[go: up one dir, main page]
Scribd
Upload
1K views4 pages

ProblemStatement For t4 Track

The document outlines requirements for developing a REST API backend for an e-commerce platform. The API must include public endpoints for product searching and user login. Authenticated endpoints are defined for consumers to manage carts and for sellers to manage products. The API must use JWT authentication to validate user roles and restrict access to endpoints based on roles. Database models and sample data are provided to develop and test the API functionality.

Uploaded by

Soorya Prashanth
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views4 pages

ProblemStatement For t4 Track

The document outlines requirements for developing a REST API backend for an e-commerce platform. The API must include public endpoints for product searching and user login. Authenticated endpoints are defined for consumers to manage carts and for sellers to manage products. The API must use JWT authentication to validate user roles and restrict access to endpoints based on roles. Database models and sample data are provided to develop and test the API functionality.

Uploaded by

Soorya Prashanth
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

McDiffyStore is a vendor who sell various products ranging across different categories.

They hired you to develop a distributed e-commerce platform to move their business
online. As an initial MVP you are required to develop a restful API backend application in
springboot.
Here is the requirement for the application.

Database models are already created and initialised as below:

* Role CartProduct
roleId - Integer cpId - Integer
role - String cart – Cart
*product – Product
quantity - Integer

User *
userId - Integer
1
username - String 1
password - String Cart
roles - Role cartId - Integer
1 totalAmount - Double
user - User
cartProducts - CartProduct
*
Product
productId - Integer
productName - String
1 Category
price - Double
categoryId - Integer
seller – User * categoryName - String
Category - Category

DB initialised with following default data:


Categories: Role User Cart UserRole
categoryId, categoryName role username, password totalAmount, userId userId, role
'Fashion' ‘CONSUMER’ 'jack', 'pass_word' 20, 1 1, 1
'Electronics' ‘SELLER’ ‘bob', 'pass_word' 0, 2 2, 1
'Books' 'apple', 'pass_word' 3, 2
'Groceries' ‘glaxo’, 'pass_word 4, 2
'Medicines'

Product CartProduct
price, productName, categoryId, sellerId cartId, productId, quantity
29190, 'Apple iPad 10.2 8th Gen WiFi iOS Tablet', 2, 3 1, 2, 2
10, 'Crocin pain relief tablet', 5, 4
Your job is to create the following APIs, use JWT authentication with roles to protect
consumer and seller specific endpoints. The JWT is included in the header with key JWT
and value as jwt token.
• Consumers can search, add, update and delete items in cart.
• Sellers can add, update and delete products to the database.
• APIs preceeding with /api/public are public APIs and can be accessed by anyone.
• APIs preceeding with /api/auth/consumer are authenticated and consumer APIs.
• APIs preceeding with /api/auth/seller are authenticated and seller APIs
• if authenticated endpoints are accessed without JWT, return 401.
• if a consumer endpoint is accessed with seller JWT or viceverse, return 403.

Below are public endpoints:

/api/public/product/search – GET - This endpoint takes a query parameter 'keyword' and


returns all the matching products containing the keyword either in productName or
categoryName.
Example: /api/public/product/search? returns: [{"productId":1,"productName":"Apple iPad 10.2 8th Gen
keyword="tablet" WiFi iOS Tablet","price":29190.0,"category":
{"categoryName":"Electronics"}},
{"productId":2,"productName":"Crocin pain relief
tablet","price":10.0,"category":{"categoryName":"Medicines"}}]
/api/public/product/search status 400

/api/public/login - POST - takes username and password in json body, authenticates and
returns JWT. Can authenticate both consumer and seller.
request body - {"username": "bob","password": status 200,
"pass_word"} response body –
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIx
MjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF
0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwp
MeJf36POk6yJV_adQssw5c
request body - {"username": "bob","password": status 401
"password"}

Below are all authenticated endpoints:

/api/auth/consumer/cart - GET - returns the consumer’s cart.


/api/auth/consumer/cart status 200,
response body –
{"cartId":1,"totalAmount":20.0,"cartProducts":
[{"cpId":1,"product":
{"productId":2,"productName":"Crocin pain relief
tablet","price":10.0,"category":
{"categoryName":"Medicines"}},"quantity":2}]}
/api/auth/consumer/cart - POST – takes a Product json in request body and adds it to
the consumer’s cart.
Request body - status 200
{"productId":3,"category":
{"categoryName":"Electronics","categoryId":"2"},"price
":"98000.0","productName":"iPhone 12"}
If product already in cart is added again status 409

/api/auth/consumer/cart - PUT – takes a CartProduct json in request body and updates


the quantity of the product in cart. If product is not in cart, add the product to cart with
supplied quantity. If the quantity of the product is zero then delete the product from the
cart.
Request body - status 200
{"product":{"productId":3,"category":
{"categoryName":"Electronics","categoryId":"2"},"price
":"98000.0","productName":"iPhone 12"},"quantity":3}

/api/auth/consumer/cart - DELETE – takes a Product json in request body and removes


the product from the cart.
Request body - status 200
{"productId":3,"category":
{"categoryName":"Electronics","categoryId":"2"},"price
":"98000.0","productName":"iPhone 12"}

/api/auth/seller/product - GET – return all the products owned by seller.


/api/auth/seller/product/{productId} - GET – return the product identified by the
supplied path parameter productId.
/api/auth/seller/product status 200,
response body -
[{"productId":1,"productName":"Apple iPad 10.2 8th
Gen WiFi iOS Tablet","price":29190.0,"category":
{"categoryName":"Electronics"}}]
/api/auth/seller/product/1 status 200,
response body -
{"productId":1,"productName":"Apple iPad 10.2 8th
Gen WiFi iOS Tablet","price":29190.0,"category":
{"categoryName":"Electronics"}}

/api/auth/seller/product - POST – takes a product json in request body and saves it to


database.
Request body - status 201,
{"productId":3,"category": redirect url (created URI)-
{"categoryName":"Electronics","categoryId":"2"},"price http://localhost/api/auth/seller/product/3
":"98000.0","productName":"iPhone 12 Pro Max"}
/api/auth/seller/product - PUT – takes a product json in request body with mandatory
product id and updates the product in the database.
Request body - status 200
{"productId":3,"category":
{"categoryName":"Electronics","categoryId":"2"},"price
":"98000.0","productName":"iPhone 12 Pro Max"}

/api/auth/seller/product/{productId} - DELETE – takes a productId path parameter and


deletes the product from the database. If product not owned by seller return 404
/api/auth/seller/product/1 status 200
/api/auth/seller/product/2 status 404

Take a look at the testcases to understand more on how the validation works.
Good Luck and Start Coding!

You might also like