API URL: https://shopify-developer-challenge.herokuapp.com

The structure of this project is how I have designed most APIs I've worked on in the past. I split up my routes, controllers, models, config, and errors in separate folders. All external SDKs required (only mongoose in this case) have their own configuration file under the config folder.

The entry point is index.js, which creates the express app and adds basic middleware. It then passes the express app into router.js which mounts all routes and additional middleware.

Note: I realize that the .env file should usually be ignored from git but to allow for local testing I included it for this specific case

The API design is simple. All product routes live at /api/products and all shopping cart routes live at /api/carts. Errors are handled by error middleware and a catch-all route shows a basic API landing page.

A MongoDB database is used for this project, along with mongoose as an ODM. I have found this combination to work extremely well for Node.js projects as it is both very powerful (ie. aggregation, geo queries, population, etc.) but also quick and easy to setup for a small project. The MongoDB deployment is managed through mLab.

The API is deployed and hosted on Heroku. Although I considered deploying on IaaS such as Google Compute Engine or AWS EC2, I chose to go with Heroku as it comes at zero cost for such tier and provides a nice interface to quickly deploy an application without the need for much additional configuration. Its add-ons also allow for seamless integration with mLab.

For security, I added a simple rate limiter to protect against DDoS attacks (see router.js). If this application were to be scaled across multiple servers, this would have to be configured with a data store such as Redis or Mongo as storing in memory would not support tracking across multiple instances.

I also added Helmet middleware to protect against various attacks through HTTP headers. Although it is not a fully robust security framework, it is a simple way to add a bit of a security layer to an express app.

The API documentation was made using Slate. It outline all routes and errors associated with the API and can be found here.

I wrote integration tests using Jest and Supertest. These tests cover basic usage of the API and can be found in the tests folder. To run them, simply enter npm test after cloning the repository.