Skip to content

ShivamMathtech/Food-Delivery-Enterprise-API-

Repository files navigation

Food Delivery Enterprise API — FastAPI

A production-oriented modular monolith backend for a food-delivery platform. It contains complete workflows for customers, restaurant owners, administrators and delivery partners and is structured so modules can later be separated into microservices.

Included modules

  • JWT access and refresh tokens with Argon2 password hashing
  • Role-based access control: customer, restaurant owner, delivery partner and admin
  • Customer addresses
  • Restaurant onboarding and admin approval
  • Menu categories and menu item management
  • One-restaurant cart with availability and quantity validation
  • Transactional checkout with immutable item-price snapshots
  • Tax, delivery fee and minimum-order calculation
  • Order status history and validated state transitions
  • Idempotent payment creation, cash on delivery and mock-card gateway
  • Delivery-partner assignment, pickup, live coordinates and delivery completion
  • Admin overview analytics and audit logs
  • PostgreSQL, Redis, Celery, Docker Compose and Alembic
  • Request IDs, CORS, health/readiness endpoints and automated tests

The payment adapter intentionally simulates a provider. Connect a real PCI-compliant provider such as Razorpay or Stripe on the server; never collect raw card data in this API.

Architecture

Client applications
       |
       v
FastAPI REST API
  |-- Auth/RBAC
  |-- Restaurants & Menu
  |-- Cart & Pricing
  |-- Orders & Payments
  |-- Delivery Operations
  |-- Analytics & Audit
       |
       +------ PostgreSQL
       +------ Redis ------ Celery Worker

Quick start with Docker

cp .env.example .env
docker compose up --build

Open:

  • Swagger UI: http://localhost:8000/docs
  • ReDoc: http://localhost:8000/redoc
  • Health: http://localhost:8000/health

Seed demo records in another terminal:

docker compose exec api python -m scripts.seed

Demo password for every seeded account: Password@123

Role Email
Admin admin@foodapp.local
Restaurant owner owner@foodapp.local
Customer customer@foodapp.local
Delivery partner rider@foodapp.local

Local setup without Docker

Python 3.11 or 3.12 is recommended.

python -m venv .venv
# Windows PowerShell: .venv\Scripts\Activate.ps1
# Linux/macOS: source .venv/bin/activate
pip install -r requirements.txt
cp .env.example .env

For a zero-infrastructure local run, edit .env:

DATABASE_URL=sqlite:///./food_delivery.db
AUTO_CREATE_TABLES=true

Then run:

python -m scripts.seed
uvicorn app.main:app --reload

Main API workflow

  1. Register or use a seeded customer.
  2. Log in through POST /api/v1/auth/login. Swagger uses the email in the username field.
  3. Create an address.
  4. Browse approved restaurants and menu items.
  5. Add menu items to the cart.
  6. Checkout to create an order.
  7. Create a COD or mock-card payment using a unique idempotency key.
  8. Restaurant owner confirms, prepares and marks the order ready.
  9. Admin assigns a delivery partner.
  10. Delivery partner accepts, picks up and delivers the order.

Important endpoints

Method Endpoint Role
POST /api/v1/auth/register Public
POST /api/v1/auth/login Public
GET /api/v1/restaurants Public
GET /api/v1/restaurants/{id}/menu Public
POST /api/v1/users/addresses Authenticated
POST /api/v1/cart/items Customer
POST /api/v1/orders/checkout Customer
POST /api/v1/payments/orders/{order_id} Customer
PATCH /api/v1/orders/{order_id}/status Owner/Admin
POST /api/v1/deliveries/orders/{order_id}/assign Admin
PATCH /api/v1/deliveries/{assignment_id}/status Delivery partner
GET /api/v1/analytics/overview Admin

Tests and quality

pytest --cov=app --cov-report=term-missing
ruff check .

Production checklist

Before a public deployment:

  • Replace SECRET_KEY, use a secrets manager and rotate credentials.
  • Set AUTO_CREATE_TABLES=false; use reviewed Alembic migrations.
  • Put the API behind TLS and a reverse proxy/API gateway.
  • Add signed real-payment webhooks and provider-side idempotency.
  • Add refresh-token revocation/session storage for high-security deployments.
  • Use Redis-backed rate limiting and distributed locks where required.
  • Add email/SMS/push providers, object storage and observability exporters.
  • Configure backups, database replicas, structured log collection and alerts.
  • Run vulnerability, SAST, DAST and load tests before launch.

Extending to microservices

The strongest future extraction boundaries are:

  1. Identity service
  2. Restaurant/catalogue service
  3. Cart service
  4. Order service
  5. Payment service
  6. Delivery service
  7. Notification service
  8. Analytics pipeline

Publish domain events through Kafka or another durable broker only after the operational complexity is justified.

About

A production-oriented **modular monolith** backend for a food-delivery platform. It contains complete workflows for customers, restaurant owners, administrators and delivery partners and is structured so modules can later be separated into microservices.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages