A modern, scalable e-commerce API built with .NET Core 8, implementing industry best practices and cloud-ready architecture.
erDiagram
ApplicationUser ||--o| Customer : has
ApplicationUser ||--o| Admin : has
Customer ||--|{ Address : has
Customer ||--|{ Order : places
Customer ||--|{ Review : writes
Customer ||--|{ Wishlist : has
Product ||--|{ ProductCategory : has
Product ||--|{ ProductVariant : has
Product ||--|{ ProductImage : has
Product ||--|{ Review : receives
Product ||--o{ Wishlist : in
Category ||--|{ ProductCategory : contains
Category ||--o{ Category : has
Order ||--|{ OrderItem : contains
Order ||--|| Payment : has
Order ||--o| Coupon : uses
Order ||--|| Address : ships_to
OrderItem ||--|| Product : references
OrderItem ||--o| ProductVariant : may_have
ProductVariant ||--|{ ProductImage : has
ApplicationUser {
string Id PK
string FirstName
string LastName
string Email
string RefreshToken
datetime CreatedAt
datetime UpdatedAt
}
Customer {
int CustomerId PK
string ApplicationUserId FK
datetime LastPurchaseDate
string ProfilePictureUrl
string Gender
string Language
}
Admin {
int AdminId PK
string ApplicationUserId FK
string Position
}
Product {
int ProductId PK
string Name
string Description
decimal Price
decimal CompareAtPrice
string Status
datetime CreatedAt
}
Category {
int CategoryId PK
int ParentCategoryId FK
string Name
string Description
string ImageUrl
boolean IsActive
}
Order {
int OrderId PK
int CustomerId FK
string OrderNumber
string Status
decimal Total
int ShippingAddressId FK
int CouponId FK
datetime CreatedAt
}
Payment {
int PaymentId PK
int OrderId FK
string PaymentMethod
decimal Amount
string Status
}
Coupon {
int CouponId PK
string Code
string DiscountType
decimal DiscountValue
boolean IsActive
}
Review {
int ReviewId PK
int ProductId FK
int CustomerId FK
int OrderId FK
int Rating
string Title
string Content
}
ProductVariant {
int VariantId PK
int ProductId FK
string Name
decimal Price
int InventoryQuantity
}
- .NET Core 8 / C# 12
- Entity Framework Core
- CQRS with MediatR Pattern
- Unit of Work & Generic Repository Pattern
- JWT Authentication
- ASP.NET Core Identity
- Role-based Authorization
- Fluent API
- Fluent Validation
- AutoMapper
- Docker Containerization
- AWS RDS (Production Database)
- AWS S3 & CloudFront CDN (Image Storage)
- AWS Secrets Manager (Production Secrets)
- AWS ECR (Docker Repository)
- AWS ECS (Container Orchestration)
- AWS CloudWatch (Production Logging)
- Email Service Integration
- Swagger Documentation
- Pagination Implementation
- Filter Implementation
- Specification Pattern
- Unified API Response Structure
- Global Error Handling
- Image Processing (SixLabors.ImageSharp)
- Development/Production Environment Configurations
- User Secrets (Development)
- Seq Logging (Development)
- SQL Server (Development Database)
- Rate Limiting
- Localization (Arabic + English)
- Google Authentication
- Stripe Payment Integration
- Notification System
- Redis Caching
- CI/CD Pipeline
- Unit Testing
ECommerceApi/
├── ECommerceApi.Api/ # API Layer - Main application entry point
│ ├── Controllers/ # API endpoints controllers
│ ├── Configuration/ # API-specific configurations
│ ├── View/ # View models and DTOs specific to API
│ ├── ResponseExample/ # Example responses for documentation
│ ├── Properties/ # Project properties
│ ├── appsettings.json # Main configuration file
│ ├── appsettings.Development.json # Development environment settings
│ ├── appsettings.Production.json # Production environment settings
│ ├── Program.cs # Application startup configuration
│ └── ECommerceApi.Api.csproj # API project file
│
├── ECommerceApi.Core/ # Core Layer - Business logic and domain
│ ├── Base/ # Base classes and shared components
│ │ ├── Middleware/ # Custom middleware components
│ │ │ ├── ErrorHandlerMiddleware.cs # Global error handling
│ │ │ └── ValidationBehavior.cs # Request validation behavior
│ │ └── Response/
│ │ └── Response.cs # Unified response structure
│ │
│ └── MediatrHandlers/ # CQRS handlers using MediatR
│ ├── Address/ # Address feature module
│ │ ├── AddressDto.cs # Address data transfer objects
│ │ ├── AddressMappingProfile.cs # AutoMapper profile for Address
│ │ ├── Commands/ # Command handlers for Address
│ │ │ ├── CreateAddressHandler.cs
│ │ │ ├── DeleteAddressHandler.cs
│ │ │ └── UpdateAddressHandler.cs
│ │ └── Queries/ # Query handlers for Address
│ │ ├── GetAddressByIdHandler.cs
│ │ └── GetAddressesByCustomerIdHandler.cs
│
├── ECommerceApi.Data/ # Data Layer - Domain entities and data models
│ ├── Entities/ # Domain entities
│ │ ├── Address.cs
│ │ ├── Admin.cs
│ │ ├── ApplicationUser.cs
│ │ ├── Category.cs
│ │ ├── Coupon.cs
│ │ ├── Customer.cs
│ │ ├── Order.cs
│ │ ├── OrderItem.cs
│ │ ├── Payment.cs
│ │ ├── Product.cs
│ │ ├── ProductCategory.cs
│ │ ├── ProductImage.cs
│ │ ├── ProductVariant.cs
│ │ ├── Review.cs
│ │ └── Wishlist.cs
│ └── Options/ # Configuration options classes
│ ├── AppOptions.cs
│ ├── ImageProcessingOptions.cs
│ └── SecretOptions.cs
│
├── ECommerceApi.Infrastructure/ # Infrastructure Layer
│ ├── Base/ # Base infrastructure components
│ │ ├── Specifications/ # Specification pattern implementation
│ │ │ ├── BaseSpecification.cs
│ │ │ ├── ISpecification.cs
│ │ │ └── SpecificationEvaluator.cs
│ │ ├── GenericRepository.cs # Generic repository implementation
│ │ ├── IGenericRepository.cs # Generic repository interface
│ │ ├── IUnitOfWork.cs # Unit of work interface
│ │ └── UnitOfWork.cs # Unit of work implementation
│ ├── Context/ # Database context
│ │ └── ApplicationDbContext.cs
│ ├── Configurations/ # Entity configurations
│ ├── Migrations/ # Database migrations
│ └── ModuleInfrastructureDependencies.cs # Infrastructure DI setup
│
├── ECommerceApi.Service/ # Service Layer
│ ├── Base/ # Base service components
│ │ ├── AuthResult.cs # Authentication result model
│ │ └── PaginationList.cs # Pagination implementation
│ ├── IService/ # Service interfaces
│ ├── Service/ # Service implementations
│ ├── Specification/ # Business specifications
│ └── ModuleServiceDependencies.cs # Service DI setup
│
├── Dockerfile # Docker configuration
└── docker-compose.yml # Docker compose configuration
- .NET Core SDK 8.0
- SQL Server
- Docker (optional)
- AWS Account (for production deployment)
- Gmail Account (for email service)
The project uses user secrets for managing sensitive configuration. To set up your development environment:
- Initialize user secrets
cd ECommerceApi.Api
dotnet user-secrets init- Add the following secrets configuration
{
"Secrets": {
"ConnectionStrings": {
"DefaultConnection": "Data Source=YOUR_SERVER;Database=ECommerceApiDB;Integrated Security=True;Trust Server Certificate=True"
},
"EmailSettings": {
"Host": "smtp.gmail.com",
"Port": 587,
"UserName": "your.email@gmail.com",
"Password": "your-app-specific-password"
},
"JWT": {
"Key": "your-secret-key-min-16-characters",
"Issuer": "SecureApi",
"Audience": "SecureApiUser",
"AccessTokenExpirationMinutes": 30
},
"AWS": {
"AccessKey": "your-aws-access-key",
"SecretKey": "your-aws-secret-key",
"BucketName": "your-bucket-name",
"Region": "your-aws-region",
"CloudFrontDomain": "your-cloudfront-domain"
}
}
}- Important Security Notes
- Never commit actual secrets to source control
- Use app-specific passwords for Gmail
- Rotate AWS access keys regularly
- Use strong JWT keys (minimum 16 characters)
- In production, use AWS Secrets Manager or similar service
- Email Service Setup
- Enable 2-Step Verification in your Gmail account
- Generate an App Password:
- Go to Google Account Settings
- Security
- 2-Step Verification
- App Passwords
- Generate new app password for 'Mail'
- AWS Setup
- Create an AWS IAM user with appropriate permissions
- Create an S3 bucket with the specified name
- Set up CloudFront distribution for the S3 bucket
- Configure CORS policy for the S3 bucket
- Clone the repository
git clone https://github.com/yourusername/ECommerceApi.git
cd ECommerceApi-
Configure Development Settings
Create
appsettings.Development.json,appsettings.Production.jsonin the ECommerceApi.Api directory:{ "Serilog": { "MinimumLevel": { "Default": "Debug", "Override": { "Microsoft": "Information", "Microsoft.Hosting.Lifetime": "Information", "Microsoft.EntityFrameworkCore": "Information" } }, "WriteTo": [ { "Name": "Seq", "Args": { "serverUrl": "http://localhost:5341" } } ], "Enrich": [ "FromLogContext", "WithMachineName", "WithThreadId", "WithExceptionDetails" ] }, "Secrets": { "AppUrl": "http://localhost:5218", "ConnectionStrings": { "DefaultConnection": "Data Source=YOUR_SERVER;Database=ECommerceApiDB;Integrated Security=True;Trust Server Certificate=True" }, "EmailSettings": { "Host": "smtp.gmail.com", "Port": 587, "UserName": "your.email@gmail.com", "Password": "your-app-specific-password" }, "JWT": { "Key": "your-secret-key-min-32-characters", "Issuer": "SecureApi", "Audience": "SecureApiUser", "AccessTokenExpirationMinutes": 30 }, "AWS": { "AccessKey": "your-aws-access-key", "SecretKey": "your-aws-secret-key", "BucketName": "your-bucket-name", "Region": "your-aws-region", "CloudFrontDomain": "your-cloudfront-domain" } } }
3Set up the database
cd ECommerceApi.Api
dotnet ef database update- Run the application
dotnet runThe API will be available at https://localhost:5001
- Build the Docker image
docker build -t ecommerce-api .- Run with Docker Compose
docker-compose up -dThe API uses JWT Bearer token authentication. To access protected endpoints:
- Register a new user at
POST /api/auth/register - Login at
POST /api/auth/loginto receive a JWT token - Include the token in the Authorization header:
Bearer {token}
Detailed API documentation is available through Swagger UI at /swagger when running the application.
- 🛍️ Products
- 👤 Users/Customers
- 📦 Orders
- 🏷️ Categories
- 💳 Payments
- 📝 Reviews
- JWT token-based authentication
- Role-based access control
- Password hashing with ASP.NET Core Identity
- HTTPS enforcement
- Cross-Origin Resource Sharing (CORS) configuration
- Input validation using Fluent Validation
- Protection against common web vulnerabilities
-
Configure AWS Credentials
- Set up AWS CLI
- Configure credentials for ECR, ECS, and other services
-
Database Migration
dotnet ef database update --connection "production-connection-string" -
Push Docker Image
aws ecr get-login-password --region region | docker login --username AWS --password-stdin aws_account_id.dkr.ecr.region.amazonaws.com docker build -t ecommerce-api . docker tag ecommerce-api:latest aws_account_id.dkr.ecr.region.amazonaws.com/ecommerce-api:latest docker push aws_account_id.dkr.ecr.region.amazonaws.com/ecommerce-api:latest
-
Deploy to ECS
- Update task definition
- Update ECS service
- Follow C# coding conventions
- Use meaningful names for variables, methods, and classes
- Write XML documentation for public APIs
- Keep methods small and focused
- Use SOLID principles
- Create feature branch from
development - Make changes and commit with meaningful messages
- Open pull request to
development - Code review and approval
- Merge to
development - Regular releases to
main
- Seq logging dashboard available at
http://localhost:5341 - Detailed exception logging
- Request/Response logging
- AWS CloudWatch logs
- Performance metrics
- Error tracking
- Resource utilization monitoring
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
For support, email abdalla.hassanin.2000@gmail.com or create an issue in the GitHub repository.
- ASP.NET Core Documentation
- Entity Framework Core
- AWS Documentation
- All contributors who have helped this project grow
Made with ❤️ by [Abdalla Hassanin]