This document details the requirements for a backend RESTful API for an e-commerce platform, supporting user management, product catalog, cart, order, payment, and shipping functionalities.
The backend provides APIs for:
- User registration, authentication, and profile management
- Product and category management
- Shopping cart operations
- Order placement and management
- Payment processing (simulated)
- Shipping address and status management
- API: Application Programming Interface
- JWT: JSON Web Token
- CRUD: Create, Read, Update, Delete
This backend is a standalone RESTful API, intended to be consumed by a frontend (web/mobile). It uses FastAPI, SQLAlchemy (async), PostgreSQL, and Alembic for migrations.
- User Account: Registration, login, JWT-based authentication, password reset, email verification, admin roles.
- Product Catalog: CRUD for products and categories, image upload, search, and filtering.
- Cart: Add, update, remove items; view cart summary.
- Order: Checkout, view orders, cancel orders.
- Payment: Simulated payment processing, payment status tracking.
- Shipping: Manage addresses, track shipping status.
- Customer: Can register, login, manage cart, place orders, manage addresses, view payments and shipping.
- Admin: All customer privileges plus product/category CRUD, shipping status updates.
- Backend: Python 3.x, FastAPI, SQLAlchemy ORM, PostgreSQL, Alembic
- Frontend: Any (not included) Later in ReactJS or NextJS
- OS: Windows (as per setup), Linux compatible
- Async SQLAlchemy and aioPostgreSQL
- JWT for authentication
- Passwords hashed with bcrypt
- Environment variables via python-decouple
- Register with email, name, password
- Login with email and password
- JWT-based authentication (access/refresh tokens via cookies)
- Email verification and password reset via tokenized links
- Admin role support
- List/search products with pagination and filtering
- CRUD for products (admin only)
- Image upload for products
- CRUD for categories (admin only)
- Add product to cart (with quantity)
- Increase/decrease quantity
- Remove item from cart
- View cart summary (total price, quantity)
- Checkout cart to create order (with payment and shipping address)
- View user orders and order details
- Cancel order (if not shipped)
- Simulated payment gateway (success/failure)
- Track payment status per order
- View payment history
- Add/update/delete shipping addresses
- View shipping addresses
- Track shipping status per order
- Admin can update shipping status
- API responses within 1 second for standard operations
- JWT authentication, secure cookies
- Passwords hashed with bcrypt
- Admin-only endpoints protected
- OpenAPI/Swagger documentation auto-generated
- Consistent RESTful API design
- Modular codebase: account, product, cart, order, payment, shipping, db, core
- Alembic for migrations
- Async database operations for high concurrency
POST /api/account/register– Register userPOST /api/account/login– LoginPOST /api/account/refresh– Refresh tokenGET /api/account/me– Get current userPOST /api/account/verify-request– Send verification emailGET /api/account/verify– Verify emailPOST /api/account/change-password– Change passwordPOST /api/account/forgot-password– Request password resetPOST /api/account/reset-password– Reset passwordPOST /api/account/logout– Logout
GET /api/products– List productsGET /api/products/search– Search productsGET /api/products/{slug}– Get product detailsPOST /api/products– Create product (admin)PATCH /api/products/{product_id}– Update product (admin)DELETE /api/products/{product_id}– Delete product (admin)GET /api/products/category/– List categoriesPOST /api/products/category/– Create category (admin)DELETE /api/products/category/{category_id}– Delete category (admin)
GET /api/carts– View cartPOST /api/carts/add– Add itemPATCH /api/carts/increase/{product_id}– Increase quantityPATCH /api/carts/decrease/{product_id}– Decrease quantityDELETE /api/carts/delete/{item_id}– Remove item
GET /api/orders/– List user ordersGET /api/orders/{order_id}– Get order detailsPATCH /api/orders/cancel/{order_id}– Cancel orderPOST /api/orders/checkout– Checkout cart
GET /api/payments/{payment_id}– Get payment statusGET /api/payments– List user payments
POST /api/shippings/addresses– Add addressGET /api/shippings/addresses– List addressesGET /api/shippings/addresses/{address_id}– Get addressPUT /api/shippings/addresses/{address_id}– Update addressDELETE /api/shippings/addresses/{address_id}– Delete addressGET /api/shippings/status/{order_id}– Get shipping statusPUT /api/shippings/status/{order_id}– Update shipping status (admin)
- PostgreSQL, async SQLAlchemy ORM models for all entities
- Static file serving for product images (
/media)
- User: id, email, hashed_password, name, is_active, is_admin, is_verified, created_at, updated_at
- Product: id, title, description, slug, price, stock_quantity, image_url, created_at, updated_at, categories
- Category: id, name
- CartItem: id, user_id, product_id, quantity, price
- Order: id, user_id, total_price, status, created_at, shipping_address_id, items, payment, shipping_status
- OrderItem: id, order_id, product_id, quantity, price
- Payment: id, order_id, user_id, amount, status, payment_gateway, is_paid, created_at
- ShippingAddress: id, user_id, address_line1, address_line2, city, state, postal_code, country
- ShippingStatus: id, order_id, status, updated_at
- All sensitive endpoints require authentication (JWT via cookies)
- Admin-only endpoints require admin privileges
- Passwords are hashed and never stored in plaintext
- CSRF protection via secure cookies and CORS settings
- Reliability: Database transactions for critical operations (checkout, payment)
- Availability: Async operations for high concurrency
- Maintainability: Modular code, clear separation of concerns
- Portability: Runs on any OS with Python 3.x and PostgreSQL
- All endpoints are documented and browsable via
/docs(Swagger UI)
- search through imges using AI
- Product reviews and ratings
- Email/SMS notifications