Custom API Implementation

Learn best practices for securing API calls using custom endpoints with and .

By implementing these components, you can enhance authentication, request processing, and leverage core Advantage features:

- Access domain information.
- Retrieve language settings.
- Manage database connections.
- Access advanced module functionality.

Implementing a Custom Delegating Handler

To secure requests for specific controllers, you can create a custom handler by inheriting from . Below is a sample implementation:

namespace AdvantageCSP.WebAPI.Handler
{
    public class MyCustomControllerHandler : AdvantageDelegatingHandler
    {
        protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            // Custom security validation logic
            // Example: Validate headers, tokens, or API keys

            // Authenticate and set user identity here

            return base.SendAsync(request, cancellationToken);
        }

        private bool ValidateRequest(HttpRequestMessage request)
        {
            // Add validation logic here
            return true; // Replace with actual validation logic
        }
    }
}

This handler ensures that only authenticated and authorized requests are processed by specified controllers. Replace the stub logic with your custom implementation.

Creating a Custom API Controller

The following example demonstrates how to use to create a custom API controller. This base class provides access to powerful engines and features.

using AdvantageCMS.Core.Admin.Event;
using AdvantageCSP.API.Classes;
using System.Web.Http;

[Authorize]
/// <summary>
/// Handles account-related API operations.
/// </summary>
public class AccountProfileController : AdvantageApiControllerBase
{
    private const string API_Category = "Save Member";
    private const string API_Title = "MARS Entity Update";

    public class APIResult
    {
        public eCMSEngineEventStatus Status { get; set; }
        public string Message { get; set; }
        public string MemberToken { get; set; }
    }

    #region Endpoints

    [HttpGet, HttpPost]
    [Route("api/account/GetProfile")]
    public IHttpActionResult GetAccountMember(string memberToken)
    {
        APIResult retval = new APIResult();
        if (string.IsNullOrEmpty(memberToken))
        {
            retval.Status = eCMSEngineEventStatus.Exception;
            retval.Message = "Invalid token";
            return BadRequest(retval.Message);
        }

        // Perform member validation
        var rtn = new Sample.AccountMember();
        bool validated = false;

        if (validated)
            return Ok(rtn);

        return BadRequest(retval.Message);
    }

    #endregion
}

This implementation provides access to , , and other advanced features for custom processing.

Registering API Routes in Global.asax

To handle API requests securely, register your API routes and attach a custom handler during the event.

public override void Application_Start(object sender, EventArgs e)
{
    // Register default routing for secure API calls
    AdvantageAPIRouting(new SecureContentControllerHandler());

    // Custom endpoint with a message handler
    GlobalConfiguration.Configuration.Routes.MapHttpRoute(
        name: "accountMemberAPI",
        routeTemplate: "api/account",
        defaults: new { controller = "AccountProfile" }
    );

    // Attach custom message handler
    GlobalConfiguration.Configuration.MessageHandlers.Add(new MyCustomControllerHandler());

    base.Application_Start(sender, e);
}

This configuration ensures secure routing and processing for the `AccountProfileController` API endpoints.