Webstore API is a fully-featured e-commerce backend built with ASP.NET Core.
It provides secure authentication, product & order management, payment integration, and all the essential features required for a modern online store.
It also supports advanced functionalities like email verification, password reset, caching, and role-based access control.
- 🔐 Secure Authentication – JWT-based auth with role management (Admin & Customer)
- 🛒 Product & Category Management – Full CRUD for products, categories, and brands
- 🧺 Shopping Basket – Add/remove items and manage user cart
- 📦 Order Management – Place, view, and manage orders with delivery methods
- 💳 Payment Integration – Secure online payments with Stripe
- 📧 Email Verification & OTP – Enhanced user account security
- 🔑 Password Reset – Forget/reset password with OTP verification
- 🔍 Search, Sorting, Filtering, Pagination – Improved product discovery
- ⚡ Caching with Redis – Faster performance for frequently accessed data
- 🔐 Role-based Authorization – Separate roles for Admin and Customer
- ASP.NET Core – API framework
- JWT – Authentication & authorization
- Stripe – Payment processing
- Redis – Caching layer
- Entity Framework Core – ORM for database
- Onion Architecture – Clean project structure
- Unit of Work & Generic Repository – Data access patterns
- Specification Pattern – Dynamic query building
POST /api/Accounts/register– Register a new userPOST /api/Accounts/EmailVerification– Verify email with OTPPOST /api/Accounts/login– User login (returns JWT)POST /api/Accounts/ForgetPassword– Request password resetPOST /api/Accounts/ResetPassword– Reset password with OTPGET /api/Accounts/GetCurrentUser– Get current user infoGET /api/Accounts/Address– Get user addresses
GET /api/Basket– Get basket detailsPOST /api/Basket– Add product to basketDELETE /api/Basket– Remove product from basket
GET /api/Brands– Get all brandsPOST /api/Brands– Add a new brandGET /api/Brands/{id}– Get brand by IDPUT /api/Brands/{id}– Update brandDELETE /api/Brands/{id}– Delete brand
POST /api/Orders– Place new orderGET /api/Orders/GetOrdersForSpecificUser– Get all orders for current userGET /api/Orders/GetOrderForSpecificUser/{orderId}– Get order detailsGET /api/Orders/GetDeliveryMethods– Get delivery methodsDELETE /api/Orders/{orderId}– Cancel orderGET /api/Orders/all– Get all orders (Admin only)
POST /api/Payment/{basketId}– Process paymentPOST /api/Payment/Webhook– Stripe webhook handler
GET /api/Products– Get all productsPOST /api/Products– Add new productGET /api/Products/{id}– Get product by IDPUT /api/Products/{id}– Update productDELETE /api/Products/{id}– Delete product
GET /api/Types– Get all product typesPOST /api/Types– Add new typeGET /api/Types/{id}– Get type by IDPUT /api/Types/{id}– Update typeDELETE /api/Types/{id}– Delete type
The API follows Onion Architecture, ensuring clean separation of concerns and maintainable code.
- Core Layer – Business logic and domain models
- Application Layer – Services and application logic
- Infrastructure Layer – Database, payment gateway, caching, etc.
- API Layer – Entry point for HTTP requests
- Unit of Work – Manages transactions and ensures consistency
- Generic Repository – Simplified data access
- Specification Pattern – Build complex queries dynamically
- AutoMapper – Map domain models to DTOs easily
Redis is integrated to cache frequently requested data (e.g., product lists) —
this improves response times and reduces database load, which is critical for high-traffic e-commerce platforms.
A global exception handling middleware provides meaningful error messages and consistent responses across the API.
Secure payment processing is handled through Stripe API with webhook support to track payment events and status updates.
The entire application is containerized using Docker:
- Built with a multi-stage Dockerfile for optimized image size.
- Easily deployable across development, staging, and production environments.
- Integrated with GitHub Actions for automated build and deployment pipelines.
The API is deployed and hosted on MonsterAPI.
You can try the live version here: