2. Order and Product APIs

Create a RESTful API for a store. The API should have two main resources: product and order.

flowchart LR
    subgraph api [Trusted Layer]
        direction TB
        gateway --> account
        gateway --> auth
        account --> db@{ shape: cyl, label: "Database" }
        auth --> account
        gateway --> exchange
        gateway e5@==> product:::red
        gateway e6@==> order:::red
        product e2@==> db
        order e3@==> db
        order e4@==> product
    end
    exchange --> 3partyapi@{label: "3rd-party API"}
    internet e1@==>|request| gateway
    e1@{ animate: true }
    e2@{ animate: true }
    e3@{ animate: true }
    e4@{ animate: true }
    e5@{ animate: true }
    e6@{ animate: true }
    classDef red fill:#fcc
    click product "#product-api" "Product API"
    click order "#order-api" "Order API"

Attention

To consume the API, the user must be authenticated.

Product API

The API should have the following endpoints:

POST /product

Create a new product.

RequestResponse

{
    "name": "Tomato",
    "price": 10.12,
    "unit": "kg"
}

{
    "id": "0195abfb-7074-73a9-9d26-b4b9fbaab0a8",
    "name": "Tomato",
    "price": 10.12,
    "unit": "kg"
}

Response code: 201 (created)

GET /product

Get all products.

Response

[
    {
        "id": "0195abfb-7074-73a9-9d26-b4b9fbaab0a8",
        "name": "Tomato",
        "price": 10.12,
        "unit": "kg"
    },
    {
        "id": "0195abfe-e416-7052-be3b-27cdaf12a984",
        "name": "Cheese",
        "price": 0.62,
        "unit": "slice"
    }
]

Response code: 200 (ok)

GET /product/{id}

Get a product by its ID.

Response

{
    "id": "0195abfb-7074-73a9-9d26-b4b9fbaab0a8",
    "name": "Tomato",
    "price": 10.12,
    "unit": "kg"
}

Response code: 200 (ok)

DELETE /product/{id}

Delete a product by its ID.

Response code: 204 (no content)

Order API

POST /order

Create a new order for the current user.

RequestResponse

{
    "items": [
        {
            "id": "0195abfb-7074-73a9-9d26-b4b9fbaab0a8",
            "quantity": 2
        },
        {
            "id": "0195abfe-e416-7052-be3b-27cdaf12a984",
            "quantity": 1
        }
    ]
}

{
    "id": "0195ac33-73e5-7cb3-90ca-7b5e7e549569",
    "date": "2025-09-01T12:30:00",
    "items": [
        {
            "id": "0195abfb-7074-73a9-9d26-b4b9fbaab0a8",
            "quantity": 2,
            "total": 20.24
        },
        {
            "id": "0195abfe-e416-7052-be3b-27cdaf12a984",
            "quantity": 10,
            "total": 6.2
        }
    ],
    "total": 26.44
}

Response code: 201 (created)
Response code: 400 (bad request), if the product does not exist.

GET /order

Get all orders for the current user.

Response

[
    {
        "id": "0195ac33-73e5-7cb3-90ca-7b5e7e549569",
        "date": "2025-09-01T12:30:00",
        "total": 26.44
    },
    {
        "id": "0195ac33-cbbd-7a6e-a15b-b85402cf143f",
        "date": "2025-10-09T03:21:57",
        "total": 18.6
    }

]

Response code: 200 (ok)

GET /order/{id}

Get the order details by its ID. The order must belong to the current user., otherwise, return a 404.

Response

{
    "id": "0195ac33-73e5-7cb3-90ca-7b5e7e549569",
    "date": "2025-09-01T12:30:00",
    "items": [
        {
            "id": "0195abfb-7074-73a9-9d26-b4b9fbaab0a8",
            "quantity": 2,
            "total": 20.24
        },
        {
            "id": "0195abfe-e416-7052-be3b-27cdaf12a984",
            "quantity": 10,
            "total": 6.2
        }
    ],
    "total": 26.44
}

Response code: 200 (ok)
Response code: 404 (not found), if the order does not belong to the current user.

Additionals

Additional features are welcome, such as:

Search products by "like" name;
Authorization by role (admin, user):
- Admin can create, update, and delete products;
- User can only create orders;
Input validations;
Error handling.

Nice to have

Observability (metrics, logs), see Prometheus and Grafana;
Database In-Memory (suggestion: Product microservice), see Redis;
Swagger documentation, see SpringDoc.