WebAPI Controllers
What is Web API?
If you want to expose your custom plugin as REST API you need to create a custom controller, which will be accessible by HTTP requests. That is especially useful if you want to use some JavaScript components relaying on HTTP requests for retrieving or updating data.
An API Controller is an ASP.NET WebApi controller that is used for creating REST services. These controllers are auto-routed meaning that you don't have to add/create your own routes for these controllers to work.
All implementations of Umbraco Api Controllers inherit from the base class Umbraco.Web.WebApi.UmbracoApiController.
Available to everyone (including annonymous requests)
If you want your API endpoint to be available for everyone without logging, create MVC controller inheriting from Umbraco.Web.WebApi.UmbracoApiController. This is helpful when you want your customer JavaScript components talk asynchonously to your Externable backend (and many more use cases).
Available to logged in members only
Authorizing a controller for a front-end member is achieved with attribute Umbraco.Web.WebApi.MemberAuthorizeAttribute.
You can attribute your controller or action with this attribute which will ensure that a member must be logged in to access the resource.
There are a few properties that exist for the attribute to give you more control over the authorization process for which members can access the resource:
AllowType- Comma delimited list of allowed member typesAllowGroup- Comma delimited list of allowed member groups
Available to logged in users only
Any WebApi Controller or Action that is attributed with Umbraco.Web.WebApi.UmbracoAuthorizeAttribute will authenticate the request for a backoffice user.
A base class implementation that already exists with this attribute is: Umbraco.Web.WebApi.UmbracoAuthorizedApiController. Since this controller inherits from Umbraco.Web.WebApi.UmbracoApiController it is auto-routed. This controller is also attributed with Umbraco.Web.WebApi.IsBackOfficeAttribute to ensure that it is routed correctly to be authenticated for the backoffice.
Another common base class implementation for the backoffice is Umbraco.Web.Editors.UmbracoAuthorizedJsonController which inherits from Umbraco.Web.WebApi.UmbracoAuthorizedApiController but has some special filters applied to it to automatically handle anti-forgery tokens for use with AngularJS in the backoffice.
Template explained
Our Custom Plugin template contains an example of WebAPI Controller. See it below explained.
Your plugin name must be unique so that you don't face errors due to conflict with other plugins