Q&A

Q&A with Tony Champion: Building Secure and Scalable APIs in .NET 6

• By David Ramel
• 05/12/2022

Whether you are building desktop apps, mobile apps or Single-Page Applications (SPAs), nearly every application needs backend APIs. Not only do these APIs need to provide business functionality, but they need to be performant, scalable and most importantly secure.

With that in mind, software architect Tony Champion will detail the best practices for building APIs in .NET 6 in an upcoming presentation at the big, in-person Visual Studio Live! conference set for June 13-17, 2022, in Austin, Texas.

In his June 14 presentation, Champion, president of Champion DS, will focus on best practices that are being utilized in large-scale, data-sensitive environments today, explaining to attendees:

• How to structure and build APIs in .NET 6
• How to secure APIs using multiple authentication methods
• How to make your APIs scalable

We caught up with the Texas-based Champion -- an eight-time Microsoft MVP with more than 20 years of experience -- to find out more about his upcoming 75-minute session in a short Q&A.

VisualStudioMagazine: Your presentation on Building Secure and Scalable APIs in .NET 6 will discuss security along with performance and scalability. How can secure APIs help protect organizations now under siege by ransomware gangs and other bad threat actors?
Champion: Securing APIs should be the foundation of any API development.

Whether an API requires authentication or not, time and consideration should be taken to design the APIs in such a way that efficiently returns the requested information while protecting the endpoint and the entire infrastructure behind it. This will protect a company's infrastructure and sensitive data from unauthorized individuals.

What are some of the multiple authentication and other methods used to help secure APIs?
Authentication can be driven in multiple ways, based on the need of the system. From access tokens, to traditional user/password authentication, to more advanced solutions like OAuth or OpenID. Multi-Factor Authentication (MFA) can be added to the authentication process to enhance the security even further, in several different approaches.

How have scalability concerns become even more important with the pandemic-driven increase in usage of cloud computing platforms?
Cloud computing platform usage, especially in certain sectors, has grown at an incredible rate. For instance, a project I work on for a medical company went from receiving less than a million records a year to 100,000 records per day. Increases like this will tax a system in every way that you can think of and several that you can't. This goes beyond simply scaling up the API system to a bigger virtual server; it takes relooking at your entire solution from front to back. The need for understanding how to scale a system and how to look for bottlenecks or weak spots in that system has never been more important.

How does .NET 6 affect the structuring and building APIs, compared to previous .NET versions?
.NET 6 has seen major performance improvements in memory usage and speed. With .NET 6, we have also seen the release of Minimal APIs, that make it easier to build microservices with much less of the plumbing overhead.

Backend APIs are crucial to building desktop apps, mobile apps, SPAs and more. Are some types of projects more dependent on secure and scalable APIs than others?
Every project should consider security and scalability in their backend APIs. The reason is simple, it's hard to predict the future. If the last few years have taught us anything in the development world, it's that the scale and volume of usage of your system can change overnight. Countless tech projects have had to scramble to keep up with the growing demands on their systems while spending even more time protecting their infrastructure and data. I've been on a project that had a 10-year usage projection, arguably the lifespan of the application, blown away in less than a year. Building secure and scalable APIs is a must for any project that wants to succeed.