Build a REST API with ASP.NET Core 2.2

Build a REST API with ASP.NET Core 2.2

This is a step-by-step for creating a REST API application using ASP.NET Core 2.2.

Vijay Ganapathy

This is exactly what I was looking for Ibrahim, thank you!

On an initial read, I think in the HomeController -> GetJournalLogs method, the api url should be https://localhost:9001/api/JournalLogs instead of https://localhost:9001/api/values.

If the above is correct where the url is accessing JournalLogsController, how is the validation of the apiToken happening on the server? Probably the JournalLogsController needs a [Authorize] attribute either at the controller level or at the Get method level.

Please correct me if I my understandings above are incorrect.


This didn’t work for me initially - I was getting an invalid_scope error.- "The authorization server resource does not have any configured default scopes, ‘scope’ must be provided."

This article helped me figure it out -…

"The Client Credentials grant type requires us to define a custom scope."

You just need to add a new scope to the Authorization Server and request using that new scope.

George P

If you don’t want to write code try using , connect to a MSSQL database and it will generate the code for you …


How would the call look if you were to call this from Postman? Where would the clientId, secret get passed? What does it return?

Jeff Ziegler

How can you get this to work with “anonymousAuthentication”: false?

Ashish Mundra

I used the code on github example, while trying to get new okta access token, I am getting this error - “Only clients with ‘application_type’ of ‘service’ may use the client_credentials ‘grant_type’ with the Org Authorization Server.”. What am I doing wrong? Thanks.

Paul Speranza

I just want to add that bigjump is absolutely coorrect to get tis to work. The sample code had this in the token service:

var postMessage = new Dictionary<string, string="">
{“grant_type”, “client_credentials”},
{“scope”, “access_token”}

I had to add the access_token scope to the authroization server.