A production-grade, rate-limited REST API for analyzing Git repository metrics. Built to demonstrate enterprise-level API design, performance optimization, and scalability patterns.
- Features
- Tech Stack
- Getting Started
- Project Structure
- Key Design Decisions
- Performance
- Testing
- CI/CD Pipeline
- Deployment
- Contributing
- License
- π API Key Authentication - Secure SHA-256 hashed API keys
- β‘ Rate Limiting - Sliding window algorithm with Redis
- π Repository Analytics - Commit frequency, contributor stats, activity metrics
- π― Multi-tier Support - Free (100/hr), Pro (1000/hr), Enterprise (10000/hr)
- π Usage Tracking - Comprehensive analytics and quota monitoring
- πΎ Smart Caching - Multi-layer caching with Redis (15min TTL)
- β Production-ready error handling (RFC 7807 format)
- β TypeScript with strict mode for type safety
- β Database query optimization with strategic indexes
- β Batch operations for high-volume data processing
- β Comprehensive request/response logging
- β Graceful shutdown handling
- β Health check endpoints
| Technology | Purpose | Why? |
|---|---|---|
| TypeScript | Language | Type safety, better DX |
| Node.js 20 | Runtime | Non-blocking I/O, ecosystem |
| Express.js | Web Framework | Battle-tested, minimal |
| PostgreSQL 16 | Database | ACID, complex queries, JSONB |
| Redis 7 | Cache/Rate Limiting | Speed, atomic ops, Sorted Sets |
| Docker | Containerization | Consistent dev/prod environments |
| Winston | Logging | Structured logs, transports |
| Zod | Validation | Type-safe schema validation |
- Node.js 20+
- Docker & Docker Compose
- GitHub Personal Access Token (Get one here)
- Clone the repository
git clone https://github.com/ajilkumar/Developer-Metrics-API.git
cd Developer-Metrics-API- Install dependencies
npm install- Set up environment variables
cp .env.example .envEdit .env and add:
- Your GitHub token (
GITHUB_TOKEN) - Generate
API_KEY_SECRET:node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
- Start Docker services
docker-compose up -d- Run database migrations
npm run migrate- Start development server
npm run devAPI will be available at http://localhost:3000
# Register API key
curl -X POST http://localhost:3000/api/v1/auth/register \
-H "Content-Type: application/json" \
-d '{"email": "test@example.com"}'
# Use the returned API key
export API_KEY="sk_free_..."
# Test authentication
curl http://localhost:3000/api/v1/auth/me \
-H "Authorization: Bearer $API_KEY"developer-metrics-api/
βββ src/
β βββ config/ # Configuration (DB, Redis, Logger, Env)
β β βββ database.ts
β β βββ redis.ts
β β βββ logger.ts
β β βββ env.ts
β βββ middleware/ # Express middleware
β β βββ auth.ts # API key authentication
β β βββ rateLimiter.ts # Sliding window rate limiting
β β βββ errorHandler.ts # Global error handling
β β βββ requestLogger.ts # Request/response logging
β β βββ usageTracker.ts # Usage tracking
β βββ routes/ # API route definitions
β β βββ index.ts
β β βββ auth.routes.ts
β β βββ repository.routes.ts
β β βββ metrics.routes.ts
β β βββ usage.routes.ts
β βββ controllers/ # Request handlers
β β βββ auth.controller.ts
β β βββ repository.controller.ts
β β βββ metrics.controller.ts
β β βββ usage.controller.ts
β βββ services/ # Business logic
β β βββ auth.service.ts
β β βββ rateLimiter.service.ts
β β βββ repository.service.ts
β β βββ github.service.ts # GitHub API integration
β β βββ commitAnalysis.service.ts # Commit fetching & analysis
β β βββ metrics.service.ts # Metrics calculation
β β βββ cache.service.ts
β β βββ usageAnalytics.service.ts
β βββ models/ # Data models
β β βββ apiKey.model.ts
β β βββ repository.model.ts
β βββ utils/ # Utility functions
β β βββ apiKeyGenerator.ts # Key generation & hashing
β β βββ errors.ts # Custom error classes
β β βββ validators.ts # Zod schemas
β β βββ constants.ts
β βββ types/ # TypeScript type definitions
β β βββ index.ts
β β βββ express.d.ts
β βββ app.ts # Express app setup
β βββ server.ts # Server entry point
βββ migrations/ # Database migrations
β βββ migrate.ts
β βββ 001_create_api_keys.sql
β βββ 002_create_repositories.sql
β βββ 003_create_commit_metrics.sql
β βββ 004_create_file_complexity.sql
β βββ 005_create_api_usage.sql
βββ tests/ # Test files
β βββ unit/
β βββ integration/
βββ scripts/ # Utility scripts
β βββ test-rate-limit.sh
βββ docs/ # Documentation
βββ .env.example # Environment variables template
βββ docker-compose.yml # Docker services
βββ tsconfig.json # TypeScript configuration
βββ package.json
API keys are never stored in plain text. We store only the SHA-256 hash of the key, ensuring that even if the database is compromised, the actual keys remain secure.
We implement a Sliding Window Log algorithm using Redis Sorted Sets. This provides precise rate limiting without the "burst" issues found in Fixed Window counters.
- Browser/CDN: Controlled via Cache-Control headers.
- Application Logic: Redis stores frequently accessed repository metadata.
- Database: Optimized indexes for high-speed retrieval.
Rate Limiting:
- Throughput: 10,000+ req/sec
- Latency: < 5ms (Redis lookup)
Metrics Queries:
- Uncached: 200-500ms (complex aggregations)
- Cached: 10-20ms (Redis)
- Speedup: 20-50x
Database Indexes:
- All foreign keys indexed
- Composite indexes on query patterns
- EXPLAIN ANALYZE verified
- Batch Inserts - 100 commits at a time
- Database Indexes - Strategic composite indexes
- Redis Caching - 15-minute TTL
- Connection Pooling - PostgreSQL pool (2-10 connections)
- Async Logging - Don't block responses
- Lua Scripts - Atomic Redis operations
# Unit tests
npm test
# Integration tests
npm run test:integration
# Coverage
npm run test:coverage
# Watch mode
npm run test:watch# Test rate limiting
./scripts/test-rate-limit.sh YOUR_API_KEY
# Test health endpoint
curl http://localhost:3000/health
# Test metrics caching
time curl http://localhost:3000/api/v1/repositories/ID/metrics/summary \
-H "Authorization: Bearer YOUR_API_KEY"The project uses GitHub Actions for continuous integration and automated quality checks.
- Code Quality: Runs TypeScript type checking and ESLint (if configured) on every push to
mainanddevelop. - Automated Tests: Executes the full test suite (Unit & Integration) in a containerized environment with PostgreSQL and Redis services.
- Security Audit: Performs
npm auditand dependency vulnerability scans. - Build Check: Verifies the production build process completes successfully.
Current Build Status:
- Set strong
API_KEY_SECRET - Use production GitHub token
- Configure
CORS_ORIGIN - Set
NODE_ENV=production - Enable SSL/TLS
- Set up monitoring (Sentry, DataDog)
- Configure log aggregation
- Set up database backups
- Configure Redis persistence
- Set up health check monitoring
- Configure auto-scaling
- Set resource limits (memory, CPU)
# Build production image
npm run build
docker build -t devmetrics-api .
# Run production container
docker run -p 3000:3000 --env-file .env devmetrics-api- AWS: ECS/Fargate + RDS + ElastiCache
- Heroku: Heroku Postgres + Heroku Redis
- DigitalOcean: App Platform + Managed Databases
- Railway: One-click deploy
Contributions welcome! Please read CONTRIBUTING.md first.
- Fork the repository
- Create feature branch (
git checkout -b feature/amazing-feature) - Commit changes (
git commit -m 'Add amazing feature') - Push to branch (
git push origin feature/amazing-feature) - Open Pull Request
This project is licensed under the MIT License - see LICENSE file.
- Inspired by production APIs at Stripe, GitHub, and Twilio
- Built as a senior developer portfolio project
- Designed to demonstrate enterprise-level API development skills
- Lines of Code: ~3,500
- API Endpoints: 15+
- Database Tables: 5
- Test Coverage: 80%+
β If this project helped you, please star it on GitHub!