Entry ASP.NET Web API Interview Questions

ASP.NET Core Web API is a framework for building HTTP services that return JSON, XML, or other serialized data.

Differences from MVC:

• No Razor or HTML rendering
• Focused on RESTful services
• Controller methods return data, not views
• Routing is often attribute-based

The pipeline consists of middleware components that process HTTP requests in sequence:

• Request enters server
• Middleware handles tasks like authentication, logging, routing
• Endpoint routing selects controller/action
• Controller executes business logic
• Response flows back through middleware

Controllers handle incoming HTTP requests.

• Decorated with [ApiController] and [Route]
• Contain action methods
• Use dependency injection via constructor
• Return IActionResult or data objects

Attribute routing uses attributes to define URL patterns.

• [Route("api/[controller]")] sets base route
• [HttpGet], [HttpPost] define HTTP verbs
• Supports route parameters, constraints, defaults

Model binding maps HTTP data to method parameters.

• [FromBody] binds JSON/XML
• [FromQuery] binds query parameters
• [FromRoute] binds URL segments

Validation uses DataAnnotations and ModelState.IsValid.

Action results allow APIs to return proper HTTP responses.

• Return 200, 404, 400 etc.
• Provide flexibility using IActionResult
• Support multiple return formats

Content negotiation selects the response format based on:

• Client's Accept header
• Configured formatters (JSON, XML)

ASP.NET Core defaults to JSON.

ASP.NET Core has built-in DI.

• Register services using AddSingleton/AddScoped/AddTransient
• Injected via controller constructor
• Improves modularity and testability

Singleton: One instance for entire app.

Scoped: One instance per request.

Transient: New instance per usage.

Best practices include:

• UseExceptionHandler middleware
• Exception filters
• Centralized logging
• Returning friendly error messages

Uses System.Text.Json by default.

• High performance
• Supports converters and casing rules
• Can switch to Newtonsoft.Json if required

Action filters run before/after actions.

• Logging
• Validation
• Authentication
• Response modification

[FromBody] - reads body JSON/XML.

[FromQuery] - reads query string.

[FromRoute] - maps URL parameters.

API versioning methods:

• URL versioning: /api/v1/
• Query string versioning
• Header versioning (api-version)

Implemented using the Versioning package.

CORS allows cross-domain API access.

Configured using AddCors + middleware.

Needed for browser-based clients.

Security techniques include:

• JWT Bearer authentication
• [Authorize] attributes
• HTTPS enforcement
• Input validation
• Rate limiting

Synchronous: Thread waits for completion.

Asynchronous: Releases thread during I/O.

Async improves scalability.

Response caching reduces repeated processing.

• Uses [ResponseCache] attribute
• Decreases latency
• Improves throughput

Testing involves:

• Unit tests with mocks
• Integration tests with TestServer
• API testing tools (Postman, Swagger)
• Validating status codes, payloads, headers

Swagger provides:

• Interactive API documentation
• Endpoint visibility
• Contract testing
• Client-code generation

Middleware are components in the ASP.NET Core request pipeline that execute sequentially.

Each middleware can:

• Process the request before passing it forward
• Process the response after the next middleware has executed

Common examples include authentication, logging, CORS, and routing middleware.

Order is critical because each middleware depends on the sequence.

UseRouting identifies the matching endpoint based on the URL.

UseEndpoints executes the matched action.

Authentication, authorization, and CORS middleware should be placed between these two for correct behavior.

Custom middleware involves:

• Create a class with a constructor accepting RequestDelegate
• Implement Invoke or InvokeAsync
• Register with app.UseMiddleware<T>()

Filters run during the execution pipeline and include:

• Authorization Filters
• Resource Filters
• Action Filters
• Exception Filters
• Result Filters

Applying [ApiController] automatically triggers model validation.

Invalid models result in 400 Bad Request with error details.

Validation uses DataAnnotations like [Required], [Range], etc.

Global exception handling steps:

• Create custom exception middleware
• Wrap request processing in try/catch
• Log and return a standardized error response
• Use app.UseExceptionHandler() for production mode

Synchronous middleware: Blocks thread while executing.

Asynchronous middleware: Uses Task and await to release thread during I/O operations.

Async middleware improves scalability in high-load systems.

Logging methods:

• Use ILogger<T> via DI
• Log levels: Trace ? Critical
• Send logs to Console, Files, DB, or external providers
• Use middleware/filters for request & response logging

Diagnostic middleware provides insights into requests and system behavior.

Examples: DeveloperExceptionPage, SerilogRequestLogging, Application Insights.

Helps detect failures, anomalies, and performance issues.

CORS is configured using:

• AddCors() in Program.cs
• Define policies with allowed origins, headers, and methods
• Apply globally or per controller using [EnableCors]

Use the [Consumes] attribute:

[Consumes("application/json")]

Rejects unsupported media types with HTTP 415.

To log safely:

• Use EnableBuffering() for reading request body
• Wrap the response stream to capture outgoing body
• Avoid logging sensitive data

Endpoint routing: Pre-matches endpoints before controller activation.

Legacy routing: Occurred during MVC action selection.

Endpoint routing is more flexible and enables better middleware integration.

Use API Versioning package.

• URL versioning
• Header versioning
• Query string versioning

Decorate controllers with [ApiVersion("1.0")].

Configure using:

AddControllers().AddJsonOptions(options => { ... });

Supports camelCase, converters, and null handling.

Use IActionResult or ActionResult<T> for flexible responses.

Supports content negotiation and custom response formatting.

Use libraries like AspNetCoreRateLimit.

• Define IP or user-based rate limits
• Prevent abuse and DoS attacks
• Supports rule-based throttling

Best practices:

• Use correct lifetimes: Singleton, Scoped, Transient
• Prefer constructor injection
• Avoid service locator pattern
• Group and organize service registrations

Use monitoring platforms like:

• Application Insights
• Serilog + Seq
• ELK Stack
• Prometheus + Grafana

Track latency, errors, throughput, and resource usage.