My wife and I were both employed in Nepal at one point for a U.S.-based corporation. Since the platform we worked on was an online food ordering e-commerce system, problems frequently occurred at night. We would receive emails informing us of clients experiencing order placement mistakes or other unforeseen mishaps.
I put in place global exception handling, which automatically emailed the support staff with error alerts to guarantee seamless operations. In this manner, if something went wrong, we’d know right away and could fix it before too many consumers were impacted. Having real-time alerts was essential because order failures could result in lost business.
But as a core developer, I frequently found myself working directly to resolve these problems, sometimes on the weekends or in the middle of the night.
I can still clearly recall one specific instance: I received the call at midnight. Our largest client was unable to fulfill orders because a crucial API service was unavailable. I discovered the cause after searching through countless log files: “Object reference not set to an instance of an object” was a mysterious error message with no context. No trace of the stack. No request ID. I couldn’t figure out what went wrong.
I will never forget the lesson I learned that night: effective error handling is not merely a nice-to-have; it is necessary.
I’ve spent the last decade building and maintaining .NET APIs, and I’ve seen firsthand how error handling can make or break a project. In this article, I’ll share what I’ve learned through trial and error, and many late-night debugging sessions.
The Evolution of Error Handling in .NET
When I first started working with .NET back in the Web Forms days, error handling was mostly an afterthought. We’d wrap some code in try-catch blocks, maybe redirect to an error page, and call it a day. Each developer had their own approach, leading to inconsistent implementations across projects.
Those were simpler times. Today’s distributed systems are far more complex, with microservices communicating across networks and countless potential points of failure.
ASP.NET Core brought a much-needed focus on standardized error handling. Microsoft embraced industry standards like RFC 7807 (Problem Details for HTTP APIs), and the framework now provides robust tools for handling exceptions and returning appropriate responses.
But having tools available doesn’t mean they’re being used effectively. I still encounter APIs that return nothing but a 500 status code when something goes wrong – leaving developers to guess what happened and how to fix it.
Why Good Error Handling Matters
Last year, I consulted for a company that was losing customers due to API reliability issues. Their logs were filled with exceptions, but the error responses provided to clients were so vague that even their own front-end team couldn’t figure out what was going wrong.
After implementing a comprehensive error-handling strategy, two things happened:
- Support tickets decreased significantly
- Average time-to-resolution for issues dropped by almost 70%
The reason was simple: developers could now understand what was happening and fix problems faster.
Good error handling isn’t just about catching exceptions – it’s about providing meaningful information that helps developers understand and address issues quickly. Here’s why it matters:
- Developer Experience: I’ve been on both sides of an API, and nothing frustrates me more than cryptic error messages. Clear error responses save hours of debugging time.
- Troubleshooting: When something goes wrong in production, you need to move fast. Standardized error formats with correlation IDs make tracking down issues much easier.
- Security: Proper error handling prevents sensitive information leaks while still providing actionable feedback.
- User Experience: Let’s face it – errors will happen. Good error handling allows you to translate technical issues into user-friendly messages.
- Reliability: A consistent approach to error handling makes your API more predictable and robust.
HTTP Status Codes: Speaking the Language of Web APIs
HTTP status codes are the first line of communication when something goes wrong. Using them correctly is essential for building a professional API.
During a recent code review, I spotted an endpoint that returned a 200 OK status with an error message in the response body. This anti-pattern confuses clients and breaks conventions that other developers expect.
Here’s a quick refresher on the most important status codes for APIs:
2XX – Success
- 200 OK: The request succeeded (for GET requests)
- 201 Created: A new resource was successfully created (for POST requests)
- 204 No Content: The request succeeded, but there’s nothing to return (often used for DELETE)
4XX – Client Errors
- 400 Bad Request: The client sent something invalid (malformed JSON, invalid parameters, etc.)
- 401 Unauthorized: Authentication is required but wasn’t provided
- 403 Forbidden: The client is authenticated but doesn’t have permission
- 404 Not Found: The requested resource doesn’t exist
- 409 Conflict: The request conflicts with the current state (e.g., creating a duplicate resource)
- 422 Unprocessable Entity: The request was well-formed but had semantic errors
5XX – Server Errors
- 500 Internal Server Error: Something unexpected went wrong on the server
- 502 Bad Gateway: An upstream service returned an invalid response
- 503 Service Unavailable: The server is temporarily unavailable (maintenance, overloaded)
I’ve seen too many APIs that return 500 for every error, regardless of the cause. This makes it impossible for clients to handle errors intelligently. Always return the most specific status code that applies to the situation.
Building a Robust Error Handling System in .NET
Let’s dive into practical implementation. I’ll share code examples from real projects (with names changed to protect the innocent) and explain the reasoning behind each approach.
1. Global Exception Handling
The foundation of any good error-handling strategy is global exception handling. This ensures that unhandled exceptions don’t result in default error pages or, worse, expose sensitive information.
I use a middleware approach in all my projects:
ErrorResponse.cs
ExceptionHandlingExtensions.cs
This approach has several benefits
- It ensures all unhandled exceptions return a consistent response format
- It maps custom exceptions to appropriate HTTP status codes
- It includes a trace ID for correlation with logs
- It follows the RFC 7807 standard for problem details
2. Controller-Level Error Handling
While global handlers catch unhandled exceptions, I often implement more specific error handling at the controller level. This provides finer control and allows for custom responses for different scenarios.
Here’s an example from a product management API I built:
Notice the ProducesResponseType attributes. These document the possible responses in Swagger/OpenAPI, making it easier for API consumers to understand what to expect.
3. Input Validation
In my experience, a significant portion of API errors are caused by invalid input. .NET provides several options for validation:
Using Data Annotations
This is the simplest approach and works well for basic scenarios:
Using FluentValidation
For more complex validation scenarios, I prefer FluentValidation. It’s more flexible and allows for context-dependent validation rules:
The key is to integrate validation with your error-handling system. When validation fails, you should return a 400 Bad Request with detailed information about which fields failed validation and why.
4. Problem Details for HTTP APIs
.NET Core includes built-in support for RFC 7807 (Problem Details for HTTP APIs). This standard defines a common format for error responses that includes:
- A type URI that identifies the error
- A title that briefly describes the error
- An HTTP status code
- A detailed description of the error
- Additional properties specific to the error
Here’s how I implement it:
5. Rate Limiting and Throttling
As your API grows in popularity, you’ll likely need to implement rate limiting. When a client exceeds their quota, it’s important to provide clear information about the limit and when they can try again.
Here’s an example using .NET’s built-in rate limiting:
The key here is to include the Retry-After header, which tells clients when they can make another request.
Real-World Impact of Good Error Handling
Let me share a real-world example of how good error handling transformed a struggling API.
I was brought in to help a financial services company that was struggling with API reliability. Their error responses looked like this:
When something went wrong, their support team would receive emails with screenshots of this error message. They had no way to correlate these reports with specific exceptions in their logs, which made troubleshooting nearly impossible.
We implemented a comprehensive error-handling strategy, and their new error responses looked like this:
The results were dramatic
- Support tickets decreased by 40%
- Average resolution time dropped from days to hours
- Developer onboarding time for new API consumers was cut in half
Good error handling isn’t just a technical nicety – it has a real business impact.
Best Practices I’ve Learned the Hard Way
After years of building and maintaining APIs, here are the key lessons I’ve learned:
1. Use Domain-Specific Exceptions
Create custom exceptions that map to your business domain. This makes your code more readable and helps translate technical issues into meaningful error messages:
2. Include Correlation IDs
Every error response should include a unique identifier that can be used to correlate the error with log entries. This is invaluable for troubleshooting:
3. Document Error Responses
Use Swagger/OpenAPI to document possible error responses for each endpoint:
4. Log Appropriately
Different errors warrant different logging levels:
- Critical system failures: Log as errors
- Client errors: Log as warnings
- Rate limiting: Log as information
Include contextual information in your logs, not just the exception details:
5. Test Error Paths
It’s easy to focus on testing the happy path, but error scenarios need testing too. Write unit and integration tests specifically for error handling:
6. Monitor and Alert
Set up monitoring for error rates and critical failures. A sudden spike in errors often indicates an underlying issue that needs attention.
I use tools like Application Insights or Prometheus with Grafana to track error rates and set up alerts when they exceed normal thresholds.
Conclusion
Error handling might not be the most exciting part of API development, but it’s one of the most important. A well-designed error-handling strategy can dramatically improve the developer experience, reduce support costs, and make your API more robust.
Throughout my career, I’ve seen firsthand how good error handling can transform a frustrating API into a joy to work with. The extra effort pays off in fewer support tickets, faster issue resolution, and happier developers.
As you build your own .NET APIs, I encourage you to invest time in designing a thoughtful error-handling strategy. Consider the needs of your API consumers, include the information they need to troubleshoot issues, and make error responses as helpful as possible.
Remember, errors are inevitable – poor error handling isn’t.
ASP.NET 8.0.11 Hosting Recommendation
ASP.NET is a powerful platform for creating web applications and services. You must be comfortable with JavaScript, HTML, CSS, and C# before developing a web application in ASP.NET. On the market, there are thousands of web hosting companies providing ASP.NET Hosting. But, only very few web hosting companies could provide high quality ASP.NET hosting solution.
ASP.NET is the best development language in Windows platform, which is released by Microsoft and widely used to build all types of dynamic Web sites and XML Web services. With this article, we’re going to help you to find the best ASP.NET Hosting solution in Europe based on reliability, features, price, performance and technical support. After we reviewed about 30+ ASP.NET hosting providers in Europe, our Best ASP.NET Hosting Award in Europe goes to HostForLIFE.eu, one of the fastest growing private companies and one of the most reliable hosting providers in Europe.