This is the API project for an e-commerce platform, built with an API-First approach using Spring Boot. The goal is to create a robust and scalable API that will serve as the backbone for a complete online store application, demonstrating skills in back-end development, business logic, and security.
The front-end of this project will be developed separately and will consume this API.
- Programming Language: Java
- Back-end Framework: Spring Boot
- Database: PostgreSQL / MySQL
- Dependency Management: Maven
- API Documentation: Swagger (OpenAPI)
- Security: JWT (JSON Web Tokens)
- (Optional) AI: Python
- External Services:
- Cloudinary: For image storage and transformation.
- MailerSend / Ethereal / MailTrap: For transactional email delivery.
The foundation of this application is a production-grade user management and security module, engineered to be both robust and flexible.
- Multiple Authentication Methods: Standard Email/Password, Google (OIDC), and Facebook (OAuth2).
- Social Identity System (Discord-Style): Users can choose a non-unique
username, and the system assigns a uniquediscriminator(e.g.,Erick#0001), drastically improving the registration user experience. - Two-Phase OAuth2 Registration: A user-friendly flow that allows new social-login users to choose their
usernamebefore the account is finalized. - Social Account Linking: Logged-in users can link multiple OAuth2 providers to a single primary account, preventing account duplication.
- JWT Issuance: Implements JSON Web Tokens (
accessToken&refreshToken) for secure, stateless communication. - Secure Refresh Token Storage:
refreshTokenis stored securely in anHttpOnlycookie to mitigate XSS attacks. - Session Invalidation: Any critical security event (password change, email change, 2FA modification) automatically invalidates all other active sessions to protect against takeovers.
- Multi-Method Two-Factor Authentication (2FA):
- Support for Authenticator Apps (TOTP).
- Support for Email Codes.
- Users can select their preferred 2FA method.
- High-security, two-step enable/disable flows requiring password and/or code confirmation.
- Comprehensive Password Management:
- Full password reset flow via email codes.
- Ability for OAuth-only users to create a local password.
- Secure social account unlinking with password confirmation.
Here you can check the current status of the API development. The modules are designed to be implemented in stages, following an agile development methodology.
- Module 1 - Identity & Security:
Completed- All features described in the section above.
- Module 2 - General CRUDs:
In progress- User Management (Registration, Login, Profile)
- Product Management
- Order Management
- Module 3 - AI Implementation:
To do- Product recommendation engine
- Data analysis for predictions
- Module 4 - Payment Gateway:
To do- Stripe Integration (Sandbox Mode)
- Secure transaction handling
- Webhooks for payment notifications
To clone and run this project on your local machine:
- Clone the repository:
git clone https://github.com/ErickBeLike/shopin-api.git - Navigate to the project directory:
cd shopin-api - Configure your environment variables in a
.envfile (e.g., for the database and JWT key). - Run the application ;)
Once the application is running, you can access the API documentation via Swagger UI.
The API is fully documented with Swagger UI. Once the application is running, you can access the documentation in your browser at:
Coming Soon
Here you will find all available endpoints, their request parameters, and example responses.
Feel free to clone and explore the code. Any suggestions or improvements are welcome.