E-commerce · API · Auth
Spring Boot Store API
Production-grade e-commerce REST API with JWT refresh token rotation, Redis token blacklist, and Bucket4j rate limiting.
Highlights
- → JWT + refresh token rotation with Redis blacklist
- → Bucket4j per-IP and per-user rate limiting
- → Spring Security RBAC
- → Full OpenAPI 3.0 specification
Methodology
Threat modelling led the auth design: rotating refresh tokens, Redis-backed revocation, and Bucket4j tiers per client profile.
We generated OpenAPI as the contract source, drove contract tests from it, and staged load tests on checkout and inventory paths. Hardening included structured logging, trace IDs, and Dockerised blue/green deploys.
Stack
Impact
JWT
Auth + rotation
Redis
Token blacklist
Bucket4j
Rate limiting