A minimal ASP.NET Core (minimal API) example showing how to protect API endpoints with access token validation using MonoCloud.
- MonoCloud access token validation with ASP.NET Core
- Endpoint protection via the standard authentication and authorization pipeline
- Accessing the authenticated user's claims
Built with MonoCloud.Backend.
Before you begin:
- In the MonoCloud Dashboard, create a new API
- Set the Audience (for example
https://api.example.com) — this uniquely identifies your API - Add a scope named
example-apiand mark the scope as a default scope
You'll also need the .NET SDK (8.0 or later).
This repo reads its configuration from appsettings.json. Replace the placeholders with values from your API:
"MonoCloud": {
"TenantDomain": "https://<your-domain>",
"Audience": "https://<your-api-audience>"
}Do not commit real secrets. For production, use environment variables, user secrets, or a secure secret store.
dotnet runThe server starts on http://localhost:3000.
curl -H "Authorization: Bearer <your-access-token>" http://localhost:3000/api/protected- .NET Backend Quickstart: https://www.monocloud.com/docs/quickstarts/dotnet-backend
- .NET Backend SDK Docs: https://www.monocloud.com/docs/sdks/dotnet-backend
- API Reference: https://monocloud.github.io/backend-dotnet
- Use GitHub Issues for bug reports and feature requests.
- For tenant or account-specific help, contact MonoCloud Support through your dashboard.
Do not report security issues publicly. Please follow the contact instructions at: https://www.monocloud.com/contact
Licensed under the MIT License. See the included LICENSE file.