SportFlow API

Overview:

A production-ready sports eCommerce backend REST API built with FastAPI, PostgreSQL, Redis and Docker. It handles the full purchase journey, from authentication and product catalogues through to real-time inventory management, a Redis-backed cart, and an atomic checkout that creates orders and payments in a single database transaction. Particular focus was placed on data integrity, concurrency, and the security concerns that matter in a real online store. Deployed and live on Render with a Neon PostgreSQL database and an Upstash Redis instance.

Tech Stack:

Language: Python  |  Framework: FastAPI  |  Database: PostgreSQL (Neon)  |  ORM: SQLAlchemy  |  Migrations: Alembic  |  Cart / Cache: Redis (Upstash)  |  Auth: JWT  |  Password Hashing: bcrypt  |  Validation: Pydantic  |  Testing: pytest  |  Rate Limiting: slowapi  |  Containerisation: Docker  |  Deployment: Render

Key Features:

JWT authentication with role-based access control (customer and admin roles)  |  Product catalogue with a soft-delete and reactivation pattern so history is never broken  |  Per-size inventory tracked in a dedicated table  |  Race-condition-safe stock decrementing using PostgreSQL row-level locking (SELECT FOR UPDATE) so two customers cannot buy the last item at once  |  Redis-backed shopping cart for fast, temporary session data  |  Atomic checkout transaction covering order, line items, payment, stock decrement and cart clearing, all rolling back together on any failure  |  IDOR protection so customers can only ever access their own orders  |  Rate limiting on authentication endpoints to guard against brute force and user enumeration  |  Pagination on all list endpoints  |  Automated test suite with pytest running against an isolated test database  |  Deployed and live with Neon PostgreSQL and Upstash Redis on Render

Concepts Demonstrated:

REST API Design  |  JWT Authentication  |  Role-Based Access Control  |  Atomic Database Transactions  |  Race Condition Handling  |  Row-Level Locking  |  Redis  |  PostgreSQL  |  SQLAlchemy ORM  |  Alembic Migrations  |  Docker  |  docker-compose  |  Pydantic Validation  |  IDOR Protection  |  Rate Limiting  |  Automated Testing  |  Dependency Injection  |  Environment Variables  |  Cloud Deployment