Skip to main content

What is SAPFIAI?

SAPFIAI is a production-ready API template built with Clean Architecture principles and ASP.NET Core 8.0. It provides a solid foundation for building scalable, maintainable, and testable enterprise applications with built-in security, authentication, and authorization features. The template follows industry best practices and implements CQRS (Command Query Responsibility Segregation) pattern using MediatR, making it easy to separate read and write operations while keeping your codebase organized and maintainable.
SAPFIAI stands for a technical template designed to accelerate enterprise API development while maintaining high code quality and architectural standards.

Key Features

Clean Architecture

Separation of concerns with four distinct layers: Domain, Application, Infrastructure, and Web (Presentation)

CQRS with MediatR

Command and Query separation for better scalability and maintainability

Advanced Security

JWT authentication, refresh tokens, 2FA, rate limiting, IP blacklisting, and account lockout protection

Entity Framework Core 8

Code-first database approach with migrations support for SQL Server and SQLite

FluentValidation

Centralized validation logic with expressive, easy-to-test validation rules

AutoMapper

Automatic object-to-object mapping between DTOs and domain entities

Comprehensive Testing

Unit, functional, and integration tests using NUnit, FluentAssertions, Moq, and Respawn

CI/CD Ready

Pre-configured pipelines for GitHub Actions and Azure DevOps

Architecture Overview

SAPFIAI follows Clean Architecture principles, organizing code into four distinct layers:

Layer Responsibilities

  • Entities: Core business objects (e.g., ApplicationUser, Permission, AuditLog)
  • Value Objects: Immutable objects representing domain concepts
  • Enums: Domain-specific enumerations (e.g., LoginFailureReason, BlackListReason)
  • Exceptions: Custom domain exceptions
  • No dependencies on other layers
Located in: src/Domain/
  • Commands & Queries: CQRS implementation using MediatR
  • Handlers: Business logic execution
  • DTOs: Data transfer objects for API communication
  • Validators: FluentValidation rules
  • Interfaces: Contracts for infrastructure services
  • Depends only on Domain layer
Located in: src/Application/
  • DbContext: Entity Framework Core configuration
  • Services: Concrete implementations (email, authentication, security)
  • Identity: ASP.NET Core Identity configuration
  • Background Jobs: Scheduled cleanup tasks
  • Migrations: Database schema versioning
  • Depends on Application and Domain layers
Located in: src/Infrastructure/
  • Endpoints: Minimal API endpoints
  • Middleware: IP blocking, exception handling
  • Configuration: Dependency injection setup
  • Swagger: API documentation
  • Depends on all other layers
Located in: src/Web/

Technology Stack

TechnologyVersionPurpose
ASP.NET Core8.0Web framework and API foundation
Entity Framework Core8.0ORM and database migrations
MediatR12.xCQRS mediator pattern
AutoMapper12.xObject-to-object mapping
FluentValidation11.xInput validation
ASP.NET Core Identity8.0User authentication and management
NUnit3.xUnit testing framework
FluentAssertions6.xReadable test assertions
Moq4.xMocking framework for tests
Respawn6.xDatabase cleanup for tests

Security Features

SAPFIAI includes enterprise-grade security features out of the box:

JWT Authentication

Secure token-based authentication with configurable expiration

Refresh Tokens

Long-lived tokens with automatic rotation for enhanced security

Two-Factor Authentication

Optional 2FA via email for additional account protection

Rate Limiting

IP-based rate limiting to prevent brute force attacks (5 attempts per 15 minutes)

IP Blacklisting

Automatic and manual IP blocking with configurable expiration

Account Lockout

Temporary account lockout after failed login attempts (5 attempts = 15 min lockout)

Audit Logging

Complete audit trail of all authentication and security events

Background Cleanup

Automated cleanup of expired tokens, IP blocks, and old audit logs

CQRS Pattern

SAPFIAI implements the CQRS pattern to separate read and write operations: 
// Command Example - Write Operation
public record RegisterCommand : IRequest<RegisterResponse>
{
    public required string Email { get; init; }
    public required string Password { get; init; }
    public required string ConfirmPassword { get; init; }
}

// Query Example - Read Operation
public record GetPermissionsQuery : IRequest<List<PermissionDto>>
{
    public int? ModuleId { get; init; }
}
Use commands for operations that modify state (Create, Update, Delete) and queries for operations that only read data. This separation makes your code more maintainable and easier to test.

Use Cases

SAPFIAI is ideal for:
  • Enterprise APIs: Build robust, scalable APIs for enterprise applications
  • Microservices: Use as a template for individual microservices
  • Authentication Services: Leverage built-in security features for auth services
  • Learning: Understand Clean Architecture and CQRS patterns in practice
  • Rapid Prototyping: Start new projects with a solid foundation

What’s Next?

Quickstart

Get your API running in under 5 minutes

Installation

Detailed installation and configuration guide

Authentication

Learn about authentication endpoints

Architecture

Deep dive into the architecture

System Requirements

Before getting started, ensure you have:
  • .NET 8.0 SDK or higher
  • SQL Server (LocalDB, Express, or full) or SQLite
  • Visual Studio 2022+ or VS Code with C# extension
  • Git for version control

Community and Support

SAPFIAI is based on Clean Architecture principles popularized by Robert C. Martin (Uncle Bob) and Jason Taylor’s Clean Architecture template.

Clean Architecture

Original Clean Architecture article by Uncle Bob

.NET 8 Documentation

Official .NET 8 documentation

Build docs developers (and LLMs) love

Get started for freeTalk to us