A RESTful API for a mock banking system built with FastAPI, featuring user authentication, account management, and money transfers.
- User Management: Registration and authentication with JWT tokens
- Account Management: Create accounts, check balances, view statements
- Money Transfers: Secure transfers between accounts
- Authentication: JWT-based authentication for all protected endpoints
- Database: SQLite in-memory database with SQLAlchemy ORM
- Validation: Pydantic models for request/response validation
- Documentation: Auto-generated OpenAPI/Swagger documentation
- Testing: Comprehensive integration tests
POST /register- Register a new userPOST /login- Login and get JWT token
GET /account/{account_id}/balance- Get account balanceGET /account/{account_id}/statement- Get account transaction statement
POST /transfer- Transfer money between accounts
GET /health- API health status
-
Clone the repository
git clone <repository-url> cd RESTful-API-for-a-Mock-Bank
-
Install dependencies
pip install -r requirements.txt
-
Run the application
python main.py
The API will be available at
http://localhost:8000 -
Access the documentation
- Swagger UI:
http://localhost:8000/docs - ReDoc:
http://localhost:8000/redoc
- Swagger UI:
curl -X POST "http://localhost:8000/register" \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "password123",
"full_name": "John Doe"
}'curl -X POST "http://localhost:8000/login" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "email=user@example.com&password=password123"curl -X GET "http://localhost:8000/account/1/balance" \
-H "Authorization: Bearer YOUR_JWT_TOKEN"curl -X POST "http://localhost:8000/transfer" \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"from_account_id": 1,
"to_account_id": 2,
"amount": 100.0,
"description": "Payment for services"
}'curl -X GET "http://localhost:8000/account/1/statement" \
-H "Authorization: Bearer YOUR_JWT_TOKEN"python run_tests.py# Authentication tests
pytest test_auth.py -v
# Account management tests
pytest test_accounts.py -v
# Transfer tests
pytest test_transfer.py -vThe test suite includes:
- User registration and authentication
- Account balance and statement retrieval
- Money transfer functionality
- Error handling and validation
- Security and authorization tests
id: Primary keyemail: Unique email addresshashed_password: Bcrypt hashed passwordfull_name: User's full namecreated_at: Account creation timestamp
id: Primary keyaccount_number: Unique account numberbalance: Current account balanceaccount_type: Type of account (default: "checking")user_id: Foreign key to users tablecreated_at: Account creation timestamp
id: Primary keyamount: Transaction amount (positive for deposits, negative for withdrawals)transaction_type: Type of transactiondescription: Transaction descriptionfrom_account_id: Source account (for transfers)to_account_id: Destination account (for transfers)account_id: Account this transaction belongs tocreated_at: Transaction timestamp
- JWT Authentication: All protected endpoints require valid JWT tokens
- Password Hashing: Passwords are hashed using bcrypt
- Input Validation: All inputs are validated using Pydantic models
- Authorization: Users can only access their own accounts
- SQL Injection Protection: Using SQLAlchemy ORM prevents SQL injection
The API provides comprehensive error handling:
400 Bad Request: Invalid input data401 Unauthorized: Invalid or missing authentication403 Forbidden: Access denied404 Not Found: Resource not found500 Internal Server Error: Server errors
RESTful-API-for-a-Mock-Bank/
├── main.py # Main FastAPI application
├── requirements.txt # Python dependencies
├── test_auth.py # Authentication tests
├── test_accounts.py # Account management tests
├── test_transfer.py # Transfer functionality tests
├── run_tests.py # Test runner script
└── README.md # This file
- Add new models to
main.py - Create new endpoints with proper authentication
- Add corresponding tests
- Update this README
This project is for educational purposes only.