Back to Portfolio
completed

Enterprise-Ready RESTful API Core with JWT Auth

2026-04-08 to 2026-05-13·Completed

Live Demo

What problem was solved

Developed a secure, transaction-safe backend API that orchestrates user authentication, role-based permissions (for customers, providers, and admins), and service booking workflows. It resolves critical backend challenges around stateless session security (JWT + logout blacklist), database schema integrity (via versioned migrations), and API integration reliability (via Swagger UI documentation and extensive JUnit testing).

Note: Built to run seamlessly on a local H2 in-memory database for testing and development, or PostgreSQL for production.

Key Features

  • Stateless JWT Authentication & Secure Password Hashing
  • Session Invalidation via Token Blacklisting on Logout
  • Role-Based Access Control (RBAC) for Admin, Provider, and Customer roles
  • Transactional Booking Engine with Status Workflows (Accept/Reject/Cancel)
  • Dispute Resolution and Booking Conflict Management System
  • Multi-parameter Search and Filter endpoints for service listings
  • Paginated News Feed and Notification Delivery systems
  • Version-controlled Database Schema Migrations using Flyway
  • Automated Unit and Integration Testing with Mockito and JUnit 5
  • Containerized Multi-stage Build configurations using Docker & Docker Compose
  • Interactive API Documentation and Testing Console via Swagger UI/OpenAPI

Project Outcome

Production-Ready Backend Engine: Delivered a highly secure, containerized RESTful API that handles user permissions, transactional bookings, and search filters with zero-downtime database migrations. High Performance & Security: Secured endpoint requests with custom JWT auth and a session blacklist system, keeping latency low through local in-memory caching and request rate-limiting. Fully Tested & Documented Codebase: Achieved robust system reliability via a comprehensive JUnit/Mockito automated test suite and provided an interactive API playground (Swagger UI) for seamless client integration.

Challenges

Stateless Session Invalidation: Overcoming the limitation of stateless JWTs by designing a custom token blacklist system to support secure user logouts. Transactional State Safety: Mitigating race conditions and maintaining database consistency across multi-step booking states (e.g., booking approvals, rejections, and disputes). Database Migration Alignment: Managing incremental database schema changes and relationships (FK constraints) across development and production environments using version-controlled Flyway scripts.

Project Media

Enterprise-Ready RESTful API Core with JWT Auth media 1
Enterprise-Ready RESTful API Core with JWT Auth media 2
Enterprise-Ready RESTful API Core with JWT Auth media 3
Enterprise-Ready RESTful API Core with JWT Auth media 4
Enterprise-Ready RESTful API Core with JWT Auth media 5
Enterprise-Ready RESTful API Core with JWT Auth media 6
Enterprise-Ready RESTful API Core with JWT Auth media 7

Team members

Nebiyu MuluadamAbel Tadesse

Technologies Used

Bucket4jCaffeineBCryptJaCoCoJava 21 and Spring Boot 3.xFlywayJWT Filter ChainMockitoJUnit 5

Technical Architecture

Presentation Layer (Controllers): REST Controllers expose secured endpoints, handle path parameters, and validate incoming requests using JSR-380 validation (@Valid). Business Logic Layer (Services): Transactional services (@Transactional) process business rules, handle exception propagation, and perform DTO mappings. Data Access Layer (Repositories): Spring Data JPA repositories abstract query execution over a PostgreSQL/H2 database.

Project Integrity

All source code and architectural documentation for this project are maintained under version control. Technical walkthroughs are available upon formal request.