Posted on Oct 18 Building APIs is like creating a bridge for different software components to communicate, and it can be a lot of fun. But, just like any other craft, there are some best practices and pitfalls to avoid. In this conversation, we'll take a friendly stroll through 10 common "oopsies" you should steer clear of when building ASP.NET Core API controllers.Think of these as the friendly neighborhood guidelines that help you keep your API organized, secure, and easily understandable. We'll talk about everything from how to structure your API routes to handling errors with grace, so you can serve up smooth and reliable services to your users. So, let's get started on this API-building adventure!1. Not Using Attribute Routing: Imagine your API is like a menu in a restaurant. You need to organize it by putting labels (attributes) on each dish (endpoint). Without these labels, it's like a menu with no sections, making it hard to find what you want to order.2. Exposing Sensitive Information: When something goes wrong in your API, you don't want to give away too much information. It's like a detective not revealing all the clues. In your code, you should avoid telling users too much about the errors that occur.3. Overusing Data Annotations: Think of data annotations like sticky notes on a form. It's better to have a single note (like a class for input) with all the information rather than putting sticky notes all over the place.4. Ignoring Input Validation: It's like letting people enter any building without checking who they are. In your code, you should always check and make sure the data people give you is valid and safe.5. Overusing HTTP Verb Tunneling: If you use the wrong method (like using a hammer to cut a cake), things can get confusing. Make sure you use the right method (HTTP verb) for each job in your API.6. Not Using Dependency Injection: Imagine you need tools to build a treehouse. Instead of asking for tools, you start building your own tools every time. That's what happens when you don't use dependency injection. You should ask for the tools you need.7. Not Handling Exceptions Gracefully: If your API makes a mistake, it's like a chef burning a dish. You should apologize and offer something else (handle the error gracefully) instead of just serving a burnt dish (an error) to your customers.8. Not Using ViewModel/DTO: When you show a house to someone, you don't show them all the messy details (domain models) inside. You use a clean and presentable version (ViewModel) of the house. Similarly, in your API, use ViewModel or DTO to present data to the user, not the messy stuff from your database.9. Not Implementing Proper Authentication and Authorization: It's like having a nightclub with no bouncer at the door. Anyone can enter, and that can lead to trouble. In your API, you should have a "bouncer" (authentication and authorization) to check who's allowed in.10. Not Versioning Your API: Imagine a phone that doesn't get updates. It can become outdated and stop working well. Similarly, your API needs updates too. You should create different versions (like software updates) of your API to keep it running smoothly for all users.By avoiding these bad practices, you can make your API more organized, secure, and user-friendly, just like a well-managed restaurant or a smoothly running machine.Templates let you quickly answer FAQs or store snippets for re-use. Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink. Hide child comments as well Confirm For further actions, you may consider blocking this person and/or reporting abuse Hakeem Abbas - Oct 18 Jaimal Dullat - Oct 17 Lorem Impsu - Oct 17 Carlos Azaustre - Oct 17 Once suspended, yogini16 will not be able to comment or publish posts until their suspension is removed. Once unsuspended, yogini16 will be able to comment and publish posts again. Once unpublished, all posts by yogini16 will become hidden and only accessible to themselves. If yogini16 is not suspended, they can still re-publish their posts from their dashboard. Note: Once unpublished, this post will become invisible to the public and only accessible to yogini16. They can still re-publish the post if they are not suspended. Thanks for keeping Dev Community safe. Here is what you can do to flag yogini16: yogini16 consistently posts content that violates DEV Community's code of conduct because it is harassing, offensive or spammy. Unflagging yogini16 will restore default visibility to their posts. DEV Community — A constructive and inclusive social network for software developers. With you every step of your journey. Built on Forem — the open source software that powers DEV and other inclusive communities.Made with love and Ruby on Rails. DEV Community © 2016 - 2023. We're a place where coders share, stay up-to-date and grow their careers.