. We have this Client ID. So let's find the client ID. Just go to the dashboard. And then in the application section, we have this application. Let's open it. Then simply copy the client ID. And the postman, I'm going to paste the client ID. Now, let's go ahead with this audience parameter. In this artist parameter value, we will add an API URL in order to get the API URL. Just go to the starter file off dotted core project. And in the configure services method, we have added this audience when we added the JWT sport in this file. Just copy this and then paste it in front of this audience parameter in the postmen. Now we have added a parameter and that is username. Here we need to add the username, but make sure the username we're adding here is registered. Let me go to the previous sign up requests. And there you can see that I have added the following user. So let's copy the email of this user and then paste it in this username of this resource owner requests. Similarly, let's copy the password from this signup requests and then paste it here. Now we have this scope parameter, and this is also optional. And we're not going to work with this. So let's ignore this. We need to specify the client secret along with this request. Let me go to the API documentation. And there we have this client secret perimeter. And this says that this parameter is required when you send a post request, as we are sending a post request from the postman. So we'll do Ad Client Secret. Let's add the client secret parameter in the postmen. And in order to find the value of this client secret, let's go to the auth dashboard and just go to the application. I'm going to open this application. And here we have our client secret. Just copy this. And then in the postman, I'm going to paste it. Alright? These are the required parameters that we need to get the access token. Now we are going to send the post request. So here I'm gonna send a post request and in the response body will get this error. And that is an authorized client grantee password not allowed for the client. And we had not authorized to call this API. Let me show you how we can resolve this problem. Just go to the auth portal. And there we're going to this application section and just open the application and scroll down. And near the bottom, we have this Show Advanced Settings option. Let's click this option, and this will open the Advanced Settings. Now here in the advanced settings, we have this grant type option. Let's look this. You can see that password I don't type is not selected. So all you need to do is just select this grant type password. Alright, then save the changes. And changes have been saved. Now let's go back to the postmen and reissue the request. And this time you'll see that we'll get another error, and that is server error. And description of this error is that the authorization server not configured with default connection. We're getting this error because our connection server was not configured with our database connection. So let's see how to configure the server with our database connection. Let me go to the auth portal. And there I'll go to the settings of my account. Then let's scroll down the page and you will see this default directory option. In this default directory, we need to pass the database connection name. So let's go to the connection and then copy this database name. And right after that, just based on a database connection name inside this default directory option, and simply save it. Now let's go back to the postman and re-issued the request. And this time you can see that we'll get the access token in the exposed body. And along with the access token, we will also get that token type, that is of course bearer. And the token expiration time. This expire in means that the token will be expired within the falling number of seconds. Alright, so far in this module, we have worked with the Resource Owner Password endpoint, and we got the access token. Now in the next module, we are going to meditate our token. So I'll see you in the next module. 59. JWT Overview: In this module, we're going to explore the JWT. Our JSON web token are also called John. So what is JWT? Well, JSON web tokens are JWT are an open standard and that means anyone can use it. Now why we need JWT? Because JWT is used to securely transmit information between two bodies. And why people prefer JWT, because it's distalless signed and it means that the information is verified and trusted and there is no alteration of data between the transmissions. Alright. Now, what's the structure of JWT? Disinvest Dogan aren't JWT consists of three bots. Let's suppose we have the falling just UNDRIP token that consist of three parts. The first part with red color, the second bar with purple color, and the third part, the dark blue glitter. Well, this first part is the header. And this second part is gonna be a lot. And this third part is the signature. Let's first explore the header. Header will look like this, and it suggests JSON object. And it's simply tell us and the name of algorithm that was used to Jeanette that token. And this type field del S that, what's the type of the token? Of course, the type of the token is good. Wt, then comes the payload. The payload contains that glimpse. Now what does glimpse? Cliffs are the user detail and additional metadata like expiry date of the token and grant type password, etc. Then comes the US signature. Well, it's the most important part. And there we need to pass the header and the payload. Well, our header is concatenated with the payload. And then it will use the secret key and the signature by using the algorithm. Alright, this signature provides more security. So after combining all these three things, we will get the JWT, our JSON web token. Let me show you how we can decode the JWT token. So all you need to do is just such for JWT dot ru. Well, this website is the official website. And there we can decode the JWT for testing. All right, so if we scroll down, then you'll see that by default, assemble JWT is already present here. Well, we will pass here our own JWT token. So let me go to the postman and then I'm going to copy this access token and then just jump back to this JWT dot ru website. And here I'm going to paste my token. Now, as soon as we place that token here, this website will decode it. Now let's explore how JWT works. Suppose we have a client and the server. The client wants to access some protected data on the server, but the server knows that client cannot reduce it. The server only wants to give the data to the trustworthy clients. So our client sends a request to the server along with the credentials to verify who it is. And then if the client data is valid, then the server will accept this data. And then the server will get that token and this token returned to the client. Nor the next time. If the client wants to access the resources, then he would just send the token along with the EPA request. And our server will check whether this token is verified. If it's verified and has not been tempered with, then the server will granted resources to the client. If the token is not valid are tempered, then the server will simply written the unauthorized message to the client. Now let's go to that JWT website. And there we have beast of a token. This website will decode our JSON web token. And on the bottom of this token, USE this message and that is significant is valid. Now let's see. If someone tried to temper the decent up token, then we will get the following message and that is invalid signature. And when the clients send this template token to the server, then the server would first verify the signatures of the token and in our case is invalid. So the server will send up unauthorized message to the client. And if it's valid token, then the server will grant the resources to the client. All right, so far we have covered the authentication with the help of OT. Oh, now we're going to implement the authorization inside our ESP dotted chord, that API. All right, so let's implement the authorization in the next module. 60. Implement Authorization: Welcome to another episode of rest APIs. In this episode we're going to explore the authorization inside our is P dot and core web APIs. Alright, so let's jump back into the studio and I'll get to that course controller. But right now this course controller and all the actions that are present in this course controller are open for everyone. I mean, anyone can access this course controller. So we need to protect this course controller and its actions. In simple words, we need to implement the authorization on this course controller. Well, in ASP.net and in ASP dot core, when we want to estimate the authorization, then we just put this authorize attribute on top of the controller. And this authorize attribute will protect this route and all the actions and methods that are present in this controller. In our case, if we add this authorize attribute on this course controller, then no one can xs this controller and all the methods that are present in this course controller. However, if you just want to add the authorization on some particular action, then you just need to add this authorise attribute on top of that method. But we're going to implement the authorization on all these methods that are present inside this court's controller. So let's add this authorise attribute on top of this goats controller. And here we go. Now, let me run this application. And our application is running. Now, just switched to the postmen. And they're just set the environment variable to none. Because now we're going to test our Web API. Alright? And now we're going to call the getMethod desk present inside this course controller. But here, we are not allowed to access this method. And we have got 401 unauthorized status quote. Alright? And that's because we have protected our resource. And without using the JWT or JSON web token, we cannot access the matters that are present in this course controller. Alright, so first we need to sign up the new user auth API. Know that we have already registered user. But for the sake of clarity, let me add a new user via sign-up endpoint. But before this, let us set the environment variable again to this one because we're going to use the OT API. And that's why we get to change the environment variable here. Let's register a new user. And here we go. The sign-up is successful. Now let me go to the Resource Owner Password endpoint. And then I'm going to pass the user email and password here and then send the request. We have got an access token. Now with this access token, we can access our course controller and all the methods that are present in the Course controller. Alright, now I'm going to call the course getMethod, but this is not an auth API. So let me change the environment variable back to none. Now, let's call this course get request. And here we are not authorized to access this method. Now let's go to the header section of this request, and let's set the authorization. And now we need to set its value. In this field. We will possible access token with its type. So let's go to the previous step. And there we have our access token. And the type of this access token is better. So let's copy this access token and jump back to this GET request step. And there I'm going to set the type of the token to be better and just paste the access token here. Alright, so far, so good. Now let's reissue the request. And here we go. This times you can see that it's working and we have got the data in the response body. Well that's awesome. We have implemented the authorization inside our ASP dot and cold Web API. Now, in the next module, we will test all of our course endpoints with this access token. All right, see you in the next module. 61. Testing Authorization: In the last module, we have implemented the authorization. And now in this module we did two desk study, meaning endpoints like post, put, and delete. So without wasting any time, let's run this application and just switch to dark postmen. And there this time I'm going to send a post request. And then let's say start ACDP work to post. And then in the body of this request, just add some decent data for LA courts. Alright, let me quickly add that descend into here. Right after that. Let's send a post request and we will get for one on authorized. And that's because we have not passed the access token. And right now we are not authorized to post some data in the database who are post request. So what I'm gonna do is I'll go to the headers of this request. And there, let's add the authorization. And then we need to pass the access token here with the token type. That is better. Alright, so let's copy the access token and then paste it here a lot with the better token type. Now, let's send a post request. And this time we will get the to1 status code. I never record has been successfully created. Well, that's awesome. Now let me send a get request and you can see this new record. All right, now let's say we want to update this record. So what we need to do is just add this ID in the URL and then change the adjacent data, et cetera, HTTP verb to put. And right after that, we're going to send a PUT request. But remember one thing, we're using this access token. If we will not use this access token and send the request, then the record will not be updated. So let's use the access token and send the PUT request. And here we go. The electrode has been updated. Alright, so far, so good. Now let me issued a get request. And as you can see, this record has been updated successfully. Lets say we want to delete this record. So let's use this ID in the URL. And let's say it's the HTTP verb to delete. And now with the same access token, iambic to issue the delete request. And here we go, the record has been deleted. Now, if we send a get request, then you will see the record has been deleted. All right, so far we have tested our GET, post, PUT and delete endpoints are right now in the next module, I will show you what kind of problems we will face with this approach. So let's explore the problems and the solution in the next module. 62. Problems in Authentication: In the previous module, we have worked with the Course API and we have tested our GET, post, PUT and delete requests. And now I'm going to show you what kind of problems we are facing inside our Web API. Alright, so let's get started. First of all, let's go to the postmen and then I'm going to delete all the records that are present in the database. So let's delete all the records with this access token. In order to delete the data, we need to send the ID in the URL. So I'm going to send the ID of each record in the URL and send the delete request one by one. And soon our database will be empty. And we don't have any data inside the database. Now, I'm going to copy the access token off this user and basic inside the Notepad file. All right, we will use this access token later. Now, let me go to the sign-up endpoint. And there we are good to create a new record. But before this, just select that environment variable, because we're going to call this ought sign-up endpoint. All right, now let's just to amuse user and I'm going to send the request. And here we go. The user has been the desert. Now let's go to the Resource Owner Password section, and I'm going to get the access token for the user. So let's copy the user pinches. And then bases here. And right after that, just send a post request. And here we go. We will get the access token off this new user. Let's copy this access token and based it inside the node bed file. Now, this is the Access Token off first user. And this is the Access Token off second user. And now we're going to add a new record with the first user x's token. So inside the postmen, let's use the post request and then ask them descended. Right after that. Let's provide the access token off the first user that we have copied earlier. Alright, now let's issue a post request. And here we go. Directorate has been added. Now let's add another record with the same access token. Now we have two records inside the database, and we have added these two records with the first user access token. Now we all know that these scores belongs to the first user. And only first user can update or delete these goals with his access token. But that's not true. For example, let's try to update the second with the second unit access token. So let me copy the second unit X is Dogan. Visit here, and then send a PUT request. Directed has been updated. And similarly, the second unit can also delete the first user record. Let's try to delete the first user data with the second user access token. And here we go to record has been deleted. So in short, the second user is able to delete or update the record of the other user with his access token. Well, that's a critical issue and we need to resolve this. So let's try to resolve this issue in the next module. 63. User Claims: In the previous module, I have told you what kind of issues we have inside our Web API. And now we're going to dissolve all of these. So let's Fisher W studio. And there we're going to add user ID property in the CTE class. So let's go to this Court's class. And I'm going to add a property of stink type and name it user ID. Now the question is, why I have added this property here? Well, at the runtime, when a trusted user send a post request with his access token. Then we will pick the user ID from the access token lack leaves, and assign the user ID from the players to this user ID property. And right after that, we will store this user ID inside the database. Let me copy the access token off the first user and then open this website that is JWT dot IU. And there I'm going to paste the token. And you can see that inside the payload, we will get the user ID from this access token. All right, so now we're going to get the user ID from this access token inside the studio. Another question is, how we will get the user ID from this access token inside of your studio. Let's go to the postmen. And in case of post requests, we send descended in the body and the access token in the authorization header. And when we send a post request, then the call go to this post method that is basically is used to insert the data in that database. And in this post method, we will also get the user ID from the access token that we will pass in the authorization header. Let me show you a practical demo because this is a little dry concept and you'll get a clear idea. I implement the code. So here in the post request, we're going to get the user ID from the access token. And in order to get the user ID from the access token, we need to use the claims. Let's use this user dot plaintiff's property and this glimpse property is used to get all the claims that we want from the access token. All right? And then we need to get the type of claims while link Judas. And for this purpose, we need to call this first our default function. And then in parentheses, we will use the link Udi. And then get the type of the claim equals gleam type dot name identifier. And we also need to resolve the namespace for this claim type. Alright, this line, we'll get the claims he lifted to the name identifier. And in order to get the value from this claim, we will add the value property. And here we go. Now, we will only get this user ID from this claim. Alright, let's store this in a variable of stink died, and they make user ID. Now once we get the user ID from our access token, will also update does user ID that we have added integral. In order to update the user ID record from the court class. Let's pick the user ID from this quote object. And then let's assign this user ID. User ID. Alright? This line will pick the user ID from the claims and assign it to the user ID property of this goat. Plus. Now before being to run this application, I want to tell you that I have edited this user in that code class. So we need to implement the migration because we have changed the code class. So let's add migration and name ID, user ID edit. How right? Let's hit Enter. And our migration is added. Now let's update our database. And here we go. Now let's run this application. And here in the postman, I'm going to send the post request with our first user access token. So let's add the access token in the authorization header. And then just add some descended down here in the body of this request. All right, now let's add a breakpoint with this glimpse. And then let's try to send a post request. And here we go. The call goes to this claims. Let's continue this. And if I hold on this line, then you will see that we have got as user ID. Alright. This continuities and heavy GO directed has been added. Not just for the sake of clarity. Let's go to the database. And there you can see that we have this record. And we have also store does user ID that comes from the excess dopamine. Alright, now the actual game starts from here. Because what about the PUT request? So inside a PUT request, let's copy this line and pasted here. In short. In the PUT request, we will again get the user ID from the access token via claims. But this will not solve our problem. We need to do something extra here. Also, as you can see that this line, we'll get the record from the database. So we need to add an if condition here and check if the user ID is not equal to this user ID that's coming from this core table. Then simply written a bad request status code with some message. Led me on this application because this concept is so complex and we will try to understand this lamppost man. All right. I have one record inside my database and this record belong to the first user, not in the postman. The sprite to update this record with the access token off first user. And here we go. The record has been updated because this belongs to the first user. And now let's try to update this first user record with the second user access token. So let's modify the record. And then Let's add the access token of second user here and simply send a PUT request. We have got a bad request message. And we cannot modify this record because this record belongs to the first user. Alright, that's working fine. And with the access token off second user, we get not allowed to update the record of first user. Well, this is a record of first user and only first user can update this record with this access token. So this time, let's try to add the access token off the first user and simply send that request. The record has been updated. Well depth also, we have achieved this functionality. Just like this. Put regressed. Simply add these two lines inside the delete request. Alright. Now let's run this application and let's tie to add a record with the second unit X is still open. And here we go. Right after that. Let's try to delete this user to record, because user one access token. So hit in the postman. Let's try to add this ID in guys URL. And then let's copy the access token off first user and pasted here in the authorization header. If we send that delete request, and you will see that we cannot delete the second user record. Only the second user can delete his record with his access token. So let's add the second user access token here. And again, send the delete request. At this time, you'll see that this record has been deleted. 64. User Specific Get Method: Now I'm going to show you what if the user only wants his goats. Because right now, if we send a get request with the second user access token, then we will get all the course of other users. Well, for this purpose, I'm going to add another getMethod and limit my coats. And just set the action token in the HTTP GET attribute. And make the type of this method to action zealot. And simply read up the course in this okay method. So far, this method is just like our normal getMethod. This method will get all the course from the database. Now all we can to make it a little different. So what we're going to do is we'll get the ID from the access token claims by using this line that we have used in the post PUT and delete methods. All right, here we go. Now with this DB context quotes. Let's use the whereClause. And instead of returning all the quotes, let's start with the code further by applying a lambda expression inside the weird and just assign that user ID to the user ID property of this quote class. Now let's run this application and then try to add the access token off first user and send a get request to this method. Well, in response, we will only get the course that belongs to the first user. Now, if we send the access token off seconds user, then we'll only get the course that belongs to the second user. 65. Allow Anonymous Attribute: If you want to allow the anonymous user to access the other getMethod without access token. Then all you do is just add allow anonymous attribute on top of this method. And let's run this application again. And in order to access this method, we don't need to send that access token. Because now this method is available to everyone without access token. And if we send the request, then you can see that here in the body will get the ID of all the users. Although no one can modify your record by using your user ID. But if you don't want to show this ID to the public, then just go to the course class and they're on top of this id property. Let's add this JSON ignored attribute and this just ignore attribute fill not showed this user ID property when we send a GET request. Alright, let's run this application one more time. And then Leslie issue that request. And this time you can see that we didn't get the ID in the response body. Alright, that's awesome. So far we have covered the Course application with authentication and authorization. But this API, it's working on my machine and literal. In this course, we will deploy this API on Microsoft Azure. Now, I will see you in the next section. 66. Create Azure Account: In order to set up your first web app on Microsoft Azure cloud, you first need to create a new maxim Azure account. Sitting up and account is very easy. Just follow the steps. Microsoft Azure offers a free 30-day trial pi2, all the new account holders go to Azure.com and click the green start Free button. If you already have an account with Microsoft, for example, you will be prompted to login. When you login, some of your details may already be there. Follow the prompts to verify your account by phone. I use SMS. You will also need to supply a valid credit gut. There is no charge involved with the setting up of a trial account. Microsoft just wants to see your cod to verify your identity. Within few seconds, your account will be really, that's it. Your Microsoft Azure account has been created successfully. To continue, click the My Account link at the top right corner or go state to Microsoft Azure portal. That IS portal dot azure.com. 67. Create Azure Web App: Azure with exploits, a highly scalable suspecting web hosting service. This quickstart shows how to deploy the ASP dot core web API to Azure web apps. Watch this video to see this quickstart inaction and then follow the steps yourself to publish your first EPI and Microsoft Azure. Before moving forward, make sure you have set up your Azure account. The first thing I'm gonna do is just click this create resource option and then select Web app. Because I'm going to deploy the web API on Microsoft Azure. Then we need to choose the subscription level. Right now I'm using this wheel studio subscription. You may have a different subscription depending on the nature of your account. Right after that, we need to select the source group. Well, our resource group is a logical container into which Azure resources like databases, web applications, and things like that are placed and managed. So let's get our resource group. And here I'm going to provide a name to my resource group. Alright? Now we're going to give a unique name to the web app. And we will access our web app. Why this unique URL? Here, I'm going to give a unique name to my web application. As you know that we have created our API in ASP.net code. So in the run stack, we need to choose the.net court favorite. Now let's go back to the studio and let's see which dominant core favor we are using. So in the VCE studio, just click on the project, then go to the options. And if we click this general option, then you can see that our target framework is.net go to 0.1. So in the Azure web app runtime stack, I will choose this.net core version 2.1. If your web API is targeting different versions of your favorite, like 2.2. then you can pick the 2.2. alright. At the time of recording this video, Microsoft has also ship the dominant core version 2.3. But version 2.3 is correctly in alpha mode. And once they make a stable release of version 2.3, then they will also add a sport in the Azure Portal as well. Now let's go and hit this review and create option. It's going to validate the app. And so our deployment starts and this will take few seconds. You just need to wait for few seconds. And so we'll get a notification in the notification section which says our deployment succeeds. And now let's click this pin to desperate option. And this will allow us to open this application from our dashboard menu. Now let's click this web application from the dashboard menu. And this will open our web application properties and all that stuff. Now if we go to the app URL, then you'll see a simple webpage here. So far we have just created our web app on Microsoft Azure, and we have not published our API yet. So in the next module, let's add MySQL database inside the Microsoft Azure, and then we'll publish our API. Alright, see you in the next module. 68. Create Azure MySQL Server: In the last module, we have our web application inside the Microsoft Azure. And now in this module, we're going to get our MySQL server inside the Microsoft Azure Portal. So inside the Azure portal, just go to the creator source and then select databases. In this course, we're going to work with the MySQL database. So let's choose this as your database for MySQL. Now, here we need to configure our MySQL server. First, we need to add the resource group. We have already created a resource group when we get to our web application. So just use the same resource group which we have put our web application. Then we need to add few details for Azure, MySQL server, like server name, username, password, and confirm password. So just divide these details one by one. Let me tell you that. Just remember your username and password because we will need this username and password when we will add a connection string inside the core web API. Alright, then we can also pick the nearest location server so that we can get the better response time and efficiency. Right after that, we have this compute plus storage option. Currently the compute plan is general purpose, and we need to change this plan. In order to change this plan, let's click this configure server option. Then you can get the idea of how much Azure bill you will get for each month. Well, this is a little bit expensive. We have some other plants like memory optimized, which is even more expensive. And if we go to the basic plan, then we'll get some cheapest server. But we can even more reduced the cost. So just to reduce the server core, and you will see a dramatic change in the cost. Similarly, let's reduce the storage size of the server and we'll get some decent price. All right, then let's hit OK. And just best up create the MySQL server. Just be vicious because this will take up to five minutes. Once the MySQL server is created, will receive a notification. And here we go. Our MySQL server is ready. And now in the next module, we will connect to a MySQL server with the MySQL Workbench. So I will see you in the next module. 69. Connect Azure MySQL Serverwith MySQL Workbench: In the last module, we have connected our MySQL server on Microsoft Azure. And now in this module, we're going to connect ever Azure MySQL server with the MySQL Workbench. So let's open the MySQL Workbench. And there we're going to connect this with Azure MySQL server. So all we need to do is just click this Add option. This will open up a window where we need to provide these details for our Azure MySQL server. We'll get these details from the Azure portal. So inside the Azure portal, just go to the MySQL database that we have. Get it in the previous module. And let's open this and go to the properties. There will get all the details of the MySQL. So in the workbench, first, we need to name our connection. I'm going to give a following name. You can name it whatever you like. Then we need to add the host name. So in the Azure portal, we can see this host name. Just copy this. And then in the MySQL Workbench option, just paste this. Now we need a username, so just copy your user name from the Azure and then visit here. And finally, we need to add the password. This store in teaching option. And then Bishop postured here. Alright, now we need to desktop connection. So what I'm gonna do is just best this desk connection. Alright, now we're going to test the connection. So what I'm gonna do is just pass this test connection. And soon we'll get this window, which means our connection is successful and we have successfully connected our MySQL workbench with the Azure MySQL. Now elicit, okay, and then you can see that this time we are Sport for Azure, MySQL server here we have multiple instances of our server like this one is for local server and this is for Azure, MySQL server. Earlier in this course, we have connected our Web API while local server. And now we'll connect our Web API with this Azure MySQL server. So just stay with me because in the next module, we'll look at a database connection string. And we will also add a database to the server via migrations. See you in the next module. 70. Adding Connection String: So far we have added the MySQL server, and we have correctly our Azure MySQL server with the MySQL Workbench. And now in this module, we're going to add up connection string to connect our Web API with the Azure MySQL server. So let's go to the studio. And there, let's open this startup plus. And in that configure services method, you can see that we have set up our connection string with our local server. And now this time we're going to work with Azure, MySQL server. So we will change a few things here like 7M, port number, username, password, etcetera. Let me show you that there are two ways to add the connection string. The one is to add your connection string directly in this Docker file. And the other is to add the connection string in the app settings file in the form of key value pairs. So earlier in this course, we have used up first approach of passing the connection string. And now in this module, we'll use the second approach. So let's open the app settings dot JSON file. There. Let's add connection strings in the double-quotes. Then add the equilibrium where we'll add a connection string in the key value form. So let's add a key for your connection string. You can name it whatever you want. I'm going to give it a name that is MySQL connection. And then in the double-quotes will pass our connection string. Now the question is how to get the connection string for our Azure MySQL server. Well, it's quite simple. You just go to the Azure MySQL server in the Azure portal. And there you can find that connection string. All right, here we go. Now we'll get a list of connection string format. But in.net, who's used this IDO dot and format. So let's copy this question string. Then paste it in the app settings dot decent file. Alright, here we go. Now just add a few things here in the connection string, like the database name and the password, which we have used when we did it, the MySQL server on Microsoft Azure. So let's add the password here. And then I'm going to add the database name. You're gonna have it, whatever you want. Alright, here we go. Now we have our connection string here in the app settings dot JSON file. But we need to pass this connection string t in the startup file, configure serves his method. So just open this starter file and configure sepsis method just to move this connection string. Because this time we're going to use that connection string that we have defined in the app settings.js JSON file. So here in the US, MySQL method will pass configuration dot get connection string method. And then we'll pass the connection string t. Let me show you that this is our connection string key name. So just pass this key name here. Alright, so far we have added the connection string. And now in the next module, we're going to add that database to the MySQL server via migrations. So I will see you in the next module. 71. Adding Migrations: In the last module, we have added our connection string. And now in this module we're going to add up migrations so that we can add that with database and the tables, the MySQL server. So just click on the project and go to the tools. And just click this open end terminal. Now into terminal. Let's add a migrations by using the following command, dot nec. Ef. Migrations. Add, and then pass the name of your migration. You can name it according to your choice. I'm going to give a falling name. Then let's hit Enter. And now we need to update our database to make a table schema. So let's update the database by using the following command, that is.net EF database update. And here we go. Let me open the MySQL Workbench. And then let's open this Azure MySQL server. Now in this higher MySQL server, you can see our database. And under this, you can see our table. Alright, so far we have Ed that database and the table in this Azure MySQL server. And now in the next module, we're going to publish our Web API to the Microsoft Azure Portal. I will see you in the next module. 72. Publish Web Api To Azure: In this module, we're going to publish our Web API to the Microsoft Azure. So without wasting any time, let's go to the studio and just click on your project and just publish your API to Azure. So in order to publish my web app, I need to sign into Azure with my account. So I'm going to add my details here. Disclose this. Our Azure account has been linked with the studio format. Now if we again click on this, Publish to Azure, then you will get the Azure app services. As you remember that we have created our web app when Microsoft Azure with that name. So we need to select the service. And then just click publish. And this is good to publish our Web API on Microsoft Azure. Just be patient because this will take few minutes. Once it's done, it will load the web API in the web browser. All right, so far we have published our Web API to the Microsoft Azure. And now in the next module, we're going to test our API end points. So I will see you in the next module. 74. Testing Api Endpoints: Welcome to add the episode of Azure deployment. And this time we're going to test our API by postmen. Our application has been published on Microsoft Azure and it's live. I'm in no way can access this web API on the internet. Alright, just copy this Web API URL. And then in the postmen, let's paste this URL. Then use the API slash course. And you know that these APIs are secure and no one can access these APIs without the access token. In order to get the access token, we need to register the user. So let's go to this signup and point, and they're happy to add some details of the new user. Then just data environment variable, because this is an EPA request. Now, we need to get the access token buys using the credentials of this user. So let me go to the auth token endpoint. And there I'm going to pass the credentials of this new user. Then let's issue a request. And here we got an access token. Well, with this access token, we can access our Web API. Let's go to the following API and then just set the HTTP verb to post and then add some data in the body of this request. Right after that. If we send the post request, then you'll see that we'll get the 401 unauthorized status code. And we cannot access this API in order to access this API when to pass our access token. So let's go to the headers of this request. And there, let's pass the authorization header and let's copy the access token. And just provide the access token here with a token type that is better. Now let's review the post request. And here we go. The record has been added just like that. Let's add another record with the same access token. All right, now let's take that occurred with a get request. So here I'm going to send the get request and regard these records and this API is working perfectly. Alright. Let's check the PUT request. So let's try to update this record. And for this purpose, I'm going to pass this ID in the URL. And then let's use the HTTP worked to put, just add JSON data and make sure you have added the access token here. Alright, now let's issue a request. And here we go. The record has been updated. Again. If we send a get request, then you can see that this record has been updated successfully. Just like that. Let's stick the delete request and delete the record against this ID. So what I'm going to do is I will add this ID along with this URL. You just need to make sure you have used the access token here. Now, let's set the HTTP verb to delete and send the request. And here we go. The racket has been deleted. For the sake of clarity lesson that get request. And here you can see that our record has been deleted. Now we can consume this web API anywhere. Also, no matter what kind of platform you have, this rest API will work on all the platforms, including Android, iOS, Windows. And you can consume this rest API in any programming language and development platform that supports JSON. Now, in the next section, I will show you how you can add the API documentation for these RESTful APIs. So I will see you in the next section. 75. Api Documentation: In this module, I'm going to show you how to leverage postmen to East US tes of generating documentation. Lemme show you how we can add API documentation. So what I'm gonna do is just switch to the postmen and their aptitude test. All these endpoints that are present in the controller. So first of all, let's call this GET request. And then if you are on Windows machine, then press control shift s. And if you are on a Mac machine, then use Command Shift N, S. And it will open this pop-up. Well, it's the postman collection. And it allows you to save your IQ in such a way that they can be reused and shared anytime. It also allows you to group your requests so that each API resource can act like a folder where you can save similar endpoints. So here you can see that we have our APIs URL. You can add that description of your request if you want, but it's optional. Alright, next we have this option that is collection. Let's get a new collection and emit API. Then inside this collection, let's add a new folder and name it. Get. In this get folder will place all the GET requests. Alright? And this will save all requests in this collection. Now here on the left-hand side, you can see that we have this course API collection. And inside this, we have this getMethod that contains this request. Now let's try to send a post request. Let's add some JSON data here inside the body of this request. And then just issue a post request. Alright, here we go. I'm gonna press Command Shift S, and it will open this pop-up. And there we are going to get a new folder inside this course, APA collection. And just they made post. Alright, let's save it. And on the left-hand side, we have this post folder inside the course APA collection. Now let's try to send a PUT request. Just send that HTTP work to put. And let's use the same access token and the record we have edit previously with the id. So as pastas ID in the URL, and then less issue a PUT request. And here we go. Now let's best Command Shift S and am going to add a new folder inside this course API and have it put. Alright, let's save it. And now in the collection, we have this put folder. Let's say I want to delete the record against this ID. Just go to this request body, and let's create this data. Then let's add the ID value in the URL. Just set the HTTP verb to delete. Right? After that, just issue a delete request. Alright, now let's go on shift s and just get a new folder inside this course EPA collection. I name it, delete. Just said this endpoint. So far we have edited our endpoints inside these EPA collection. Now go to the collection and just go to the Options menu and simply publish the documentation. And this will load the documentation link inside your default web browser. Here we need to specify the environment variable for our API. Right now, we're using the course API. And this course API, I don't have any environment variable. Let's set the environment variable to no environment. Then just click this published collection. And this will publish our collection immediately. And we can access our collection by this URL. If we click on this URL, then it will open the API documentation page. And here we have a very nice space that shows our API documentation. You can see that we have GET, post, PUT and delete endpoints. And on the right-hand side. And along with each request, we have this exemple request. For example, if your client wants to consume this API in PHP platform, then he can simply pick this PHP option and he will get the code of consuming this API. Similarly, if the client wants to consume this API in NodeJS, then he can pick the NodeJS quote. We have different platforms, but mostly the client wants the exemple request in Girl. Well, it's a command-line tool at its just like a postmen. In the postman, we basically call our API via graphical user interface or GUI. However, in that curve, we call an API via command line interface. Alright, that's our from the EPA documentation. Now, I will see you in the next section. 76. Overview of the Project: Hi, welcome to another episode of discourse. In this episode, I'm going to show you a little story. A client came to me and said that he wants to develop a mobile application for his coffee shop. So I have asked about the requirements and he said that he'd and application just like this. This first base they use again, get the menu like coffee, DR. cold drinks. And if the user clicked on some specific menu, then he will get thes sub menu. For example, if the user clicks this coffee menu, then all the coffee types will be shown to the user. All right, then we need another page that is of course the logistician beach. And from the space the user can book that table of the coffee shop via mobile application. Alright, so in this course, we're not going to make this mobile application. However, we're going to build a backend. Services are RESTful web APIs off this coffee shop mobile application. 77. Create Expresso Project: Let's open up the studio. And there I'm going to add a new project. And then let's pick this API template. I name it expressible API. Well, I have already told you the structure of this project when you started this course. And right now, we can to build our coffee shop web APIs in this project. But before this, we need to understand the relation between our tables. So let's try to understand the relation between the tables. In the next module. 78. Understand The Relation Between Tables: In this module, I'm going to show you how many tables we need and what's the relationship between these tables? Alright, let me show you that picture that the client has given to me. Well, on this page, we have menu. So we will have a menu table. Allright. Then in this list we have menu name, image. So in this menu Table, we have Manual ID, that's of course the primary key. Then we'll have a menu, we call it name. Then we will have a manual image. We'll call it Image. Alright. So this is the first table. Now, when does user click the menu, then he will get the list of sub-menu. So V need and other table that is sub-menu. And inside this table, we will have sub-menu name, description, price, and image, and of course, the sub-menu ID. That will be the primary key of this table. Alright. So here we have two tables. Now let's apply a relation between these two tables. In one menu, we have multiple sub menus, like vendors, user will click this coffee. Many people get a list of coffees. So it means that it is a one-to-many relationship between these two tables. All right. We're going to create the database with discord first approach, and we will talk about later how we will make relationship between these two tables via code first approach. All right, and now we have another base. And that is, that is admission piece of application. And user can deserve that table or book that table with this reservation pitch. So we also need to make an API for this reservation. But before this, let me tells you that we need an other table, call distribution. And we will need few properties for reservation like name, email, phone, total people, date and time for resolution, etc. All right, so we basically need these three tables to make an API. So let's start our work in the next module. 79. Adding Models: In this module, we're going to add the models for menu, sub-menu and preservation. So let's go to this project. And there I'm going to create a folder and name it models. Then just right-click on this folder and get a new glass. And they make menu. Now inside this menu class, let's add few properties like id, name, and image. Now let's get another glass. And this time I'm going to name it sub-menu. And inside this class, let's add few properties like sub-menu ID, name, description, and image. Alright, here we go. Now, I have told you earlier that this is a one-to-many relationship between newer menu and the sub-menu. It means one menu can have many sub menus. All right, so how do I make a relationship between these tables? But there are certain conventions in Entity Framework which we need to follow in the modern glass. And it will automatically result in a one-to-many relationship between two tables in the database. You don't need to configure anything else. Let's take a look at the conventions which will get a one-to-many relationship. We want to establish a one-to-many relationship between the menu and the sub-menu entities where many sub-menu associated with one menu. So the convention is to include a collection navigation property in that principle entity as shown below. We will add this collection navigation property in the menu class. Well, there are also many other risks do make a one-to-many relationship. This is just one that I'm going to show you in this project. Alright? So just include a collection navigation property of type, IE, collection of sub-menu, and give it a name that is sub menus. But this will result in a one-to-many relationship between the menu and the sub-menu entities. Now we don't need to add anything in this sub-menu glass. All right, let's close this. And now let's add another glass that is not inside this reservation class. I'm going to add these properties one-by-one. Let's start with the ID. Then let's add a name. After this. Let's get an e-mail property. Then. Afford property. Right after that. Just add dawdle people, property of type integer. Then add, did property of diet, did diamond. And finally, just add at time property. All right, here we have edit all these properties. Now in the next module, we will add data imitation fought this division class. I'll see you in the next module. 80. Adding Data Annotations: In the previous module, we have added this reservation class and its properties. Now we're going to add the data for this reservation class. But I kept covered the data in addition in the Mediterranean section. So this time it will be easy to add the data integrations inside this, let's envision class. So let's start with this name property. Well, we want to use a name compulsory. If he will not provide the name, then he cannot reserve that table. So let's add a required attribute on top of this property. Then we also want all the properties compulsory. So let's add the required attribute on all these properties. Now the type of this email property is string, but the user can easily add the email in wrong format. So how to fix this? Well, for this purpose, we need to add a regular expression attribute. Well, if you are a software engineering student and maybe you have learned that 2D of automata or compiler construction in your university or college. And this regular expression is a concept of deaths object. But don't worry, we're not going to the detail. If you have not learned these subjects in your universities or colleges than just popular regular expression of email from the Google. Right now, I have also copied this regular expression from the Google. And don't worry, I will attach this regular expression along with this video. Alright, then let's go towards the food. And we have set the String type of this phone property. We will only allow the user to enter the phone in numbers. So for this purpose, I have an other regular suspicion for just numbers. So let's edit here. Alright. As the auditor said, don't worry, I will add this regular Association along with this video. So if you have missed something during typing, then download the regular expression file along with this video. Now let's jump towards the time property. Well, the type of this property is string. So we need to use this data in addition, that is data type. And then use this data type to pick the time enum. We can also pick other properties like RMC, et cetera. But our concern is with the dime. So let's use this. And here we go. Alright, now we have almost edited data in traditions inside our reservation class. And now in the next module, we'll get that DB context and connection string. See you in the next module. 81. Adding Connection String and DbContext Class: In this module, we're going to add the DB context and connection string inside of our project. We have already learned that connection string and DB context when we created the course API earlier in this course. So let's quickly add these things inside of API. Let's add a folder inside of our project. And let's give a name to this folder that is data. Now, in this data folder, let's add a class that is expressed so DB context. Then inside this class, first of all, let's inherit this Expresso DB context class from DB context. Well, this DB context comes from this namespace. And we have to resolve the namespace of this class. When we worked with the Course API that I told you why we use the constructor in this DB context class and all the working of this DB context. And now, instead of repeating the concepts, just copy this quote from the Course API project and paste it here. And then just pass this express. So DB context class here. Alright, I have already explained you this code. So if you have any issue, then please go back to the falling section of the course. And there you will find the video where we have discussed this code. Now I'm going to add a property. And other question is that what this block B is going to return? Well, it's going to return that DB set of menu. And in order to access the menu class here, we also need to add the namespace. So let's add a namespace. Right after that. Let's name this property to menus. We have three model glasses. So let's add three properties for menus, sub menus, and reservation. Let me quickly add these DB set properties. Now we need to create a connection string. So let's jump to a stop. Started Garcia's class. In this class, we'll put our connection string. I have told you earlier how to put the connection string in this file when we worked with the Course API. So I will simply with the syntax of the connection string and then visit here. Right after that, we will need to pass the server name, user ID, password, port number, and database name. I have attached this connection string along with this video. So what you need to do is just copy this connection string and then just place the following things in this connection string. Let me tell you again that you can find the server name and your port number from the MySQL Workbench. Just open your MySQL Workbench. And here you can see your server name and your port number, and the user ID. Just pause route, and in the password, just add your password that you have used during the isolation of MySQL server in the database. Just pass the name of the database according to your choice. Here we have added our connection string of the database. And now in the next module, we'll add the migrations inside the API. Alright, I'll catch you in the next module. 82. Implement Migrations: In the last module, we have connected the DB context class and the connection string. Now in this module, we're going to add them migrations inside our project. Well, this time we're not going to work with dot database dot insure THE method. Because maybe in the future, if the client wants to change the schema of the database, then it's easy for us to do this for him by simply adding the code first migrations. So in order to set up the database, Let's go to the project and just click on it. Then go to the Tools and click Open in Terminal. Here we have our terminal. And inside this, let's add a migrations with this command that is.net EMF migrations add. And here, just name your migration. I'm going to give a falling name that is initial Create and just hit enter. Now we need to update the database with this command that is.net EF database update. And here we go. For the sake of clarity, let's go to the MySQL workbench. And if we refresh this, then we'll get the database. If we expand this, then will have CDOs for menus, sub menus, n reservations. So far we have added the database and the DeVos via migrations. Now in the next module, we will learn how to make a controller so that we can communicate with the database tables. See you in the next module. 83. Understand the Controllers And Methods: In this module, we're going to explore how many controller classes we need and how many methods we're going to get inside each controller. So basically, let's look at this application image. According to the explicit owner, he wants to insert, update, or delete the data from the database. And he don't want to use the post and delete request. However, he wanted to send the data to the mobile applications user web GET requests. So in the manuscript taller, we need only get requests. We will add to get requests. The one that will get all the menu and the sub-menu data from the database. And the other that will only get the specific menu and sub-menu data according to the id. Then we will lead another controller for reservation. And in this reservation controller, the Expresso cafe owner said that he just want to give a write request to the user, means the user can only provide the details and took the reservation table. There's users don't have any right to get, put or delete the record. So it means we need to add only a post method here in the reservation controller. That's a requirement of Expresso cafe owner. Now let me repeat that. We will add two controller. The one is for menu that contains two Get requests, and the other controller is for reservation that will only contain a post request. Alright, now let's add these controllers. One, no one in the next module. 84. Menus Controller: In this module, we're going to add the MenuController. So without wasting any time, let's click on this Controllers folder, and then let's add a controller and name it manuals controller. Alright, here we go. Now inside this menu controller, you will see some boilerplate code for GET, post, PUT, and delete requests. But in this manages controller, we just need to getMethod. So what I'm going to do is I will delete all the code except these two getMethod. Then let's add a field of type express, so DB context and emit underscore espresso DB context. Then let's get a co-instructor of this manuscript roller. Pass a parameter of type express so DB context and just assign this parameter to this field. Now, let's say the name of this method to get menus and make the return type of this method to ay action. Is there? Alright, in this method, let's use the espresso DB context object. And with that, let's call them manage property that comes from this express. So DB context class. Let's store this in some variable. And I'm going to name this variable two menus. Finally, let's attend the oaky method and pass the menus in this method. Now, what am I going to do is I'll simply run this application and let's try to send that request to get menus methods just to Sir out that is api slash menus. And here we'll get the empty square brackets, which means there is no data inside our menus table. So let's go to the database and then we'll add some data. Now inside the MySQL Workbench, we have this database. And inside the database, let's open this menu stable. And now we're going to add some data. Let me quickly add some data in this table. David tells you that instead of storing the images in the database, we store the image URL in the database, because storing the images in the database directly is a bad practice. And we'll harshly increased geo database size and decrease the performance of your database. So instead of storing the images in the database, we store images on the CDN and then just put those image links in that database. Well, don't worry, I have added some images on the CDN and you can get the link of images along with this video. And here I have just added the image links in the menu stable. And once we add the data, then wind to apply the changes to our table. Alright, here we go. So far we have added the data inside the menu table. Now, we need to add some data inside the sub-menu table. So let's open this sub-menu table. Then I'm going to write some data. The interesting thing is that in this sub-menu table, you can see this menu ID column. Well, it's a foreign key. We have not collected this key. Entity Framework, did this for us. And we open the sub-menu model glass. Here, you can see that we don't have any foreign t. And in the menu glass, we have just used this IE collection navigation property. And on behalf of this IE collection poverty, we have a menu ID column inside our sub-menu table. Well, the id menu Table is stuff foreign key off our sub-menu table. So let's go to the menu Table. And there you can see that the ID of coffee menu is one. So I want to apply this ID into sub menu table. Alright? In this sub-menu table, let's add one in the menu id column, and then let's add some record for coffee. Let me quickly add some details here. If you are coding along with me, then just download the file in which I have added some raw data. Otherwise, you can also put your own data in this sub-menu table. Alright, here we go. Now we have entered a record and it's time to run the application. I'm going to copy this API URL and then S2, the postmen. And there I'm going to issue a get request using this API slash menus. And here you can see that we're getting the record, but the sub-menu is not present here. So how to pass the sub-menu here along with this request? Well, it's quite simple. We have to go to the MenuController and they're in this getMethod, we have used the espresso DB context object along with the menus DB set property. Well, if you go to the menu modal glass, then you'll see that we have added this collection navigation property that's basically in charge of loading the sub menus data. So what we need to do is we'll copy this property name. Then in the Manchus controller. Let's include this property by using include and then pass the property name here. In that I will go to. This concept of including the property is called eager loading. Eager loading is a process whereby acuity off one type of entity, also Llosa related entities as part of the QD so that we don't need to execute a separately for related entities. Eager loading is achieved using the include method. All right, now let's run this application again. Here I'm going to send the get request. And this time you'll see that we getting all the data in JSON format. That's awesome. We have successfully created the controller for menus. And now in the next module, we'll explore the other Get request to get the specific menu according to the ID parameter. Alright, so I will see you in the next module. 85. Get Menu Method: In this module, we're going to make another overload of this getMethod that will just return the specific menu equity. Alright, so in this method will add ID and would be half of this id who'll get the menu. So in the menu controller, let's name this method to get menu. Then this state the return type of this method to action. And finally, just make sure to pass the ID in this method as a parameter. Alright? Then just use the same line of code that we have written in this getMagnitude method. But of course, this time will return all the menus. And we are only interested to get some specific menu according to this ID parameter. So let's add this first, our default function. Then inside this function, let's use the lambda expression to check whether this menu ID is equal to this ID parameter. Then let's store the result in some variable. And I'm going to name it Menu. Well, this line, we'll get the menu according to the ID that we'll pass in the request. However, if will pass the ID that doesn't exist in the database, then we have to display some status code to the user. So let's add an if condition to check. If this menu is null, then simply return NOT_FOUND status code. Otherwise, let's add the ok. method and pass this menu here. Now, let's run this application. And inside the postmen, if we send the request against this get menus method, that you can see that we will get all the records. Now let's assume we just want to get the record against this menu. So we need to pass the ID in the URL. And if we send the request, then this time we will only get the specific record against this ID. Alright, that's off on this GET request. Now in the next module, we will explore the vision mission controller. So I will see you in the next module. 86. Reservations Controller: In this module, we're going to get reservations controller so that a user can book are preserved the table. First of all, let's go to this controller folder. Then let's add a new good daughter. And I'm going to name it reservations controller. Then inside this controller, let's remove everything except the post request because we just need one method in this reservations controller. Alright, then let's add a field of Expresso DB context, just like we have done in the manuscript or the glass. Then let's add a constructor that takes this Expresso DB context object as a parameter. And then let's assign this to this field. Now with this DB context, we will perform database operations inside this reservations controller. Now in this controller, we just need a one method that is post. And here we have this post method. So all we need to do is just make the return type of this method to action is L. Then in this post method, this is inhibition object as a parameter. Now let's use this espresso DB context object. Then we can access this reservations poverty and use the helper method. And then just add that as a recent object here. Well, this line, we'll see our reservation record inside the database. But we need to tell the database to save our changes. And for this purpose, we need to call the CFT just method with this DB context object. Alright, here we go. Because this is a post request and we want to turn to a one is sketchy status code to the user. In order to return the status quo to the user. Just post a status code that we want to express. In our case, it's set to one. And for this status code, you will need to add this new space. Alright, we have already cricket all the GET, post, PUT and delete request and these test scores in the course API section. And right now I'm just focusing on the API without going deeply. Now let me tell you that in that reservation glass, we can edit the data in addition. And now in this reservations controller and in this post method, we need to validate our model with this code. So in this post method, just check if the model state is not valid, then boss the bad request status code. Otherwise, just execute these lines of code. We have code that data innovation and tradition in the model variation section of this course. So just make sure you have watched the video properly. Now, let me run this application so that we can post the data. Why this post method? Alright, just switched to the postmen. And they're having to use this API URL and then add this row, that is api slash reservations. Then avenue to select this HTTP post method. And now I'm going to add some descended in the body of this request. Here in the body section, I want to add the JSON data according to the reservation model. Glass poverty's. So indebted division clause. We have these properties like name, email, phone, total people, date, time. So let me quickly add the descent into here. Now, let's issue a post request and will get stethoscope to one. It means our record has been created, but we have not used any Get request in this feather mission controller. So we can not check the record web request. In order to check the record, we need to open the MySQL Workbench and then just the FASTA database and opened the reservation stable. And there you can see that our record is spelled and here, alright, so far we have collegiate dove Web API for espresso coffee shop. I have already told you how would you can deploy the web API gone, Microsoft Azure. So if you want to utilize this API or the internet, then just go to the previous Azure Deployment section of discourse and deploy this API on your Microsoft Azure portal. But for now, that's all from this espresso coffee API. Also, I had just made under the follow-up course for you, in which we'll make a cross-platform mobile application from the official API. You can find the link of discourse in the next section. 87. Final Words: I hope you've enjoyed this course. And he just made another follow-up course for you, in which we'll make a cross-platform mobile application from this coffee shop API. Alright, that's all for my ENT. I'll see you some of the time. Till then. Goodbye.