.NET

ASP.NET Quickstart

Drop the X-Auth NuGet package in. Decorate your controller actions with [VerifyTransaction]. The bound transaction context is injected.

NuGet: XentraNet.XAuth.AspNetCore .NET 8+ Time: ~5 min

Install the NuGet package

Pull XentraNet.XAuth.AspNetCore from nuget.org.

terminal

dotnet add package XentraNet.XAuth.AspNetCore

Register XAuth in your DI container

Wire it up in Program.cs alongside the rest of your services.

Program.cs

using XentraNet.XAuth.AspNetCore;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddControllers();
builder.Services.AddXAuth(opts =>
{
    opts.TenantId = builder.Configuration["XAuth:TenantId"];
});

var app = builder.Build();
app.MapControllers();
app.Run();

Apply `[VerifyTransaction]`

Decorate any controller action that performs a sensitive operation. The filter validates the bearer, checks the action+amount, and rejects with 401 on mismatch.

Controllers/TransferController.cs

using Microsoft.AspNetCore.Mvc;
using XentraNet.XAuth.AspNetCore;

[ApiController]
[Route("api/[controller]")]
public class TransferController : ControllerBase
{
    [HttpPost]
    [VerifyTransaction("transfer", Expect = new[] { "amount" })]
    public IActionResult Transfer(
        [FromBody] TransferRequest body,
        [FromXAuth] TransactionContext ctx)
    {
        ledger.Transfer(body, ctx);
        return Ok(new { ok = true });
    }
}

Pair with a frontend

The bearer arriving at this endpoint comes from any X-Auth frontend SDK.

React example (snippet)

const { decision, access_token } = await advice({
  action: 'transfer', amount: 2999, currency: 'USD',
});

await fetch('https://api.example.com/api/transfer', {
  method: 'POST',
  headers: { Authorization: `Bearer ${access_token}` },
  body: JSON.stringify({ amount: 2999 }),
});

ASP.NET Quickstart

Install the NuGet package

Register XAuth in your DI container

Apply [VerifyTransaction]

Pair with a frontend

Next steps

Apply `[VerifyTransaction]`