A robust, scalable e-commerce backend microservice built with FastAPI, featuring Role-Based Access Control (RBAC) for secure multi-tenant operations. This project demonstrates modern API development with proper authentication, authorization, and database design patterns.
- Three-tier role system: Customer, Seller, Admin
- Granular permissions: Each role has specific capabilities
- Secure endpoints: Role-based dependency injection
- JWT authentication: Stateless, scalable authentication
- User Management: Registration, profile management, authentication
- Product Catalog: CRUD operations with category management
- Shopping Cart: Add, update, remove items with persistence
- Order System: Complete order lifecycle management
- Inventory Management: Stock tracking and updates
- Reviews & Ratings: Product feedback system
- Wishlist: Save products for later
- Shipment Tracking: Order fulfillment tracking
- Microservice-ready: Modular design for scalability
- RESTful API: Clean, predictable endpoints
- Database Migrations: Alembic for schema management
- Validation: Pydantic models for request/response validation
- Documentation: Auto-generated OpenAPI documentation
| Feature | Customer | Seller | Admin |
|---|---|---|---|
| User Registration | β | β | β |
| Browse Products | β | β | β |
| Shopping Cart | β | β | β |
| Place Orders | β | β | β |
| Write Reviews | β | β | β |
| Manage Own Products | β | β | β |
| Manage All Products | β | β | β |
| Manage Categories | β | β | β |
| Manage Users | β | β | β |
| Manage Shipments | β | β | β |
| System Administration | β | β | β |
- Framework: FastAPI
- Database: PostgreSQL
- ORM: SQLAlchemy 2.0
- Authentication: JWT with bcrypt hashing
- Migrations: Alembic
- Validation: Pydantic v2
- API Documentation: Swagger UI & ReDoc
- Package Management: pip
FastAPI-RBAC-Microservice/
βββ app/
β βββ init.py
β βββ main.py # FastAPI application entry point
β βββ database.py # Database configuration
β βββ models.py # SQLAlchemy models
β βββ schemas.py # Pydantic schemas
β βββ crud.py # Database operations
β βββ auth.py # Authentication utilities
β βββ config.py # Configuration management
βββ alembic/ # Database migrations
β βββ versions/
β βββ env.py
β βββ alembic.ini
βββ requirements.txt # Project dependencies
βββ .env # Environment variables template
βββ README.md # Project documentation- Python 3.8+
- PostgreSQL 12+
- pip (Python package manager)
-
Clone the repository
git clone https://github.com/HarshitWaldia/FastAPI-RBAC-Microservice.git cd FastAPI-RBAC-Microservice -
Create virtual environment
python -m venv venv source venv/bin/activate # Linux/MacOS # OR venv\Scripts\activate # Windows
-
Install dependencies
pip install -r requirements.txt
-
Environment Configuration
code .env
Edit
.envwith your configuration:DATABASE_URL=postgresql://username:password@localhost:5432/ecommerce_db SECRET_KEY=your-super-secret-key-here ALGORITHM=HS256 ACCESS_TOKEN_EXPIRE_MINUTES=60
-
Database Setup
# Create database in PostgreSQL createdb ecommerce_db # Run migrations alembic upgrade head
-
Start the server
uvicorn app.main:app --reload
Once running, access the interactive API documentation:
- Swagger UI: http://localhost:8000/docs
- ReDoc: http://localhost:8000/redoc
- Register:
POST /users/- Create new user account - Login:
POST /login- Get JWT access token - Access Protected Routes: Include token in
Authorization: Bearer <token>header
# 1. Register as customer
curl -X POST "http://localhost:8000/users/" \
-H "Content-Type: application/json" \
-d '{"name": "John Doe", "email": "john@example.com", "password": "password123"}'
# 2. Login
curl -X POST "http://localhost:8000/login" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=john@example.com&password=password123"
# 3. Browse products
curl -X GET "http://localhost:8000/products/" \
-H "Authorization: Bearer <your_token>"
# 4. Add to cart
curl -X POST "http://localhost:8000/cart/1/items" \
-H "Authorization: Bearer <your_token>" \
-H "Content-Type: application/json" \
-d '{"product_id": 1, "quantity": 2}'
# 5. Place order
curl -X POST "http://localhost:8000/orders/" \
-H "Authorization: Bearer <your_token>" \
-d '{"user_id": 1}'# 1. Register as seller (or get role updated by admin)
curl -X POST "http://localhost:8000/users/" \
-H "Content-Type: application/json" \
-d '{"name": "Seller Jane", "email": "jane@seller.com", "password": "password123", "role": "seller"}'
# 2. Create product
curl -X POST "http://localhost:8000/seller/products/" \
-H "Authorization: Bearer <seller_token>" \
-H "Content-Type: application/json" \
-d '{"name": "New Product", "price": 29.99, "stock": 100, "category_id": 1}'# Format code
black app/
# Sort imports
isort app/
# Create new migration
alembic revision --autogenerate -m "description"
# Apply migrations
alembic upgrade head
# Rollback migration
alembic downgrade -1
# Revert all migration
alembic downgrade baseThis API provides endpoints for users, customers, sellers, and administrators. Below is a breakdown of the available routes.
These endpoints do not require authentication.
POST /users/- User registration. Creates a new user account.POST /login- User authentication. Logs in an existing user and returns an authentication token.
These endpoints require user authentication.
GET /me- Current user profile. Retrieves information about the currently authenticated user.GET /cart/{user_id}- View cart. Retrieves the contents of a user's shopping cart.POST /cart/{user_id}/items- Add to cart. Adds an item to a user's shopping cart.POST /orders/- Create order. Creates a new order for the currently authenticated user.POST /wishlist/- Add to wishlist. Adds an item to the user's wishlist.
These endpoints require seller authentication.
GET /seller/products/- Manage products. Retrieves a list of products owned by the seller.POST /seller/products/- Create product. Creates a new product for the seller.PUT /seller/products/{id}- Update product. Updates an existing product owned by the seller.{id}represents the product ID.
These endpoints require administrator authentication.
GET /admin/users/- User management. Retrieves a list of all users.PUT /admin/users/{id}/role- Change user roles. Updates the role of a user.{id}represents the user ID.DELETE /admin/products/{id}- Delete any product. Deletes a product from the system.{id}represents the product ID.
We welcome and encourage contributions to this project! Here's how you can get involved:
- Fork the repository: Create your own fork of this repository on GitHub.
- Create your feature branch:
git checkout -b feature/AmazingFeature(ReplaceAmazingFeaturewith a descriptive name for your branch). - Commit your changes:
git commit -m 'Add some AmazingFeature'(Use clear and concise commit messages). - Push to the branch:
git push origin feature/AmazingFeature - Open a Pull Request: Submit a pull request to the main repository. Please include a detailed description of your changes.
We appreciate your help in making this project even better!
Harshit Waldia
- GitHub: @HarshitWaldia
- LinkedIn: Harshit Waldia
- The amazing FastAPI team for providing such an excellent framework.
- The SQLAlchemy and Alembic communities for their powerful database tools.
- All contributors and users of this project β thank you for your support!