Skip to main content
Home  › ... Razor

WebApi Tutorials

Tutorial HomeWebApi

Bare Metal WebAPI Commands (v12.10+)

In some cases you want to have more control over the API calls, but still need 2sxc to help you get the right headers and urls. This is what we call the Bare Metal WebApi since it gives you the stuff so you can do the work yourself.

As with everything, you usually need to get the module sxc controller first, so that the values you get match your app and use case. In these examples, we're using the current HTML-node to find the sxc controller, but there are other ways as well if you prefer working the the Module Id.


Headers

This will show you the headers which will probably be needed for a request:


<script>
  function showHeaders(moduleContext, optionalVerb) {
    var headers = $2sxc(moduleContext).webApi.headers(optionalVerb);
    alert('These are the headers used if the verb is "' + (optionalVerb ?? '') + '":\n' 
      + JSON.stringify(headers, null, 2));
  }
</script>

URL

Resolve URLs to endpoints and similar


<script>
  function showUrl(moduleContext, url) {
    var finalUrl = $2sxc(moduleContext).webApi.url(url);
    alert('These is the full url for "' + url + '":\n' + finalUrl);
  }
</script>

Source Code of this file

Below you'll see the source code of the file. Note that we're just showing the main part, and hiding some parts of the file which are not relevant for understanding the essentials. Click to expand the code

@inherits Custom.Hybrid.Razor12
@using ToSic.Sxc.Services;
@{
  // Tell the page that we need the 2sxc Js APIs
  GetService<IPageService>().Activate("2sxc.JsCore"); 
}
<!-- unimportant stuff, hidden -->

Bare Metal WebAPI Commands (v12.10+) In... <!-- unimportant stuff, hidden -->
<button type="button" class="btn btn-primary" onclick="showHeaders(this)">Default headers</button>
<button type="button" class="btn btn-primary" onclick="showHeaders(this, 'GET')">Headers for GET</button>
<button type="button" class="btn btn-primary" onclick="showHeaders(this, 'POST')">...for POST</button>
<button type="button" class="btn btn-primary" onclick="showHeaders(this, 'PUT')">...for PUT</button>



URL Resolve URLs to endpoints and... <!-- unimportant stuff, hidden -->
<button type="button" class="btn btn-primary" onclick="showUrl(this, 'basic/hello')">Url for: basic/hello</button>
<button type="button" class="btn btn-primary" onclick="showUrl(this, 'app/auto/api/basic/hello')">Url: app/auto/api/basic/hello</button>
<button type="button" class="btn btn-primary" onclick="showUrl(this, 'basic/square?number=2742')">Url: basic/square?number=2742</button>


@*
TODO: examples with url-parameters object
*@


<script>
  function showHeaders(moduleContext, optionalVerb) {
    var headers = $2sxc(moduleContext).webApi.headers(optionalVerb);
    alert('These are the headers used if the verb is "' + (optionalVerb ?? '') + '":\n' 
      + JSON.stringify(headers, null, 2));
  }
</script>


<script>
  function showUrl(moduleContext, url) {
    var finalUrl = $2sxc(moduleContext).webApi.url(url);
    alert('These is the full url for "' + url + '":\n' + finalUrl);
  }
</script>


<!-- unimportant stuff, hidden -->

Source Code of /api/VerifiedController.cs

Below you'll see the source code of the file. Note that we're just showing the main part, and hiding some parts of the file which are not relevant for understanding the essentials. Click to expand the code

// Add namespaces for security check in Oqtane & DNN despite differences in .net core/.net Framework
// If you only target one platform, you can remove the parts you don't need
#if NETCOREAPP
using Microsoft.AspNetCore.Authorization; // .net core [AllowAnonymous] & [Authorize]
using Microsoft.AspNetCore.Mvc;           // .net core [HttpGet] / [HttpPost] etc.
#else
using System.Web.Http;                    // .net 4.5 [AllowAnonymous] / [HttpGet]
using DotNetNuke.Web.Api;                 // [DnnModuleAuthorize] & [ValidateAntiForgeryToken]
#endif

[AllowAnonymous]                          // all commands can be accessed without a login
[ValidateAntiForgeryToken]                // protects API from users not on your site (CSRF protection)
public class VerifiedController : Custom.Hybrid.Api12 // see https://r.2sxc.org/CustomWebApi
{

  [HttpGet]                               // [HttpGet] says we're listening to GET requests
  public string Hello()
  {
    return "Hello from the controller with ValidateAntiForgeryToken in /api";
  }
}

// The next line is for 2sxc-internal quality checks, you can ignore this
// 2sxclint:disable:no-dnn-namespaces - 2sxclint:disable:no-web-namespace