T-Shirt Store Backend API

Overview

A production-ready RESTful API for an e-commerce t-shirt store built with Node.js, Express, and MongoDB. The API provides comprehensive functionality for user authentication, product management, order processing, and payment integration with Stripe and Razorpay. It features role-based access control, secure file uploads via Cloudinary, and complete Swagger documentation for easy API exploration.

Key Features

Authentication & Authorization

• JWT-based authentication with httpOnly cookies for enhanced security
• Role-based access control supporting User, Manager, and Admin roles
• Secure password hashing using bcrypt
• Password reset functionality via email tokens
• Automatic token expiry and refresh mechanisms

User Management

• User registration with profile photo upload to Cloudinary
• Secure login/logout with JWT token handling
• Forgot password and reset password flow with email notifications
• User dashboard with profile update capabilities
• Admin panel for managing all users

Product Management

• Full CRUD operations for products
• Multiple product image uploads via Cloudinary
• Product categories (shortsleeves, longsleeves, sweatshirt, hoodies)
• Advanced product search, filtering, and pagination
• Product reviews and ratings system
• Average rating calculation

Order Management

• Create and track orders with detailed information
• Order history for authenticated users
• Admin order management with status updates
• Shipping details and order item tracking
• Order status workflow (processing, shipped, delivered)

Payment Integration

• Stripe payment processing with secure payment intents
• Razorpay payment gateway integration
• Public API key exposure for frontend integration
• Payment capture and verification

Why I Built This

I wanted to create a comprehensive backend API that demonstrates best practices in:

• RESTful API architecture and design
• Secure authentication and authorization
• Third-party service integrations (payments, storage, email)
• Production-ready code with proper error handling
• API documentation for developer experience

Tech Stack

• Runtime: Node.js
• Framework: Express.js
• Database: MongoDB with Mongoose ODM
• Authentication: JWT (JSON Web Tokens)
• File Upload: Cloudinary
• Payments: Stripe, Razorpay
• Email: Nodemailer
• Documentation: Swagger/OpenAPI 3.0
• Validation: Validator.js
• Deployment: Render

Technical Highlights

RESTful API Design

Implemented clean RESTful endpoints following industry best practices with proper HTTP methods, status codes, and resource naming conventions.

JWT Authentication

Built secure authentication system using JWT tokens stored in httpOnly cookies, preventing XSS attacks while maintaining seamless user sessions.

Role-Based Access Control

Created middleware-based authorization system supporting multiple user roles (User, Manager, Admin) with granular permission controls.

Payment Gateway Integration

Integrated both Stripe and Razorpay payment gateways, handling payment intents, order capture, and webhook verification for secure transactions.

Cloudinary File Upload

Implemented robust file upload system using Cloudinary for storing product images and user profile photos with automatic optimization.

Email Service

Built email notification system using Nodemailer for password reset tokens, order confirmations, and user communications.

Swagger Documentation

Created comprehensive API documentation using Swagger/OpenAPI 3.0 specification, providing interactive testing interface for all endpoints.

Advanced Querying

Developed custom query builder supporting search, filtering, pagination, and sorting across product collections for optimal data retrieval.

Challenges & Solutions

JWT Authentication with httpOnly Cookies

Implemented secure JWT token management using httpOnly cookies to prevent XSS attacks while maintaining smooth authentication flow across requests.

Role-Based Access Control

Built flexible middleware system that checks user roles and permissions before allowing access to protected routes, supporting User, Manager, and Admin hierarchies.

Payment Gateway Integration

Successfully integrated both Stripe and Razorpay APIs, handling payment intents, webhooks, and secure transaction processing with proper error handling.

File Upload with Cloudinary

Configured Cloudinary SDK for efficient image uploads, automatic optimization, and CDN delivery of product images and user profile photos.

Email Service Implementation

Set up Nodemailer with SMTP configuration for sending password reset emails, order confirmations, and notifications with HTML templates.

API Documentation with Swagger

Created comprehensive Swagger documentation covering all endpoints, request/response schemas, authentication, and error codes for developer-friendly API exploration.

Query Filtering and Pagination

Developed custom query builder utility that handles complex search filters, pagination, and sorting while maintaining optimal database performance.

API Endpoints Overview

Authentication

• POST /api/v1/signup - Register new user
• POST /api/v1/login - User login
• GET /api/v1/logout - User logout
• POST /api/v1/forgotPassword - Request password reset
• POST /api/v1/password/reset/:token - Reset password

User Management

• GET /api/v1/userdashboard - Get current user
• POST /api/v1/userdashboard/update - Update profile
• POST /api/v1/password/update - Change password

Products

• GET /api/v1/products - Get all products with filters
• GET /api/v1/product/:id - Get single product
• PUT /api/v1/review - Add/Update review
• DELETE /api/v1/review - Delete review

Orders

• POST /api/v1/order/create - Create new order
• GET /api/v1/order/:id - Get order details
• GET /api/v1/myorder - Get user's orders

Payments

• GET /api/v1/stripekey - Get Stripe public key
• GET /api/v1/razorpaykey - Get Razorpay public key
• POST /api/v1/capturestripe - Create Stripe payment
• POST /api/v1/capturerazorpay - Create Razorpay order

Admin Routes

• Manage users, products, and orders
• Update order status and product inventory
• View all orders and user accounts

Security Best Practices

• Password hashing with bcrypt (10 rounds)
• JWT tokens stored in httpOnly cookies
• CORS configuration for allowed origins
• Input validation and sanitization
• Rate limiting to prevent abuse
• Environment variables for sensitive data
• Secure file upload validation

Problem Solved

Building a complete e-commerce backend from scratch requires understanding authentication, payments, file uploads, and database design. Many tutorials only cover pieces of this puzzle. This API provides a complete, production-ready e-commerce solution with all the integrations needed to run a real online store.

What Makes It Unique

This isn't a simple CRUD API - it integrates both Stripe and Razorpay for global payment flexibility, uses Cloudinary for optimized image delivery, includes Swagger documentation for easy exploration, and implements role-based access control with User, Manager, and Admin tiers. The comprehensive feature set makes it a blueprint for any e-commerce project.

Impact

• Backend Architecture Mastery: Learned how to structure large-scale APIs with proper middleware, error handling, and security layers
• Payment Integration Experience: Gained hands-on experience with both Stripe and Razorpay - knowledge directly applicable to freelance and professional projects
• Documentation Skills: Created thorough Swagger documentation, improving my ability to build developer-friendly APIs

Future Enhancements

• Add Redis caching for improved performance
• Implement refresh token rotation
• Add product inventory management
• Create webhook handlers for payment confirmations
• Implement real-time order tracking
• Add analytics and reporting features
• Create admin dashboard UI
• Add product recommendations engine