Controller from both MVC and Web API have been merged into the same code base, so creating APIs are even easier and as lightweight as we'd like (or as feature-rich as we need).
Authentication and authorization work well, but we have to be aware of the pitfalls and the different contexts under which we may be exposing our APIs to the outside world. In this episode, guest Monster Eric Fleming cracks open a new API controller and starts returning some data, then we dive in to see how basic security only stands up to basic attacks.
Watch for a future episode when we take additional measures to protect the API even further.