Smart Investment Platform API Documentation

Table of Contents

• Overview
• Authentication
  • Traditional Login
  • Web3 Login
  • Civic Auth Integration
• Endpoints
• Security
• Getting Started
• Error Handling

Overview

The Infrafund Smart Investment Platform API is a FastAPI-based application that provides a secure and flexible investment management system. It supports multiple authentication methods and includes features for managing projects and investments.

Key Features

• Multiple authentication methods (Traditional, Web3, Civic)
• Project management
• Investment tracking
• Role-based access control
• OAuth2 with scopes
• SQLAlchemy ORM integration

Authentication

The platform supports three authentication methods:

Traditional Login

POST /login

Request body:

{
  "email": "user@example.com",
  "password": "your_password"
}

Response:

{
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGc...",
  "token_type": "bearer",
  "email": "user@example.com"
}

Web3 Login

POST /web3-login

Request body:

{
  "address": "0x...",
  "signature": "0x...",
  "message": "Login message to sign"
}

Response:

{
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGc...",
  "token_type": "bearer"
}

Civic Auth Integration

1. Initialize login:

GET /auth/login/civic

Response:

{
  "auth_url": "https://auth.civic.com/oauth?..."
}

2. Handle callback:

GET /auth/callback/civic?code={code}&state={state}

Response:

{
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGc...",
  "token_type": "bearer",
  "user": {
    "email": "user@example.com",
    "sub": "civic_user_id"
  }
}

Endpoints

Projects

1. Create Project

POST /projects/
Authorization: Bearer {token}

Request body:

{
  "title": "Project Name",
  "description": "Project Description",
  "target_amount": 1000000,
  "token_symbol": "PRJ",
  "token_price": 1.0
}

2. List Projects

GET /projects/?skip=0&limit=100
Authorization: Bearer {token}

Investments

Create Investment:

POST /investments/
Authorization: Bearer {token}

Request body:

{
  "project_id": 1,
  "amount": 1000
}

Security

OAuth2 Scopes

The API uses OAuth2 with the following scopes:

• user: Read user information
• project: Access project information
• investment: Make investments

CORS Configuration

The API implements CORS middleware with the following settings:

• All origins allowed (customize for production)
• Credentials allowed
• All methods allowed
• All headers allowed

JWT Authentication

• Tokens expire after 30 minutes
• Uses HS256 algorithm
• Includes user role and permissions

Getting Started

1. Install dependencies:

pip install -r requirements.txt

2. Set up environment variables:

SECRET_KEY=your_secret_key
ACCESS_TOKEN_EXPIRE_MINUTES=30
DATABASE_URL=sqlite:///./smart_investment.db
CIVIC_CLIENT_ID=your_civic_client_id
CIVIC_REDIRECT_URI=http://localhost:8000/auth/callback/civic

3. Run the application:

uvicorn main:app --reload

4. Access the API documentation:

• Swagger UI: http://localhost:8000/docs
• ReDoc: http://localhost:8000/redoc

Error Handling

The API uses standard HTTP status codes:

• 200: Successful operation
• 400: Bad request (invalid input)
• 401: Unauthorized (invalid credentials)
• 403: Forbidden (insufficient permissions)
• 404: Not found
• 500: Internal server error

Example error response:

{
  "detail": "Error message here"
}

Common Error Scenarios

1. Invalid Login:

{
  "detail": "Incorrect email or password"
}

2. Invalid Web3 Signature:

{
  "detail": "Invalid signature"
}

3. Invalid Civic Auth State:

{
  "detail": "Invalid state"
}

Best Practices

1. Token Usage:

Authorization: Bearer your_access_token

2. Rate Limiting:

• Implement rate limiting in production
• Use Redis for token storage
• Add request logging

3. Security Considerations:

• Use HTTPS in production
• Implement proper error logging
• Add input validation
• Use environment variables for sensitive data

hackathon-back