Skip to content

The Bank API is a design reference project suitable to bootstrap development for a compliant and modern API.

License

Notifications You must be signed in to change notification settings

erwinkramer/bank-api

Repository files navigation

Bank API 🏦

CC BY-NC-SA 4.0 GitHub commit activity

Scalar landing page

Aspire

The Bank API is a design reference project suitable to bootstrap development for a compliant and modern API.

Compliance

The API complies to:

OWASP API Security Top 10 - v2023 via Spectral OWASP API Security ruleset

OpenAPI Specification v3.0.1 via Spectral "oas" ruleset

✅ Additional naming conventions, structure, and clarity via Bank API project ruleset

California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR) via ASP.Net Core Compliance

Technology stack

Prerequisites

If not using the Dev Container, install:

Quick start

  • Use a 'pwsh' shell (if you want a click-a-long experience).

  • (Optionally) regenerate the GitHub downstream API client by going to the Kiota workspace and clicking Re-generate under clients.

    kiota-workspace-regenerate-client

  • Generate a new JWT-token for secured endpoints:

    dotnet user-jwts create --scope "bank_api" --role "banker" --project BankApi.Service.Stable
  • Run dotnet build to output the OpenAPI definition

  • Validate the OpenAPI definition by going to the openapi_v1.json definition and check for problems via the Spectral extension.

Run in Aspire minimal mode

This mode just runs the ASP.NET Core API.

  1. Start the standalone Aspire Dashboard for developer visualization:

    docker run --rm -it `
      -p 18888:18888 `
      -p 4317:18889 `
      --name aspire-dashboard `
      mcr.microsoft.com/dotnet/aspire-dashboard:latest

    Copy the url shown in the resulting output when running the container, and replace 0.0.0.0 with localhost, eg http://localhost:18888/login?t=123456780abcdef123456780 and open that in your browser, or you can also paste the key after /login?t= when the login dialog is shown. The token will change each time you start the container.

  2. Run the launch config API - Stable release channel.

Run in Aspire mode

This mode starts the API in the context of .NET Aspire.

  1. Make sure the docker runtime is started.

  2. Run the launch config Aspire Orchestration.

Considerations

General

  1. OpenID Connect isn't fully supported in Scalar.

  2. Running tests works in VSCode. However, debugging tests doesn't work with TUnit in VSCode yet.

  3. To extend OpenTelemetry logging to Application Insights, expand the OpenTelemetry exporter.

  4. The compliance NullRedactor doesn't seem to work, the redactor is already defined at Builder.Compliance.cs but not used because of the issue.

  5. Dependabot is enabled for nuget packages but wildcard version notation isn't supported yet, which is used extensively in this project.

  6. The OpenAPI document generator shipped with .NET 9 does not fully support API versioning, a simpler approach with PathBase is used for now, which is also more convenient for Azure API Management usage.

  7. Extending Spectral rulesets from an NPM package can be problematic.

  8. Generic exception handling is minimally implemented via ErrorHandling.cs.

Dev Container

  1. Dev Containers with the docker-outside-of-docker feature instead of docker-in-docker do not work, for now we're using docker-in-docker.

  2. The Aspire dashboard doesn't start the first time inside the Dev Container, open a new tab and paste the same URL, then it works.

  3. Dev Containers in combination with Aspire Mode have port forwarding mismatch on endpoints, the ports shown for the Scalar pages in the Aspire Dashboard do not match the randomly assigned ports by Aspire. The Scalar pages are still accessible when using the ports assigned by Aspire (check the Ports View in VSCode).

Please see the Reddit r/dotnet post 1 and post 2 about this project for more considerations and information.

Troubleshooting

  • If debugging isn't working properly, please clear the Extension Host Cache at %AppData%\Code\CachedData (on Windows) and restart VSCode.

  • If getting the error unable to get local issuer certificate with Spectral, make sure to add the CA of your proxy to NODE_EXTRA_CA_CERTS and restart VSCode, for example:

[Environment]::SetEnvironmentVariable('NODE_EXTRA_CA_CERTS', 'C:\ZscalerRootCA.crt', 'User')

License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

CC BY-NC-SA 4.0