# API Course 5.1 - Modules Overview
**Who is this for?** Beginners familiar with basic C# and REST concepts ready to secure APIs with authentication.

**What you’ll learn:**
- Core modules in version 5.1 (GettingStarted, BeyondTheBasics, Auth)
- Implementing AuthController for register/login
- JWT token generation and validation
- Securing endpoints with JWT bearer authentication


# API Course 5.1 - Modules Overview
This notebook delves into the modules introduced in version 5.1 of the REST API Course and explains code snippets in depth.

## Modules in Version 5.1
The `rest-api-course-final-master` folder contains three modules:
1. `1.GettingStarted`
2. `2.BeyondTheBasics`
3. `3.Auth` (New in 5.1)

In [None]:
!tree -L 1 /home/mzmzeeee/coding/C#AndDotnet/API_course/5.1/rest-api-course-final-master

### Authentication Module
The `3.Auth` module adds JSON Web Token (JWT) support to secure endpoints.

In [None]:
public class JwtTokenService : ITokenService {
    private readonly IConfiguration _config;
    public JwtTokenService(IConfiguration config) { _config = config; }
    public string GenerateToken(UserResponse user) {
        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]));
        var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

- The `IConfiguration` is injected to read JWT settings.
- `SymmetricSecurityKey` uses a secret key from configuration.
- `JwtSecurityToken` includes issuer, claims, expiration, and signing credentials.

## Dependency Injection Setup
Register user and token services in the API project:
```csharp
// In Program.cs or Startup.ConfigureServices
builder.Services.AddScoped<IUserService, UserService>();
builder.Services.AddScoped<ITokenService, JwtTokenService>();
builder.Services.AddControllers();
```

## Testing Authentication Endpoints with curl
```bash
# Register a new user
curl -X POST http://localhost:5000/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{ "username": "test", "password": "P@ssw0rd"}'

# Login and retrieve JWT
token=$(curl -s -X POST http://localhost:5000/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{ "username": "test", "password": "P@ssw0rd"}' | jq -r .token)

# Use JWT to call a protected endpoint
curl -H "Authorization: Bearer $token" http://localhost:5000/api/movies/1
```