Skip to content
Learn Netverks

Lesson

Step 30/36 83% through track

web-api-controllers

Web API controllers

Last reviewed Jun 1, 2026 Content v20260601
Track mode
server_compiled
Means
Compiled runner
Reading
~2 min
Level
intermediate

This lesson

This lesson teaches Web API controllers: the syntax, APIs, and habits you need before advancing in ASP.NET.

Teams ship Web API controllers on every ASP.NET codebase—skipping it leaves gaps in debugging and code reviews.

You will apply Web API controllers in contexts like: JSON APIs for SPAs, mobile clients, and microservices behind API gateways.

Write C# (top-level or Program class), click Run on server—the dev runner uses dotnet build/run on a temp net8 project (requires .NET SDK; LEARNING_RUNNER_ENABLED=true).

Toward the end of the track—consolidate before capstone-style review lessons.

Web API controllers return JSON (or XML) instead of HTML views. They power SPAs, mobile apps, and microservices—RESTful routes with HTTP verbs and status codes.

ApiController basics

[ApiController]
[Route("api/[controller]")]
public class ProductsController : ControllerBase {
    [HttpGet]
    public async Task<ActionResult<List<ProductDto>>> List() { }

    [HttpGet("{id:int}")]
    public async Task<ActionResult<ProductDto>> Get(int id) { }

    [HttpPost]
    public async Task<ActionResult<ProductDto>> Create(ProductCreateDto dto) { }
}

Status codes

  • 200 OK — success with body
  • 201 Created — use CreatedAtAction
  • 400 Bad Request — validation failures
  • 404 Not Found — missing resource
  • 204 No Content — successful DELETE

[ApiController] behaviors

Automatic model validation (400 on invalid ModelState), binding source inference, and problem details for errors.

Important interview questions and answers

  1. Q: REST vs RPC-style routes?
    A: REST uses nouns and HTTP verbs; RPC uses action names in URLs—pick consistency for your API consumers.
  2. Q: DTO vs entity in API?
    A: Never expose EF entities directly—DTOs control shape and prevent over-posting/leaky relations.

Self-check

  1. Which attribute enables automatic 400 on invalid models?
  2. What status code fits a successful POST that creates a resource?

Tip: Return DTOs from APIs, not EF entities—prevents leaking navigation graphs and protects against over-posting on write endpoints.

Interview prep

What does [ApiController] do?

Enables automatic model validation (400 on invalid ModelState), binding source inference, and standardized problem details for API errors.

Interview tip Lesson completion confidence

Can you explain this lesson in 30 seconds without reading notes?

Not saved yet.

Playground

Runs on the configured server runner (dev: npm run runner with LEARNING_RUNNER_ENABLED=true). Output appears below the editor.

Check yourself

Multiple choice — immediate feedback.

Discussion

Past discussion is visible to everyone. Only logged-in users can post comments and replies.

Starter discussion topics

  • ApiController attribute?
  • ProblemDetails?

Sign up or log in to post comments and sync lesson progress across devices.

No discussion yet. Be the first to ask a question.

Jump

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36