Skip to main content

Overview

The XGP Photo API is a production-ready REST API built with ASP.NET Core 9.0 that provides a complete backend solution for managing photography projects and their associated image galleries. The API features secure JWT-based authentication, role-based access control, and a clean architecture designed for scalability.
This API uses PostgreSQL as its database and automatically handles migrations and seeding during startup.

Key Features

Secure Authentication

  • JWT Bearer Token Authentication - Industry-standard token-based authentication
  • Client Credential Validation - Multiple client applications supported with unique credentials
  • Role-Based Authorization - Admin and user roles with granular permissions
  • ASP.NET Core Identity Integration - Built on Microsoft’s proven identity framework

Project Management

  • CRUD Operations - Full create, read, update capabilities for photography projects
  • Project Details - Support for multiple images per project with metadata
  • Active Status Tracking - Soft delete functionality with IsActive flags
  • Relationship Management - One-to-many relationships between projects and details

Developer Experience

  • Swagger/OpenAPI Documentation - Interactive API documentation in development mode
  • Clean Architecture - Separation of concerns with Domain, Application, Infrastructure, and API layers
  • Entity Framework Core - Code-first database approach with migration support
  • Automatic Database Seeding - Default admin user created on first run

Architecture

The API follows Clean Architecture principles with clear separation of concerns: 
xgp-photo-api/
├── Api/
│   └── Controllers/          # HTTP endpoints
├── Application/
│   └── DTOs/                # Data transfer objects
├── Domain/
│   └── Entities/            # Core business entities
├── Infrastructure/
│   ├── Data/                # Database context
│   ├── Identity/            # JWT services
│   ├── Repositories/        # Data access
│   └── Extensions/          # Dependency injection
└── Program.cs               # Application entry point

Technology Stack

Framework

ASP.NET Core 9.0

Database

PostgreSQL with EF Core 9.0

Authentication

JWT Bearer + ASP.NET Identity

API Documentation

Swagger/OpenAPI 3.0

Data Models

The API manages two primary entities:

Project Entity

Represents a photography project with banner information and metadata.
Program.cs
public class Project
{
    public Guid Id { get; set; }
    public string BannerClickTitle { get; set; }
    public string BannerClickDescription { get; set; }
    public string Title { get; set; }
    public string Description { get; set; }
    public string ImageUrl { get; set; }
    public DateTime CreateDate { get; set; }
    public DateTime? ModifiedDate { get; set; }
    public bool IsActive { get; set; }
    public ICollection<ProjectDetail> Details { get; set; }
}

ProjectDetail Entity

Represents individual images within a project.
Program.cs
public class ProjectDetail
{
    public Guid Id { get; set; }
    public Guid ProjectId { get; set; }
    public string ImageUrl { get; set; }
    public bool IsActive { get; set; }
    public DateTime CreateDate { get; set; }
    public DateTime? ModifiedDate { get; set; }
    public Project Project { get; set; }
}

API Endpoints

Authentication Endpoints

MethodEndpointDescriptionAuth Required
POST/api/auth/loginAuthenticate and receive JWT tokenNo

Project Endpoints

MethodEndpointDescriptionAuth Required
GET/api/projectsGet all active projectsNo
GET/api/projects/{id}Get project by IDNo
POST/api/projectsCreate new projectAdmin only
PUT/api/projects/{id}Update existing projectAdmin only
Admin role is required for creating and updating projects. Public read access is available for all active projects.

Security Features

JWT Token Configuration

The API uses industry-standard JWT tokens with configurable settings:
appsettings.json
{
  "Jwt": {
    "Issuer": "XgpPhotoApi",
    "Audience": "XgpPhotoClients",
    "Key": "your-secret-key-here",
    "ExpMinutes": 60
  }
}

Client Authentication

Multiple client applications can be configured with unique credentials:
appsettings.json
{
  "AuthClients": [
    {
      "ClientId": "xgp-web",
      "ClientSecret": "your-client-secret",
      "Description": "Frontend Web application"
    }
  ]
}

Role-Based Access Control

The API implements role claims in JWT tokens for fine-grained authorization:
Program.cs
claims.AddRange(roles.Select(r => new Claim(ClaimTypes.Role, r)));
claims.AddRange(roles.Select(r => new Claim("role", r)));
Both standard .NET role claims and JWT role claims are included for maximum compatibility with different client types.

Database Management

Automatic Migrations

The API automatically applies Entity Framework migrations on startup:
Program.cs
await db.Database.MigrateAsync();

Default Admin User

A default administrator account is created during first run:
Change the default admin credentials in production environments. Update the password in DatabaseSeeder.cs.

CORS Configuration

The API is configured to allow requests from any origin in development:
Program.cs
app.UseCors(x => x.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin());
For production deployments, configure specific allowed origins for security.

Next Steps

Quickstart

Get the API running in minutes

Authentication

Learn how to authenticate and use JWT tokens

API Reference

Explore all available endpoints

Deployment

Deploy to production environments

Build docs developers (and LLMs) love

Get started for freeTalk to us