DEV Community

Cover image for Building a CRUD API with ABP Framework, ASP.NET Core, and PostgreSQL
Berkan
Berkan

Posted on

Building a CRUD API with ABP Framework, ASP.NET Core, and PostgreSQL

#dotnet #postgres #abp #aspnet

I recently read "Building a CRUD API with ASP.NET Core Web API and PostgreSQL" by M. Oly Mahmud on DEV Community. While it's a solid introduction to building a basic CRUD API, it lacks features like permissions and validation—important for real-world scenarios. Inspired by this, I decided to write a guide that demonstrates how to build a production-ready CRUD API using the ABP Framework, ASP.NET Core, and PostgreSQL. This tutorial adds security, data validation, and leverages ABP's conventions to create a robust API for managing products.

What is ABP Framework?

ABP Framework is an open-source web application framework for building modular, maintainable, and scalable applications using .NET and ASP.NET Core. It provides built-in functionalities for common application requirements like authentication, authorization, logging, monitoring, tenant management, feature management, payment gateway integration(supports Stripe, PayPal, and so on), file management, and even a GDPR module to manage personal data.

Prerequisites

Let's get started!

Step 1: Install ABP CLI

Install the ABP CLI globally:

dotnet tool install -g Volo.Abp.Studio.Cli
Enter fullscreen mode Exit fullscreen mode

Verify:

abp --version
Enter fullscreen mode Exit fullscreen mode

Alternatively, you can use ABP Studio to create projects.

Step 2: Create a New ABP Project

Generate an ABP solution with PostgreSQL:

abp new ProductApi -t app -u mvc -dbms PostgreSQL -cs="Host=localhost;Port=5432;Database=ProductApi;Username=root;Password=myPassword" -csf
Enter fullscreen mode Exit fullscreen mode

Explanation

  • ProductApi: Solution name.
  • -t app: specifies application(layered) template.
  • -u mvc: Includes MVC UI (API layer is included).
  • -dbms PostgreSQL: Uses PostgreSQL as a database management system
  • -cs: PostgreSQL connection string (adjust credentials as needed).
  • -csf: Creates solution folder.

Navigate to the solution:

cd ProductApi
Enter fullscreen mode Exit fullscreen mode

ABP attempts to create the ProductApi database during project generation if PostgreSQL is running and the connection string is valid. Check the database to confirm.

Step 3: Define Validation Constants

In ProductApi.Domain.Shared, create a Products folder and add ProductConsts.cs:

namespace ProductApi.Products; public static class ProductConsts { public const int NameMaxLength = 128; public const int DescriptionMaxLength = 256; }
Enter fullscreen mode Exit fullscreen mode

These constants will be reused for validation in DTOs and database configuration.

Step 4: Define the Product Entity

In the ProductApi.Domain project, create a Products folder and, add Product.cs:

using System; using Volo.Abp.Domain.Entities.Auditing; namespace ProductApi.Domain.Products; public class Product : AuditedAggregateRoot<Guid> { public string Name { get; set; } public string Description { get; set; } public decimal Price { get; set; } }
Enter fullscreen mode Exit fullscreen mode
  • AuditedAggregateRoot: Provides auditing (e.g., creation time) properties and uses Guid as the type of primary key.

Step 5: Configure the DbContext

In ProductApi.EntityFrameworkCore/EntityFrameworkCore/ProductApiDbContext.cs, add the Products DbSet:

using Microsoft.EntityFrameworkCore; using ProductApi.Domain.Products; using ProductApi.Products; using Volo.Abp.AuditLogging.EntityFrameworkCore; using Volo.Abp.BackgroundJobs.EntityFrameworkCore; using Volo.Abp.BlobStoring.Database.EntityFrameworkCore; using Volo.Abp.Data; using Volo.Abp.EntityFrameworkCore; using Volo.Abp.EntityFrameworkCore.Modeling; using Volo.Abp.FeatureManagement.EntityFrameworkCore; using Volo.Abp.Identity.EntityFrameworkCore; using Volo.Abp.PermissionManagement.EntityFrameworkCore; using Volo.Abp.SettingManagement.EntityFrameworkCore; using Volo.Abp.OpenIddict.EntityFrameworkCore; using Volo.Abp.TenantManagement.EntityFrameworkCore; namespace ProductApi.EntityFrameworkCore; [ConnectionStringName("Default")] public class ProductApiDbContext : AbpDbContext<ProductApiDbContext> { public DbSet<Product> Products { get; set; } public ProductApiDbContext(DbContextOptions<ProductApiDbContext> options) : base(options) { } protected override void OnModelCreating(ModelBuilder builder) { base.OnModelCreating(builder); builder.ConfigurePermissionManagement(); builder.ConfigureSettingManagement(); builder.ConfigureBackgroundJobs(); builder.ConfigureAuditLogging(); builder.ConfigureFeatureManagement(); builder.ConfigureIdentity(); builder.ConfigureOpenIddict(); builder.ConfigureTenantManagement(); builder.ConfigureBlobStoring(); builder.Entity<Product>(b => { b.ToTable(ProductApiConsts.DbTablePrefix + "Products", ProductApiConsts.DbSchema); b.ConfigureByConvention(); //auto configure for the base class props b.Property(x => x.Name).IsRequired().HasMaxLength(ProductConsts.NameMaxLength); b.Property(x => x.Description).HasMaxLength(ProductConsts.DescriptionMaxLength); b.Property(x => x.Price).IsRequired(); }); } }
Enter fullscreen mode Exit fullscreen mode

The constraints (e.g., NameMaxLength) align with ProductConsts for consistency across layers.

Add and Apply Migrations

  1. Add a Migration: Navigate to the ProductApi.EntityFrameworkCore project: 
cd ProductApi.EntityFrameworkCore
Enter fullscreen mode Exit fullscreen mode

Run the EF Core command to create a migration for the Product entity:

dotnet ef migrations add Added_Products
Enter fullscreen mode Exit fullscreen mode
  • This generates a migration file (e.g., 2025XXXXXXXXXX_Added_Products.cs) in the Migrations folder.
  1. Apply the Migration: Update the database: 
dotnet ef database update
Enter fullscreen mode Exit fullscreen mode

Ensure PostgreSQL is running and the connection string is correct. This creates the AppProducts table in ProductApi.

Alternatively, ABP applies migrations automatically when you run the ProductApi.DbMigrator project.

Step 6: Define DTOs with Validation

In the ProductApi.Application.Contracts project, create a Products folder and add ProductDtos.cs:

using System; using System.ComponentModel.DataAnnotations; using Volo.Abp.Application.Dtos; namespace ProductApi.Products; public class ProductDto : AuditedEntityDto<Guid> { public string Name { get; set; } public string Description { get; set; } public decimal Price { get; set; } } public class CreateProductDto { [Required] [StringLength(ProductConsts.NameMaxLength)] public string Name { get; set; } [StringLength(ProductConsts.DescriptionMaxLength)] public string Description { get; set; } [Required] public decimal Price { get; set; } } public class UpdateProductDto : EntityDto<Guid> { [Required] [StringLength(ProductConsts.NameMaxLength)] public string Name { get; set; } [StringLength(ProductConsts.DescriptionMaxLength)] public string Description { get; set; } [Required] public decimal Price { get; set; } }
Enter fullscreen mode Exit fullscreen mode
  • AuditedEntityDto: Includes auditing properties (e.g., CreationTime).
  • EntityDto: Includes Id property.
  • Validation attributes ensure data integrity (e.g., required fields, length limits).

Step 7: Update Permissions

The ProductApi.Application.Contracts project already contains ProductApiPermissions and ProductApiPermissionDefinitionProvider in Permissions folder. Update ProductApiPermissions.cs:

namespace ProductApi.Permissions; public static class ProductApiPermissions { public const string GroupName = "ProductApi"; public static class Products { public const string Default = GroupName + ".Products"; public const string Create = Default + ".Create"; public const string Update = Default + ".Update"; public const string Delete = Default + ".Delete"; } }
Enter fullscreen mode Exit fullscreen mode

Update ProductApiPermissionDefinitionProvider:

using ProductApi.Localization; using Volo.Abp.Authorization.Permissions; using Volo.Abp.Localization; namespace ProductApi.Permissions; public class ProductApiPermissionDefinitionProvider : PermissionDefinitionProvider { public override void Define(IPermissionDefinitionContext context) { var productGroup = context.AddGroup(ProductApiPermissions.GroupName); var products = productGroup.AddPermission(ProductApiPermissions.Products.Default, L("Permission:Products")); products.AddChild(ProductApiPermissions.Products.Create, L("Permission:Products.Create")); products.AddChild(ProductApiPermissions.Products.Update, L("Permission:Products.Update")); products.AddChild(ProductApiPermissions.Products.Delete, L("Permission:Products.Delete")); } private static LocalizableString L(string name) { return LocalizableString.Create<ProductApiResource>(name); } }
Enter fullscreen mode Exit fullscreen mode

Update localization in ProductApi.Domain.Shared/Localization/ProductApi/en.json:

{ "Culture": "en", "Texts": { "AppName": "ProductApi", "Menu:Home": "Home", "LongWelcomeMessage": "Welcome to the application. This is a startup project based on the ABP framework. For more information visit", "Welcome": "Welcome", "Permission:Products": "Manage Products", "Permission:Products.Create": "Create Products", "Permission:Products.Update": "Update Products", "Permission:Products.Delete": "Delete Products" } }
Enter fullscreen mode Exit fullscreen mode

Step 8: Implement the CRUD Service with CrudAppService

In ProductApi.Application.Contracts/Products, add IProductAppService.cs:

using System; using Volo.Abp.Application.Dtos; using Volo.Abp.Application.Services; namespace ProductApi.Products; public interface IProductAppService : ICrudAppService< ProductDto, // DTO for responses Guid, // Primary key type PagedAndSortedResultRequestDto, // Request for GetList CreateProductDto, // Create DTO UpdateProductDto> // Update DTO { }
Enter fullscreen mode Exit fullscreen mode

In ProductApi.Application/Products, add ProductAppService.cs to implement IProductAppService:

using System; using Microsoft.AspNetCore.Authorization; using ProductApi.Domain.Products; using ProductApi.Permissions; using Volo.Abp.Application.Dtos; using Volo.Abp.Application.Services; using Volo.Abp.Domain.Repositories; namespace ProductApi.Products; [Authorize(ProductApiPermissions.Products.Default)] public class ProductAppService : CrudAppService< Product, // Entity ProductDto, // DTO for responses Guid, // Primary key type PagedAndSortedResultRequestDto, // Request for GetList CreateProductDto, // Create DTO UpdateProductDto>, // Update DTO IProductAppService { public ProductAppService(IRepository<Domain.Products.Product, Guid> repository) : base(repository) { // Define permissions for CRUD operations GetPolicyName = ProductApiPermissions.Products.Default; GetListPolicyName = ProductApiPermissions.Products.Default; CreatePolicyName = ProductApiPermissions.Products.Create; UpdatePolicyName = ProductApiPermissions.Products.Update; DeletePolicyName = ProductApiPermissions.Products.Delete; } }
Enter fullscreen mode Exit fullscreen mode
  • [Authorize]: Enforces permission checks.
  • Permissions are assigned to each CRUD operation.

Step 9: Update AutoMapper

The ProductApi.Application project already has ProductApiApplicationAutoMapperProfile.cs. Update it:

using AutoMapper; using ProductApi.Domain.Products; using ProductApi.Products; namespace ProductApi; public class ProductApiApplicationAutoMapperProfile : Profile { public ProductApiApplicationAutoMapperProfile() { CreateMap<Product, ProductDto>(); CreateMap<CreateProductDto, Product>(); CreateMap<UpdateProductDto, Product>(); } }
Enter fullscreen mode Exit fullscreen mode

Step 10: Run and Test

  1. Build the solution: 
dotnet build
Enter fullscreen mode Exit fullscreen mode
  1. Run the web project: 
cd ProductApi.Web dotnet run
Enter fullscreen mode Exit fullscreen mode
  1. Log In: Open your browser and navigate to https://localhost:xxxx (port varies). Use the default admin credentials:
  • Username: admin
  • Password: 1q2w3E* After logging in, you'll be redirected to the home page.
  1. Access Swagger: Go to https://localhost:xxxx/swagger. ABP includes Swagger UI by default, and since you're logged in, your session token is automatically included in API requests.
  2. Test Endpoints: ABP generates these endpoints from ICrudAppService:
  • GET /api/app/product (list)
  • GET /api/app/product/{id} (get)
  • POST /api/app/product (create)
  • PUT /api/app/product/{id} (update)
  • DELETE /api/app/product/{id} (delete)

In Swagger:

  • Click an endpoint (e.g., POST /api/app/product).
  • Enter a sample request body (e.g., {"name": "Laptop", "description": "High-end", "price": 999.99}).
  • Click "Execute" to test. The response will reflect your authenticated permissions.

If you encounter a 403 (Forbidden) error, ensure the admin role has the required permissions (ProductApi.Products.*) assigned via the UI (Administration > Identity Management > Roles > Actions > Permissions > ProductApi > Select all > Save).

Conclusion

This guide enhances the referenced article by adding real-world features like permissions and validation using ABP Framework. With ICrudAppService, automatic endpoint generation, and consistent validation via ProductConsts, we've built a secure, scalable CRUD API. ABP's conventions make it ideal for production-ready applications—try extending it with custom logic or UI next!

This article was originally posted on the berkansasmaz.com.

Top comments (0)