A powerful and scalable RESTful API built with Node.js and Express for managing a multi-vendor e-commerce platform. It includes authentication (with support for Google, Facebook, and Apple OAuth), product and order management, cart, checkout, reviews, and more.
- User, Seller, and Admin authentication with JWT
- Social login (Google, Facebook, Apple)
- Password reset, email verification
- Product, category, and brand management
- Shopping cart and wishlist
- Checkout flow and order tracking
- Review and rating system
- Cloudinary integration for media uploads
- Full multi-vendor support (buyers & sellers)
- Admin panel-ready endpoints
- Backend: Node.js, Express.js
- Database: MongoDB, Mongoose
- Authentication: JWT, OAuth 2.0
- Email: Nodemailer, Gmail SMTP
- File Uploads: Cloudinary
- Session & Cookies: express-session
git clone https://github.com/muhammadranju/multi-vendor-ecommerce-api.git
cd multi-vendor-ecommerce-apinpm installCopy the demo environment config:
cp demo.config.env .envThen update .env with your actual credentials (DB, OAuth, email, Cloudinary, etc.).
npm run devBase URL: http://localhost:3000/api/v1
POST /auth/register- Register a new userPOST /auth/login- Login and receive access/refresh tokensPOST /auth/forgot-password- Send reset emailPOST /auth/reset-password- Reset user passwordGET /auth/google- Google OAuth loginGET /auth/facebook- Facebook OAuth loginGET /auth/apple- Apple OAuth loginPOST /auth/logout- Logout and invalidate tokenGET /auth/me- Get authenticated user detailsPATCH /auth/profile- Update user profile
GET /products- List all productsGET /products/:id- Get a product by IDPOST /products- Create product (seller only)PATCH /products/:id- Update product (seller only)DELETE /products/:id- Delete product (seller only)
POST /cart- Add product to cartGET /cart- View current user’s cartPATCH /cart/:itemId- Update quantityDELETE /cart/:itemId- Remove from cart
POST /wishlist- Add to wishlistGET /wishlist- View wishlistDELETE /wishlist/:productId- Remove product
POST /orders- Place an orderGET /orders- View order historyGET /orders/:orderId- Get single order detailsPATCH /orders/:orderId/status- Update order status (admin/seller)
POST /checkout- Begin checkoutPOST /payment- Process payment (integration-ready)
GET /categoriesPOST /categories(admin only)GET /brandsPOST /brands(admin only)
POST /reviews- Add product reviewGET /reviews/:productId- Fetch product reviews
Below are required in the .env file:
PORT=3000
NODE_ENV=development
MONGODB_URI_LOCAL=mongodb://127.0.0.1:27017
FRONTEND_URL=http://localhost:5173
# Google OAuth
GOOGLE_CLIENT_ID=***
GOOGLE_CLIENT_SECRET=***
GOOGLE_CALLBACK_URL=http://localhost:3000/api/v1/auth/google/callback
# Facebook OAuth
FACEBOOK_APP_ID=***
FACEBOOK_APP_SECRET=***
FACEBOOK_CALLBACK_URL=http://localhost:3000/api/v1/auth/facebook/callback
# Apple OAuth
APPLE_SERVICE_ID=***
APPLE_TEAM_ID=***
APPLE_KEY_ID=***
APPLE_PRIVATE_KEY_PATH=***
APPLE_CALLBACK_URL=http://localhost:3000/api/v1/auth/apple/callback
# JWT Secrets
ACCESS_TOKEN_SECRET=***
ACCESS_TOKEN_EXPIRY=1d
REFRESH_TOKEN_SECRET=***
REFRESH_TOKEN_EXPIRY=30d
SELLER_ACCESS_TOKEN_SECRET=***
SELLER_ACCESS_TOKEN_EXPIRY=1d
SELLER_REFRESH_TOKEN_SECRET=***
SELLER_REFRESH_TOKEN_EXPIRY=30d
ADMIN_ACCESS_TOKEN_SECRET=***
ADMIN_ACCESS_TOKEN_EXPIRY=1d
ADMIN_REFRESH_TOKEN_SECRET=***
ADMIN_REFRESH_TOKEN_EXPIRY=30d
# Admin Credentials
SUPER_ADMIN_EMAIL=***
SUPER_ADMIN_PASSWORD=***
# Cookies & Session
COOKIE_SECRET_KEY=***
SESSION_SECRET=***
# Gmail SMTP
EMAIL=***
EMAIL_PASSKEY=***
EMAIL_SERVICE=***
EMAIL_PORT=***
EMAIL_USERNAME=***
EMAIL_PASSWORD=***
# Cloudinary
CLOUDINARY_CLOUD_NAME=***
CLOUDINARY_API_KEY=***
CLOUDINARY_API_SECRET=***To run the test suite (if implemented):
npm test- Fork the repository
- Create a new branch:
git checkout -b feature/your-feature-name - Commit your changes:
git commit -m 'Add some feature' - Push to the branch:
git push origin feature/your-feature-name - Open a pull request
MIT License © 2025 Muhammad Ranju
For inquiries or support, please contact [[email protected]]