Tharga.Api 0.0.1-pre.5

This is a prerelease version of Tharga.Api.

dotnet add package Tharga.Api --version 0.0.1-pre.5

NuGet\Install-Package Tharga.Api -Version 0.0.1-pre.5

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="Tharga.Api" Version="0.0.1-pre.5" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="Tharga.Api" Version="0.0.1-pre.5" />
                    

                            Directory.Packages.props

<PackageReference Include="Tharga.Api" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add Tharga.Api --version 0.0.1-pre.5

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: Tharga.Api, 0.0.1-pre.5"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package Tharga.Api@0.0.1-pre.5

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=Tharga.Api&version=0.0.1-pre.5&prerelease
                    

                            Install as a Cake Addin

#tool nuget:?package=Tharga.Api&version=0.0.1-pre.5&prerelease
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Tharga Api

Nuget

Reusable API-key authentication, authorization, controller registration, and OpenAPI/Swagger setup for ASP.NET Core projects. Targets .NET 9.0 and .NET 10.0.

Features

API key authentication – AuthenticationHandler that reads the X-API-KEY header, validates it against a store, and populates TeamKey, Name, and AccessLevel claims.
Access level authorization – [RequireAccessLevel] attribute with AccessLevelProxy<T> for declarative, service-level authorization enforcement via DispatchProxy.
Controller registration – AddThargaControllers registers MVC controllers, OpenAPI document generation (with API key security scheme), Swagger UI, and endpoints API explorer in a single call.
API key management – IApiKeyAdministrationService provides key lookup, listing, refresh, and lock operations. A default MongoDB-backed implementation is included.
Pluggable storage – Implement IApiKeyAdministrationService to use your own data store, or use the built-in ApiKeyAdministrationService with Tharga.MongoDB.

Getting started

1. Install the package

dotnet add package Tharga.Api

2. Register controllers and authentication

// Program.cs
builder.Services.AddThargaControllers(o =>
{
    o.SwaggerTitle = "My API v1";
});

builder.Services.AddAuthentication()
    .AddThargaApiKeyAuthentication();

// If using the built-in MongoDB key store:
builder.Services.AddThargaApiKeys();

3. Map controllers and Swagger

var app = builder.Build();
app.UseThargaControllers();
app.UseAuthentication();
app.UseAuthorization();
app.Run();

4. Protect endpoints

[Authorize(Policy = ApiKeyConstants.PolicyName)]
[ApiController]
[Route("api/[controller]")]
public class MyController : ControllerBase
{
    [HttpGet]
    public IActionResult Get()
    {
        var teamKey = User.FindFirst(TeamClaimTypes.TeamKey)?.Value;
        return Ok(new { teamKey });
    }
}

5. Access level enforcement on services

Decorate service interface methods with [RequireAccessLevel] and register with AddScopedWithAccessLevel:

public interface IMyService
{
    [RequireAccessLevel(AccessLevel.Viewer)]
    IAsyncEnumerable<Item> GetAsync();

    [RequireAccessLevel(AccessLevel.User)]
    Task<Item> AddAsync(string name);

    [RequireAccessLevel(AccessLevel.Administrator)]
    Task DeleteAsync(string key);
}

// Program.cs
builder.Services.AddScopedWithAccessLevel<IMyService, MyService>();

The proxy reads TeamKey and AccessLevel claims from HttpContext.User. Methods without the attribute throw InvalidOperationException (fail-closed).

6. API key access level

The AccessLevel for API keys is determined by:

ApiKeyEntity.AccessLevel field (stored on the entity). If null (legacy keys), defaults to Administrator for backwards compatibility.
IApiKey.Tags["AccessLevel"] fallback (custom implementations). If not set, defaults to Viewer (fail-closed).
Auto-created keys in simple mode get User access level.

The access level hierarchy is:

Level	Can access
`Owner`	Everything
`Administrator`	Everything (same as Owner)
`User`	User, Viewer
`Viewer`	Viewer only

7. Custom key service (optional)

To use your own storage backend, implement IApiKeyAdministrationService and register it:

builder.Services.AddAuthentication()
    .AddThargaApiKeyAuthentication<MyCustomKeyService>();

Public API

Type	Description
`AccessLevel`	Enum: Owner, Administrator, User, Viewer.
`TeamClaimTypes`	Claim type constants: `TeamKey`, `AccessLevel`.
`RequireAccessLevelAttribute`	Declares minimum access level for a service method.
`AccessLevelProxy<T>`	DispatchProxy enforcing `[RequireAccessLevel]` via claims.
`AccessLevelServiceCollectionExtensions`	`AddScopedWithAccessLevel<TService, TImpl>()` registration helper.
`IApiKey`	Interface representing an API key with metadata (Key, Name, ApiKey, TeamKey, Tags).
`IApiKeyAdministrationService`	Service interface for key lookup, listing, refresh, and lock.
`ApiKeyConstants`	Well-known constants: `HeaderName`, `SchemeName`, `PolicyName`.
`ApiKeyRegistration`	Extension methods: `AddThargaApiKeyAuthentication`, `AddThargaApiKeyAuthentication<T>`.
`ControllersRegistration`	Extension methods: `AddThargaControllers`, `AddThargaApiKeys`, `UseThargaControllers`.
`ThargaControllerOptions`	Options for Swagger title and route prefix.
`ApiKeyEntity`	Default MongoDB entity implementing `IApiKey`.
`IApiKeyRepository`	Repository interface for API key persistence.

Dependencies

Tharga.MongoDB – MongoDB repository infrastructure and auto-registration.
Tharga.Toolkit – Shared utilities including API key hashing.
Swashbuckle.AspNetCore – Swagger UI generation.

Product	Compatible and additional computed target framework versions.
.NET	net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Product

.NET

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net10.0
- Microsoft.AspNetCore.OpenApi (>= 10.0.5)
- Swashbuckle.AspNetCore (>= 10.1.5)
- Tharga.MongoDB (>= 2.8.5-pre.20)
- Tharga.Toolkit (>= 1.15.18)
net9.0
- Microsoft.AspNetCore.OpenApi (>= 9.0.14)
- Swashbuckle.AspNetCore (>= 10.1.5)
- Tharga.MongoDB (>= 2.8.5-pre.20)
- Tharga.Toolkit (>= 1.15.18)

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
0.0.1-pre.5	82	3/15/2026
0.0.1-pre.3	72	3/13/2026
0.0.1-pre.2	65	3/13/2026