Author: Vladimir Pecanac

How to implement content negotiation in ASP.NET Core 2.0

Content negotiation is one of those quality-of-life improvements you can add to your REST API to make it more user-friendly and flexible. And when we design an API, isn’t that what we want to achieve in the first place? There are many things to keep in mind when designing a REST API and we’ve written recently about it in our Top REST API best practices article. Content negotiation is an HTTP feature which has been around for a while, but for one reason or another, it is, maybe, a bit underused. In short, content negotiation lets you choose or rather “negotiate”...

Read More

Top REST API Best Practices

Many giants like Facebook, Google, Github, Netflix, Amazon, and Twitter have their own REST(ful) APIs that you can access to get or even write data. But why all the need for REST? Is it that good and why is it so prevalent? Surely it’s not the only way to convey messages? What is the difference between REST and HTTP? Well, it turns out REST is pretty flexible and compatible with HTTP that is the main protocol the internet is based upon. Since it is an architectural style and not the standard, it provides a lot of freedom to implement various design...

Read More

The HTTP series (Part 5): Security

If you followed along the HTTP series, you are ready now to embark on a journey of HTTP security. And a journey it will be, I promise 🙂 Many companies have been a victim to security breaches. To name just a few prominent ones: Dropbox, Linkedin, MySpace, Adobe, Sony, Forbes and many others were on the receiving end of malicious attacks. Many accounts were compromised and the chances are, at least one of those was yours 🙂 You can actually check that on Have I Been Pwned. My email address was found on 4 different websites that were victims...

Read More

The HTTP series (Part 4): Authentication mechanisms

In the previous part, we’ve talked about the different ways that websites can use to identify the visiting user. But identification itself represents just a claim. When you identify yourself, you are claiming that you are someone. But there is no proof of that. Authentication, on the other hand, is showing a proof that you are what you claim to be, like showing your personal id or typing in your password. More often than not, the websites need that proof to serve you sensitive resources. HTTP has its own authentication mechanisms that allow the servers to issue challenges and get...

Read More

The HTTP series (Part 3): Client identification

Up until now, you learned about the basic concepts and some of the architectural aspects of HTTP. This leads us to the next important subject to the HTTP: client identification. In this article, you’ll learn why client identification is important and how can Web servers identify you (your Web client). You will also get to see how that information is used and stored. This is what we have learned so far, and where we are now: The HTTP series (Part 1): Overview of the basic concepts  The HTTP series (Part 2): Architectural aspects The HTTP series (Part 3): Client...

Read More


the complete guide to http