A production-ready, fully-featured E-Commerce RESTful API built with Django REST Framework. This project demonstrates clean architecture, secure authentication, real payment processing with Stripe, and follows industry best practices for building scalable backend services.
๐ก Project idea & description from roadmap.sh โ E-Commerce API
- Overview
- Key Features
- Architecture & Design Patterns
- Tech Stack
- Project Structure
- Database Schema
- API Endpoints
- Getting Started
- Environment Variables
- Current Limitations
- Future Work
- Contributing
This project is a backend API for an e-commerce platform that handles the full shopping lifecycle โ from user registration and product browsing, to cart management, order placement, and payment processing via Stripe.
It is designed with a service-oriented architecture that separates business logic from API views and data access, making the codebase maintainable, testable, and easy to extend.
| Capability | Description |
|---|---|
| ๐ User Authentication | Register, login, logout, change password with JWT (access + refresh tokens) |
| ๐ช Cookie-Based Auth | Optional HTTP-only cookie delivery for frontend SPAs |
| ๐ฆ Product Management | Full CRUD for products, categories, and product images |
| ๐ Shopping Cart | Add/update/remove items, automatic price snapshots |
| ๐ Order Processing | Place orders from cart with stock validation and deduction |
| ๐ณ Stripe Payments | Create payment intents, confirm payments, handle webhooks |
| ๐ Webhook Handling | Secure Stripe webhook integration for real-time payment status updates |
| ๐ Auto-Generated Docs | Interactive Swagger UI via drf-spectacular |
| ๐ Filtering & Search | Filter products by category, search by name, order by price/date |
| ๐ Pagination | Consistent paginated responses across all list endpoints |
- Service Layer Pattern โ All business logic lives in dedicated
services.pyfiles, not in views - Selector Layer Pattern โ Data retrieval logic is separated into
selectors.pyfiles - Thin Views โ API views only handle request/response, delegating logic to services
- Modular Apps โ Each domain (accounts, products, cart, orders, payments) is a self-contained Django app
- JWT Authentication with access/refresh token rotation
- Token Blacklisting โ Refresh tokens are blacklisted after rotation to prevent reuse
- HTTP-Only Cookie Support โ Secure cookie-based token delivery for browser clients
- Password Validation โ Django's built-in password validators (similarity, minimum length, common passwords, numeric)
- Stripe Webhook Signature Verification โ All webhook events are cryptographically verified
- CORS Configuration โ Separate dev/prod CORS settings
- Environment Variables โ All secrets are loaded from
.envfiles, never hardcoded
- Stripe Integration โ Full payment flow with PaymentIntent API
- Idempotency Keys โ Prevents duplicate charges on retry
- Multi-Currency Support โ Handles both standard and zero-decimal currencies
- Automatic Stock Restoration โ Stock is restored if payment fails or is cancelled
- Webhook-Driven Status Updates โ Payment status is synced in real-time via Stripe webhooks
- Category-Based Organization โ Products are organized by categories with slug-based URLs
- Stock Management โ Automatic stock deduction on order placement
- Product Images โ Support for multiple images per product with primary image flag
- Active/Inactive Products โ Soft visibility control for products
- Price Snapshots โ Cart items and order items store the price at the time of addition (protects against price changes)
- Cart-to-Order Conversion โ Seamless checkout flow from cart to order with stock validation
- Order Status Tracking โ Full lifecycle: Pending โ Processing โ Shipped โ Delivered / Cancelled
- Unique Constraints โ Prevents duplicate products in the same cart or order
- Split Settings โ Separate
base.py,dev.py, andprod.pysettings for different environments - Swagger/OpenAPI Docs โ Auto-generated interactive API documentation at
/api/docs/ - Consistent Error Responses โ Standardized error format across all endpoints
- Custom User Model โ Email-based authentication (no username)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Client (Frontend / Mobile) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโ
โ HTTP Request
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Django REST Framework โ
โ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โ
โ โ Views โโ โ Services โโ โ Selectors โ โ
โ โ (API) โ โ (Business โ โ (Data Access) โ โ
โ โ โ โ Logic) โ โ โ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โ
โ โ โ โ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โ
โ โSerializersโ โ Models โโโโ Database โ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Stripe Payment Gateway โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
| Layer | Responsibility | File |
|---|---|---|
| Views | Handle HTTP requests/responses, authentication, permissions | api/views.py |
| Serializers | Validate input, serialize output | api/serializers.py |
| Services | Business logic, orchestration, transactions | services.py |
| Selectors | Read-only data queries and retrieval | selectors.py |
| Models | Database schema, field definitions | models.py |
| Technology | Purpose |
|---|---|
| Python 3.14 | Programming Language |
| Django 6.0 | Web Framework |
| Django REST Framework 3.16 | REST API Framework |
| PostgreSQL | Relational Database |
| SimpleJWT | JWT Authentication |
| Stripe | Payment Processing |
| drf-spectacular | OpenAPI/Swagger Documentation |
| django-filter | Advanced Filtering |
| django-cors-headers | Cross-Origin Resource Sharing |
| python-dotenv | Environment Variable Management |
| psycopg2 | PostgreSQL Adapter |
ecommerce-api-drf/
โ
โโโ config/ # Project configuration
โ โโโ settings/
โ โ โโโ base.py # Common settings
โ โ โโโ dev.py # Development settings (DEBUG, CORS *)
โ โ โโโ prod.py # Production settings (security, SSL)
โ โโโ urls.py # Root URL configuration
โ โโโ wsgi.py
โ โโโ asgi.py
โ
โโโ apps/
โ โโโ accounts/ # User authentication & management
โ โ โโโ models.py # CustomUser (email-based auth)
โ โ โโโ services.py # Registration, login, token logic
โ โ โโโ selectors.py # User queries
โ โ โโโ api/
โ โ โโโ views.py
โ โ โโโ serializers.py
โ โ โโโ urls.py
โ โ
โ โโโ products/ # Products & categories
โ โ โโโ models.py # Product, Category, ProductImage
โ โ โโโ services.py # CRUD operations
โ โ โโโ selectors.py # Filtering, search queries
โ โ โโโ api/
โ โ โโโ views.py
โ โ โโโ serializers.py
โ โ โโโ urls.py
โ โ
โ โโโ cart/ # Shopping cart
โ โ โโโ models.py # Cart, CartItem
โ โ โโโ services.py # Add/update/remove items
โ โ โโโ selectors.py # Cart queries
โ โ โโโ api/
โ โ โโโ views.py
โ โ โโโ serializers.py
โ โ โโโ urls.py
โ โ
โ โโโ orders/ # Order management
โ โ โโโ models.py # Order, OrderItem
โ โ โโโ services.py # Order placement, status updates
โ โ โโโ selectors.py # Order queries
โ โ โโโ api/
โ โ โโโ views.py
โ โ โโโ serializers.py
โ โ โโโ urls.py
โ โ
โ โโโ payments/ # Stripe payment processing
โ โโโ models.py # Payment model
โ โโโ services.py # Stripe integration, webhooks
โ โโโ selectors.py # Payment queries
โ โโโ api/
โ โโโ views.py
โ โโโ serializers.py
โ โโโ urls.py
โ
โโโ API_DOCUMENTATION.md # Comprehensive API docs
โโโ requirements.txt
โโโ manage.py
โโโ README.md
โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ
โ CustomUser โ โ Category โ โ ProductImage โ
โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ
โ email (PK) โ โ name โ โ image_url โ
โ first_name โ โ slug (unique)โ โ is_primary โ
โ last_name โ โ created_at โ โ product (FK) โ
โ password โ โ updated_at โ โ created_at โ
โ is_active โ โโโโโโโโฌโโโโโโโโ โโโโโโโโฌโโโโโโโโ
โ is_staff โ โ 1:N โ N:1
โ date_joined โ โโโโโโโโดโโโโโโโโ โโโโโโโโดโโโโโโโโ
โโโโโโโโฌโโโโโโโโ โ Product โโโโโโโ Product โ
โ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ
โ โ name โ
โ 1:N โ slug (unique)โ
โ โ description โ
โโโโโโโโดโโโโโโโโ โ price โ
โ Cart โ โ stock_qty โ
โโโโโโโโโโโโโโโโ โ is_active โ
โ user (FK) โ โ category(FK) โ
โ created_at โ โโโโโโโโฌโโโโโโโโ
โ updated_at โ โ
โโโโโโโโฌโโโโโโโโ โ
โ 1:N โ
โโโโโโโโดโโโโโโโโ โ
โ CartItem โโโโโโโโโโโโโโ N:1
โโโโโโโโโโโโโโโโ
โ cart (FK) โ
โ product (FK) โ
โ quantity โ
โ price_snap โ
โโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ
โ Order โ โ OrderItem โ โ Payment โ
โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ
โ user (FK) โโโโ โ order (FK) โ โ order (1:1) โ
โ status โ โโโโ product (FK) โ โ stripe_id โ
โ total_amount โ โ quantity โ โ status โ
โ ship_address โ โ price_snap โ โ amount โ
โ created_at โ โ created_at โ โ currency โ
โ updated_at โ โโโโโโโโโโโโโโโโ โ client_secretโ
โโโโโโโโโโโโโโโโ โ created_at โ
โโโโโโโโโโโโโโโโ
| Method | Endpoint | Description | Auth |
|---|---|---|---|
POST |
/auth/register/ |
Create a new account | โ |
POST |
/auth/login/ |
Login & get JWT tokens | โ |
POST |
/auth/logout/ |
Blacklist refresh token | โ |
POST |
/auth/token/refresh/ |
Refresh access token | โ |
POST |
/auth/change-password/ |
Change password | โ |
GET |
/auth/me/ |
Get current user profile | โ |
PATCH |
/auth/me/ |
Update current user profile | โ |
| Method | Endpoint | Description | Auth |
|---|---|---|---|
GET |
/products/ |
List all products (filterable, searchable) | โ |
POST |
/products/ |
Create a product | โ Admin |
GET |
/products/{slug}/ |
Get product details | โ |
PUT/PATCH |
/products/{slug}/ |
Update a product | โ Admin |
DELETE |
/products/{slug}/ |
Delete a product | โ Admin |
GET |
/products/categories/ |
List all categories | โ |
POST |
/products/categories/ |
Create a category | โ Admin |
| Method | Endpoint | Description | Auth |
|---|---|---|---|
GET |
/cart/ |
Get current user's cart | โ |
POST |
/cart/items/ |
Add item to cart | โ |
PATCH |
/cart/items/{id}/ |
Update item quantity | โ |
DELETE |
/cart/items/{id}/ |
Remove item from cart | โ |
DELETE |
/cart/clear/ |
Clear the entire cart | โ |
| Method | Endpoint | Description | Auth |
|---|---|---|---|
GET |
/orders/ |
List user's orders | โ |
POST |
/orders/ |
Place an order from cart | โ |
GET |
/orders/{id}/ |
Get order details | โ |
PATCH |
/orders/{id}/status/ |
Update order status | โ Admin |
| Method | Endpoint | Description | Auth |
|---|---|---|---|
POST |
/payments/create-intent/ |
Create Stripe PaymentIntent | โ |
POST |
/payments/confirm/ |
Confirm a payment | โ |
GET |
/payments/{id}/ |
Get payment details | โ |
POST |
/payments/webhook/ |
Stripe webhook handler | โ |
๐ For complete request/response examples, see the Full API Documentation
- Python 3.12+
- PostgreSQL
- Stripe Account (for payments)
git clone https://github.com/your-username/ecommerce-api-drf.git
cd ecommerce-api-drfpython -m venv venv
# Windows
venv\Scripts\activate
# macOS/Linux
source venv/bin/activatepip install -r requirements.txtCreate a .env file in the project root:
# Django
SECRET_KEY=your-super-secret-key
DJANGO_SETTINGS_MODULE=config.settings.dev
# Database
DB_ENGINE=django.db.backends.postgresql
DB_NAME=ecommerce_db
DB_USER=postgres
DB_PASSWORD=your_password
DB_HOST=localhost
DB_PORT=5432
# Stripe
STRIPE_SECRET_KEY=sk_test_...
STRIPE_PUBLISHABLE_KEY=pk_test_...
STRIPE_WEBHOOK_SECRET=whsec_...
STRIPE_CURRENCY=usdpython manage.py migratepython manage.py createsuperuserpython manage.py runserver- Swagger UI: http://localhost:8000/api/docs/
- Admin Panel: http://localhost:8000/admin/
| Variable | Description | Required |
|---|---|---|
SECRET_KEY |
Django secret key | โ |
DJANGO_SETTINGS_MODULE |
Settings module path (config.settings.dev or config.settings.prod) |
โ |
DB_ENGINE |
Database engine | โ |
DB_NAME |
Database name | โ |
DB_USER |
Database user | โ |
DB_PASSWORD |
Database password | โ |
DB_HOST |
Database host | โ |
DB_PORT |
Database port (default: 5432) |
โ |
STRIPE_SECRET_KEY |
Stripe secret API key | โ |
STRIPE_PUBLISHABLE_KEY |
Stripe publishable key | โ |
STRIPE_WEBHOOK_SECRET |
Stripe webhook signing secret | โ |
STRIPE_CURRENCY |
Default currency (default: usd) |
โ |
ALLOWED_HOSTS |
Comma-separated allowed hosts (prod only) | โ (prod) |
While this project demonstrates solid backend fundamentals, there are some known limitations:
| # | Limitation | Details |
|---|---|---|
| 1 | No Automated Tests | The project currently lacks unit tests and integration tests. The tests.py files exist but are empty. |
| 2 | No Email Verification | Users can register with any email without verification. No email confirmation or "forgot password" flow. |
| 3 | No Rate Limiting | API endpoints are not rate-limited, making them vulnerable to brute-force attacks. |
| 4 | No Caching Layer | No Redis/Memcached caching is implemented, which could be a bottleneck at scale. |
| 5 | No Image Upload | Product images are stored as URLs only โ no actual file upload handling (e.g., S3, Cloudinary). |
| 6 | No Logging to File | Logging is configured at a basic level without structured logging or external log management. |
| 7 | No CI/CD Pipeline | No GitHub Actions, Docker, or automated deployment setup. |
| 8 | No Docker Support | Project does not include a Dockerfile or docker-compose.yml for containerized deployment. |
| 9 | No Permission Granularity | Admin vs. regular user permissions are basic. No role-based access control (RBAC) system. |
| 10 | No Soft Deletes | Deleting a product or order permanently removes it from the database. |
| 11 | Dev Endpoint Exposed | The /auth/users/ list endpoint is for development only and should be removed before production. |
| 12 | No API Versioning | Endpoints are not versioned (e.g., /api/v1/), which can complicate future breaking changes. |
Here's the roadmap for upcoming improvements:
- ๐งช Add Comprehensive Tests โ Unit tests for services/selectors, integration tests for API endpoints using
pytestandfactory_boy - ๐ง Email Verification & Password Reset โ Implement email confirmation on registration and "forgot password" flow
- ๐ณ Docker & Docker Compose โ Containerize the application with PostgreSQL, Redis, and the Django app
- โก Redis Caching โ Add caching for product listings, categories, and frequently accessed data
- ๐ฆ Rate Limiting โ Implement throttling with DRF's built-in throttle classes or
django-ratelimit - ๐ API Versioning โ Introduce
/api/v1/prefix for all endpoints - ๐ฆ Product Variants โ Support for sizes, colors, and other product variations
- โญ Reviews & Ratings โ Allow users to review and rate products
- ๐ Elasticsearch Integration โ Full-text search with relevance scoring
- ๐ Admin Dashboard API โ Sales analytics, order statistics, revenue reports
- ๐ผ๏ธ Image Upload to S3/Cloudinary โ Replace URL-based images with actual file uploads
- ๐ฑ Push Notifications โ Order status change notifications
Contributions are welcome! If you'd like to contribute:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Built with โค๏ธ using Django REST Framework
๐ API Docs โข
๐ Get Started โข
๐ฎ Roadmap