This is my implementation of the https://github.com/MaisTodos/backend-python-creditcard challenge
Start application
# In terminal 1
# Setup environment variables
cp env/.env.testing-compose .env
# Run API
docker compose up
# Keep terminal 1 open
Run tests
# In terminal 2
docker compose exec api make test
Stop application
# Ctrl-C on terminal 1 OR
docker compose stop # On terminal 2
Cleanup
docker compose down
- Create a user to access the protected endpoints
- Access http://0.0.0.0:8000/docs#/Users/create_user_endpoint_users__post
- Click
Try it out
- Paste
{ "username": "admin", "password": "admin" }
underRequest body
input - Click
Execute
- Get authentication to access the endpoints:
- Go to page top
- Click
Authorize
- Type
admin
in bothusername
andpassword
inputs - Click
Authorize
and thenClose
- Your authentication is set
- Choose any Card endpoint to play with, for instance List Cards
- Since there is no card created it will return an empty array
- Try to create different cards using the
POST
endpoint - Try to create invalid cards bypassing the validations. TIP: go to page end and look for
CreateCard
underSchemas
I decided to use FastAPI due to its simplicity, flexibility, Pydantic native integration and performance.
I chose MongoDB because it's my favourite database and I have most dexterity with.
The entire application was configured to run inside docker compose to ensure correctness and reproducibility among different platforms. The docker-compose.yml file is configured to build the API using the Dockerfile and wires the database and the API in a network, so they can communicate without reaching the external Internet.
The application configuration was done with environment variables. I kept the JWT secret in an env var for sake of simplicity. I know it should be a compose secret.
The authentication was done using JWT tokens. It's always a challenge to set up API authentication/authorization and I used the FlaskAPI guide to get it done quickly.
If this was a more complex API that requires user permissions and a high rate of authentication/authorization requests, I would probably use an external Keycloak server for those.
- Indexed audit fields
created_at
andcreated_by
for cards. - Paginated search for cards
- Migrations to create collections and indexes
- GitHub actions to run tests