Ecommerce Design – RESTful API for an Online Store

Objective

Design a restful API for an online store which can be used to manage different products. We will create a REST API which will implement CRUD( create, read, update, delete) operation on products table from outside the application.

Assumptions

  • Sample code and examples are written in ruby language considering MVC(model, view, controller) architecture.
  • Before each API call, request is authenticate to authorize valid user.
  • API will return response in JSON format.
  • Comments ( syntax #) are used wherever it’s needed in code samples.

Implementation

  •  Schema

Products Table

id => Integer (Primary Key)

name  => Varchar(150)

description => Product Description

supplier_name =>  Name of supplier

status => Active :: Product is live, Inactive :: Product is not live

created_at  => Datetime

updated_at  => Datetime

Users Table

id => Integer (Primary Key)

email => Varchar (100) (Unique Key)

username => Varchar(100) (Unique Key)

api_token => Varchar(100) (Unique Key)

  • Routes Configuration

Routes library points restful APIs to specific controller action.

  • Controller

    • before_filter : Methods which are executed before every API method.
    • index, create, update, destroy, search APIs are implemented.

ApplicationController has application level methods which can be called from anywhere in application

API Authentication

Find below step by step process for user authentication:

  • check_authenticity is executed before every product API call.
  • At user level we are storing user_api_token which is unique per user.
  • user_api_token will be passed in header.
  • While calling our product API, we encrypt request time and user_api_token using an encryption key.
  • secret_token is decrypted using the same encryption key. We get expiry_time and user_api_token.
  • If expiry_time and user_api_token are valid, user is authenticated else “Not Authorized” 401 message is returned.

  • Model

Models are ActiveRecord mapped to tables. They contain the business logic.

Testing the API

 Response Format

  • Listing Products

  •  Searching a Product Details

  • Creating Products

  • Updating Products

  • Deleting Product

Rspec Test Cases