ASP.NET Core Web API: Zero to Production — The Course Is Live
After months of writing, reviewing, and rebuilding every chapter from scratch, the Coding Droplets first course is live.
ASP.NET Core Web API: Zero to Production is a 15-chapter text-based course covering everything you need to build and ship a production-ready .NET API — from the first endpoint to Docker and GitHub Actions CI/CD.
Why a text course?
Most .NET courses are video. You scrub through a 4-hour recording looking for the 10 minutes that answer your question. You pause, rewind, pause again. You cannot search the content. You cannot copy code from a screenshot.
This course is different. Every chapter is a written guide — structured, searchable, and designed to be read in one sitting. Every chapter includes downloadable source code that runs immediately. You open the chapter, follow along, run the code, move on.
What's inside
The course is built around a single Products API that evolves across all 15 chapters. You start with a blank project and end with a fully containerised, tested, and observable API ready for real production traffic.
Module 1 — Foundations
Chapter 1 covers the setup decisions that matter: Controllers vs Minimal APIs, the correct appsettings hierarchy, Swagger auto-open on F5, and a first endpoint with production habits built in from day one.
Chapter 2 covers REST API design — the rules developers commonly break, correct HTTP verbs and status codes, Problem Details (RFC 7807) for structured error responses, and URL versioning from day one.
Module 2 — Data Layer
Chapter 3 covers EF Core beyond the basics: fluent configuration, repository pattern, AsNoTracking, N+1 traps, and safe production migrations.
Chapter 4 covers pagination, filtering, and sorting — keeping everything as IQueryable until materialisation, server-side page size caps, and the correct two-query COUNT + SELECT pattern.
Module 3 — Validation and Error Handling
Chapter 5 covers FluentValidation wired into the ASP.NET Core pipeline — auto-validation before every handler, conditional rules, async validators.
Chapter 6 covers global error handling with IExceptionHandler — typed domain exceptions, correct log severity levels, and never leaking internals on 500 responses.
Module 4 — Security
Chapter 7 covers JWT authentication and refresh tokens — how the signature actually works, access + refresh token rotation, revocation strategies, and token storage security.
Chapter 8 covers authorization beyond [Authorize] — role-based policies, custom requirements with database access, resource-based authorization, and API keys for machine-to-machine scenarios.
Module 5 — Performance
Chapter 9 covers caching that actually helps — IMemoryCache, IDistributedCache with Redis, HybridCache (.NET 9+), output caching, and tag-based cache invalidation.
Chapter 10 covers rate limiting and resilience — the four built-in algorithms, partition by user identity, Retry-After headers, and Polly via AddStandardResilienceHandler.
Module 6 — Architecture
Chapter 11 covers Clean Architecture with CQRS — four-layer structure enforced by project references, MediatR pipeline behaviors, and thin controllers that only dispatch.
Chapter 12 covers background jobs — BackgroundService with the scoped service pattern, System.Threading.Channels for safe fire-and-forget, Hangfire for durable jobs, and the Outbox pattern for reliable event publishing.
Module 7 — Quality and Observability
Chapter 13 covers testing with confidence — unit tests for validators, handlers, and domain logic; integration tests with WebApplicationFactory and isolated SQLite databases; testing authenticated endpoints with JWT test helpers.
Chapter 14 covers logging, metrics, and health checks — Serilog structured logging, OpenTelemetry for vendor-neutral observability, liveness vs readiness health checks for Kubernetes, and the full secrets management hierarchy from User Secrets to Azure Key Vault.
Bonus — Chapter 15
Chapter 15 covers deploying to production — multi-stage Dockerfile, GitHub Actions CI/CD pipeline, environment-specific configuration, Docker Compose for local development, and a production readiness checklist.
Who this is for
If you have written .NET code before but have never shipped a production API with proper auth, caching, rate limiting, tests, and observability — this course closes that gap.
If you have built production APIs before but feel uncertain about some of the patterns — Clean Architecture, the Outbox pattern, OpenTelemetry, health checks for Kubernetes — this course gives you the complete picture in one place.
If you prefer to learn by reading rather than watching — this course was built for you.
☕ Already a reader? Buy us a coffee — every bit helps keep the content coming.
