← Back to work
Backend Platform

REST API Platform

A centralized, production-ready API layer built for web, mobile, and third-party clients — featuring secure JWT authentication, clean repository architecture, Swagger documentation, and consistent response patterns across all endpoints.

REST API Platform preview
ASP.NET Core Web API Entity Framework Core JWT Auth Refresh Tokens Repository Pattern LINQ Postman

Project Description

This REST API platform was built to serve as a single, reliable backend for multiple client types — web apps, mobile applications, and third-party integrations. The goal was to eliminate duplicated backend logic across projects by creating a well-structured, reusable API foundation that any frontend or external system could consume safely.

The project was structured around ASP.NET Core Web API with a strict separation of concerns — controllers handle routing, services encapsulate business logic, and repositories manage all data access. Every endpoint returns a consistent JSON response envelope so clients can handle success and error states predictably without custom parsing logic per route.

Key Highlights

  • RESTful endpoint design — Designed clean endpoints following HTTP verb conventions (GET, POST, PUT, DELETE) with route versioning, proper status codes, and a consistent JSON response wrapper containing status, message, and data fields on every response.
  • JWT authentication + refresh token flow — Secured all protected routes using JWT bearer tokens with short-lived access tokens and a refresh token rotation strategy — storing refresh tokens in the database with expiry tracking to support silent re-authentication.
  • Role-based access control (RBAC) — Implemented fine-grained permission control using ASP.NET Core's [Authorize(Roles)] attributes — restricting sensitive endpoints to specific roles (Admin, Manager, User) with standardised 401/403 responses for unauthorised access.
  • Repository + service layer architecture — Structured the codebase using the Repository Pattern with generic and specific repositories, a service layer for business logic, and Dependency Injection throughout — making the code testable, loosely coupled, and easy to extend.
  • Global error handling + input validation — Built a global exception middleware for clean error responses combined with Data Annotation and FluentValidation on all request DTOs to prevent invalid data reaching the business layer.
  • Swagger / OpenAPI documentation — Integrated Swagger UI with JWT bearer token support so developers can authenticate and test protected routes directly from the docs — reducing integration time for consuming teams.
  • Azure deployment + environment config — Deployed on Azure App Service with environment-based configuration keeping connection strings, JWT secrets, and third-party keys out of source code using Azure App Configuration.
  • EF Core with optimised LINQ queries — Used EF Core with code-first migrations, eager loading (Include/ThenInclude), DTO projections, and server-side pagination — avoiding N+1 query problems and unnecessary data transfer.