create an API with .NET Minimal APIs that require session api key

Gave this a test based on my comments.

This would call the method Invoke in the middleware on each request and you can do checks here.

Probably a better way would be to use the AuthenticationHandler. using this would mean you can attribute individual endpoints to have the API key check done instead of all incoming requests

But, I thought this was still useful, middleware can be used for anything you'd like to perform on every request

Using Middleware

Program.cs:

var builder = WebApplication.CreateBuilder(args);
var app = builder.Build();

//our custom middleware extension to call UseMiddleware
app.UseAPIKeyCheckMiddleware();

if (app.Environment.IsDevelopment())
{
    app.UseDeveloperExceptionPage();
}

app.MapGet("/", () => "Hello World!");

app.Run();

APIKeyCheckMiddleware.cs

using Microsoft.Extensions.Primitives;

internal class APIKeyCheckMiddleware
{
    private readonly RequestDelegate _next;

    public APIKeyCheckMiddleware(RequestDelegate next)
    {
        _next = next;
    }

    public async Task Invoke(HttpContext httpContext)
    {
        
        //we could inject here our database context to do checks against the db
        if (httpContext.Request.Headers.TryGetValue("API-KEY", out StringValues value))
        {
            //do the checks on key
            var apikey = value;
        }
        else
        {
            //return 403
            httpContext.Response.StatusCode = 403;
        }
        
        await _next(httpContext);
    }
}

// Extension method used to add the middleware to the HTTP request pipeline.
public static class APIKeyCheckMiddlewareExtensions
{
    public static IApplicationBuilder UseAPIKeyCheckMiddleware(this IApplicationBuilder builder)
    {
        
        return builder.UseMiddleware<APIKeyCheckMiddleware>();
    }
}