This is a simple but secure vending machine (payment) system api (provides only JSON endpoint APIs)
which provides two different APIs for both roles buyer and provider (seller).
the buyers can deposit into their accounts. The sellers can't.
If a seller adds a product, only that seller can change the product attributes.
For products, only the endpoint which shows the list of products are open to everybody without credential
Both seller and buyer have to obtain a token. They have to create an account.
Creating user endpoint API is callable for everybody without Token.
Python, Docker, PostgreSQL, Redis, Django-rest-framework
preferably Linux based operating systems (Like any Linux distros, Ubuntu or Mac)
Docker and docker-compose. (the latest version)
First, rename .env_example to .env. If you want, you can change some values there.
Then for the first time, run
docker-compose up --build -d
After that, execute the same command without a build switch for running the app. like below
docker-compose up -d
After running the app, just run the below command to run all tests.
docker exec backend python manage.py test
The buy, deposit, delete the product, reset the deposit, Django model, and credential requirement tested.
by default, it listens on port 8000, so for calling the endpoints, you have to call 127.0.0.1:8000/api/<some_thing>:
first, you need to create at least two accounts, one a seller and the other as a buyer. To achieve that, you need to call:
-
/create_user POST with user detail in the body of your request. like:
for buyers:{ "username": "whatever", "email": "[email protected]", "deposit": 100, "role": "buyer", "password": "superSecret" }for sellers (the deposit field must be empty):{ "username": "whatever", "email": "[email protected]", "role": "seller", "password": "superSecret" }The endpoint returns all user data, including the id, unless the password. -
/get_token POST you have to send username and password which you made in the last step like
{ "username": "whatever", "password": "superSecret" }then send it to this API, and this API returns a token in JSON format, which you have to use like below in the header of your request for further requests:{Authorization: Token supersecrettoken}. -
/user/<user_name> PATCH it updates one or more fields of a user.
-
/user/<user_name> GET it retrieve the all data of a user unless the password.
-
/user/<user_name> DELETE it removes the user from the db, as well as the token which is belonged to that user.
-
/products GET returns all existing products in DB. everybody can call this endpoint. It doesn't need Token
-
/products POST you have to send one product as JSON in the request body. It needs a token in the header.
-
/product/<product_id> GET retrieve the datas about that specific product.
-
/product/<product_id> PUT updates the product attributes. Only the seller who builds it can update it.
-
/product/<product_id> DELETE it deletes the target product, only the seller who adds the product can perform this action.
-
/buyer/deposit PATCH you have to call this with the amount you want as JSON in the body like
{"deposit": 5 }, it only accepts 5,10,20,50,100. -
/buyer/reset POST when you call this endpoint. It makes the user balance(deposit) zero.
-
/buyer/buy POST call this with the id of the product which you want to buy like
{"id": "<product_id>"}it returns how much did the buyer spent and remain deposit of the buyer, the product name
Use Nginx with SSL connection, HTTP2 protocol, tls1.3, and an ECDSA cert, behind a firewall,
And top of that, Set the rate limit on Nginx.
Or use GCP App Engine behind a load balancer and cloud firewall
- PostgreSQL - Database
- Redis - Cache
- Django - Server Framework
- Django REST FrameWork - Web Framework
- Python - Programming Language
- Docker - Containerized