User & Service Data API Application

An ASP.NET Core web application providing APIs for managing user data, service data, and field access settings with hierarchical access control. This project demonstrates secure data handling, a frontend interface, and downloadable PowerShell scripts for data management.

Live Demo

The application is accessible at https://api.cronotech.us.

View the Swagger documentation at https://api.cronotech.us/swagger for a full list of available endpoints and details.

Table of Contents

• Features
• API Overview
• Getting Started
• Configuration

Features

• User Data API: Securely provides user data with access level restrictions based on requester’s clearance.
• Service Data API: Manages service-related information with role-based access levels for enhanced security.
• Field Access Management: Configure access levels for specific fields, customizing data exposure based on access requirements.
• Frontend Interface: A simple, interactive frontend built with Razor Pages to interact with data.
• PowerShell Script Downloads: Download scripts to generate or reset data directly from the frontend.

API Overview

User Data API

The User Data API provides access to personal user data with field-specific access levels. Only users with appropriate access levels can view certain data fields.

• Retrieve All User Data

  
  GET /api/UserData
              

• Retrieve User Data by Access Level

  
  POST /api/UserData/request
              

  Request Body:

  
  {
      "userEmail": "user@example.com",
      "requesterAccessLevel": "Confidential"
  }
              

Service Data API

The Service Data API manages and provides access to service-related information, secured with role-based access controls for each field.

• Retrieve All Service Data

  
  GET /api/ServiceData
              

• Retrieve Service Data by Access Level

  
  POST /api/ServiceData/request
              

  Request Body:

  
  {
      "requesterAccessLevel": "Secret"
  }
              

Field Access API

The Field Access API allows administrators to manage access levels for individual data fields in both UserData and ServiceData, ensuring secure, role-based data exposure.

• Retrieve All Field Access Settings

  
  GET /api/FieldAccess
              

• Add New Field Access Setting

  
  POST /api/FieldAccess
              

  Request Body:

  
  {
      "endpoint": "UserData",
      "fieldName": "PhoneNum",
      "accessLevel": "Public"
  }
              

Getting Started

Prerequisites

• .NET SDK: Install the .NET 6 SDK or later.
• Visual Studio 2022 or Visual Studio Code: Recommended for development.
• Git: For cloning the repository.

Installation

1. Clone the Repository

   
   git clone https://github.com/killer6oose/API_Example.git
               

2. Navigate to the Project Directory

   
   cd API_Example
               

3. Restore Dependencies (if required by your IDE)

   
   dotnet restore
               

Configuration

App Settings for Contact Page

To enable the contact page, configure Azure AD credentials for Microsoft Graph in your app’s secrets:

dotnet user-secrets init
dotnet user-secrets set "AzureAd:ClientId" "your-client-id"
dotnet user-secrets set "AzureAd:TenantId" "your-tenant-id"
dotnet user-secrets set "AzureAd:ClientSecret" "your-client-secret"
dotnet user-secrets set "AzureAd:SenderEmail" "support@yourDomain.tld"
    

App Settings for URLs

In your `appsettings.json`, configure the following URLs for home page links:

{
  "Settings": {
    "PublicUrl": "https://localhost:7189",
    "SupportEmail": "support@yourDomain.tld"
  }
}