External Protection (Cloudflare): As shown in the diagram above, there are three main protections that Cloudflare offers:
- SSL Certification: this ensures a secure HTTPS connection which aims to prevent attackers from intercepting packets that contains access tokens or the content of the API calls.
- DDOS Protection: Thank to Cloudflare's DDOS mitigation service, this API service will be prone to these types of attacks that overloads the server with requests.
- Origin IP Hiding: The origin server's public IP will be hidden behind Cloudflare's firewall that acts as a "middle man" which takes requests from user and pass them onto the origin server. The benefit of this is that it does not expose origin server's IP which prevents many sorts of attacks.
Internal Protection (Origin Server):
- Cross-Origin Resource Sharing (CORS) headers that specifically allows only GET and POST requests to filter out invalid requests.
- Rate Limiter: rate limiting interval is based on each requests (for more detail check the endpoints section).
- API Token authentication: If this API were to be integrated to a complete online eCommerce, unique temporary tokens will be issued to user browser upon login. (Tokens will expire after every session)
- Database model tests
- Product model
- Cart model
- Token model
- RESTful endpoint tests
- This is feature is only for demonstration of security capabilities of the API, in actual production environment, access token should be returned as response from the server to the client upon user's login request.
- Token have a max life span of 3 hours (if not already invalidated through logging out)
Access Endpoint: GET /getAccessToken
Sample Request: Simply visit /getAccessToken endpoint
Corresponding Sample Response:
{
"response": "4b802b8328f462042463d0b4f46052c9421d712b059256cd"
}
- This is feature is only for demonstration of security capabilities of the API, in actual production environment, token will be automatically invalidated upon logout request
Access Endpoint: GET /invalidateAccessToken
Sample Request: Simply visit /invalidateAccessToken endpoint
Corresponding Sample Response:
{
"response": "INVALIDATION_SUCCESS"
}
Access Endpoint: POST /retrieveProducts
Argument | Type | Example | Explanation |
---|---|---|---|
availableInventoryOnly | boolean | "availableInventoryOnly": "true" |
Only return products that have inventory count > 0 |
all | boolean | "all": "true" |
This will return all products |
products | array | "products":["blue_shirt", "red_shirt"] |
Returns a list of product information based on the input (which is a list of product ids) |
Sample Request:
{
"availableInventoryOnly": "false",
"products":[
"blue_shirt",
"red_shirt"
]
}
Corresponding Sample Response:
[
{
"title": "Blue Shirt",
"price": "1000.00",
"inventory_count": 10,
"product_id": "blue_shirt"
},
{
"title": "Red Shirt",
"price": "100.00",
"inventory_count": 35,
"product_id": "red_shirt"
}
]
Access Endpoint: GET /createCart
Sample Request: Simply visit /createCart endpoint
Corresponding Sample Response:
{
"response": "7cc41f04-df61-4a85-8e0d-4decdd2c1a2e"
}
Access Endpoint: POST /modifyCart
Argument | Type | Example | Explanation |
---|---|---|---|
cart_id | string | "cart_id": "7cc41f04-df61-4a85-8e0d-4decdd2c1a2e" |
This is a mandatory field that identifies which cart is being modified |
items | array | "items":[{"action": "add", "product_id": "red_shirt", "quantity": 10}] |
This array contains a list of actions for each specified items |
Table for item action
Argument | Type | Example | Explanation |
---|---|---|---|
action | string | "action": "add" or "action": "remove" |
This mandatory field specify the action to be performed |
product_id | string | "product_id": "red_shirt" |
Specifies the product id of the target product |
Sample Request:
{
"cart_id": "7cc41f04-df61-4a85-8e0d-4decdd2c1a2e",
"items": [
{
"action": "add",
"product_id": "red_shirt",
"quantity": 10
},
{
"action": "remove",
"product_id": "blue_shirt",
"quantity": 1
}
]
}
Corresponding Sample Response:
[
{
"items": [
"red_shirt",
"blue_shirt"
],
"item_quantities": [
"13",
"1"
],
"cost": "2300.00",
"cart_id": "7cc41f04-df61-4a85-8e0d-4decdd2c1a2e"
}
]
Access Endpoint: POST /checkoutCart
Sample Request:
{
"cart_id": "7cc41f04-df61-4a85-8e0d-4decdd2c1a2e"
}
Corresponding Sample Response:
[
{
"items": [
"red_shirt",
"blue_shirt"
],
"item_quantities": [
"13",
"1"
],
"cost": "2300.00",
"cart_id": "7cc41f04-df61-4a85-8e0d-4decdd2c1a2e"
}
]
Access Endpoint: POST /discardCart
Sample Request:
{
"cart_id": "7cc41f04-df61-4a85-8e0d-4decdd2c1a2e"
}
Corresponding Sample Response:
{
"response": "REMOVED"
}