How to integrate Web API ?

Web API integration enables external applications and services to communicate with Visual Guard programmatically. By integrating with the Visual Guard Web API, developers can automate administrative tasks, manage users and groups, retrieve repository information, execute workflows, and interact with security-related functions without using the user interface. This guide explains the steps required to configure and integrate the Visual Guard Web API into your application.

How to integrate and refer Visual Guard Assembly Reference in your WEB API application

Before securing your Web API endpoints with Visual Guard, you must add the required Visual Guard assemblies and configure the application settings.

Prerequisites

To integrate Visual Guard into your Web API project:

• Add the required Visual Guard assembly references.
• Configure the necessary settings in the web.config file.
• Ensure that the application is properly connected to the Visual Guard repository.

For detailed instructions, refer to How to Integrate Visual Guard in an MVC Application, as the assembly references and web.config configuration steps are identical.

Securing Controller/Action

Visual Guard provides the VGAuthorize attribute, which can be applied to controllers or individual actions to restrict access based on permissions defined in the Visual Guard repository.

Using VGAuthorize attribute

Note
While mentioning the permission in the ‘VGAuthorize’ attribute, please take the full name of the permission (along with full path).   Example: “ReadOnly” permission exist in folder “Auditors”, hence, full name of the permission is : “/Auditors/ReadOnly”

After completing the Visual Guard integration and configuration steps, you can secure your Web API controllers and actions by applying the VGAuthorize attribute. The example below illustrates how to restrict access based on permissions defined in the Visual Guard repository.

[VGAuthorize(Roles = "Admin")]
 public class ProductionController : ApiController
 {
     Product[] products = new Product[]
     {
     new Product { Id = 1, Name = "Tomato Soup", Category = "Groceries", Price = 1 },
     new Product { Id = 2, Name = "Yo-yo", Category = "Toys", Price = 3.75M },
     new Product { Id = 3, Name = "Hammer", Category = "Hardware", Price = 16.99M }
     };

     [VGAuthorize(Permissions = "CanGetAllRoles", Roles = "RoleManager")]
     public IEnumerable<Product> GetAllProducts()
     {
         return products;
     }

     [VGAuthorize(Permissions = "ReadOnly")]
     [VGAuthorize(Permissions = "CanGetById")]
     public Product GetProductById(int id)
     {
         var product = products.FirstOrDefault((p) => p.Id == id);
         if (product == null)
         {
             throw new HttpResponseException(HttpStatusCode.NotFound);
         }
         return product;
     }
}

<VGAuthorize(Roles:="Admin")>
Public Class ProductionController
    Inherits ApiController

    Private products As Product() =
    {
        New Product With {
            .Id = 1,
            .Name = "Tomato Soup",
            .Category = "Groceries",
            .Price = 1D
        },
        New Product With {
            .Id = 2,
            .Name = "Yo-yo",
            .Category = "Toys",
            .Price = 3.75D
        },
        New Product With {
            .Id = 3,
            .Name = "Hammer",
            .Category = "Hardware",
            .Price = 16.99D
        }
    }

    <VGAuthorize(Permissions:="CanGetAllRoles", Roles:="RoleManager")>
    Public Function GetAllProducts() As IEnumerable(Of Product)
        Return products
    End Function

    <VGAuthorize(Permissions:="ReadOnly")>
    <VGAuthorize(Permissions:="CanGetById")>
    Public Function GetProductById(id As Integer) As Product

        Dim product = products.FirstOrDefault(Function(p) p.Id = id)

        If product Is Nothing Then
            Throw New HttpResponseException(HttpStatusCode.NotFound)
        End If

        Return product

    End Function

End Class