Home page of solidityShield, showing a scan.

Swagger Banking Application

Repository

The goal of the swagger banking application is to create a robust and secure banking application in the form of a RESTful API. Our goal was to design an application that encompasses all the essential features of a modern banking system while prioritizing security and user experience.

The Technology Behind MyBank API

To lay the foundation for our project, we used various cutting-edge technologies:

  • Swagger: We started with a comprehensive API specification using Swagger. This allowed us to define all the API endpoints, input parameters, output responses, and underlying data models..

  • Spring Boot Java: With the help of Spring Boot, we built the heart of the application. The Spring Boot framework facilitated rapid development, allowing us to focus on implementing banking functionalities without being bogged down by boilerplate code.

  • JWT Authentication: To ensure only authorized users had access to the API, we implemented JSON Web Tokens (JWT) for user authentication. This robust mechanism kept sensitive information safe and protected against unauthorized access.

Unveiling the Features of MyBank API

Our MyBank API offers a plethora of fundamental features, transforming it into a comprehensive banking application:

  1. User Registration and Authentication: We made it simple for users to sign up and register for an account within the application. To guarantee secure access, we implemented JWT-based authentication, which issued tokens upon successful login.

  2. Account Management: Customers can easily create both Current and Savings accounts. We also ensured that all accounts are all in EUR, and each account adhered to the IBAN standard (format: NLxxINHO0xxxxxxxxx). Additionally, the bank itself possesses a unique account with the IBAN NL01INHO0000000001.

  3. Role-Based Access: We established two distinct roles: Customer and Employee. Customers possess access only to their own accounts, enabling them to view transaction history and check balances. In contrast, employees enjoy comprehensive access to all accounts (excluding the bank's account) and have the authority to perform transactions on behalf of customers. Moreover, an employee can also be a customer.

  4. Transactions at the Core: In a transaction we ensure that every transaction contains crucial information such as timestamp, account from, account to, transaction amount, and the user (customer or employee) executing the transaction. This ensures complete transparency and accountability.

  5. Transaction Limits for Safety: To maintain financial security, we imposed transaction limits for customers. Customers are restricted from making transactions that would push their balance below a specified absolute limit. Furthermore, we implemented daily cumulative transaction limits and maximum transaction amount limits per user, preventing any fraudulent or unauthorized activity.

Unit and Integration testing

We also used JUnit for unit testing and Cucumber for integration testing. With JUnit, we conducted individual tests on specific code units to ensure their accuracy and reliability. Meanwhile, Cucumber allowed us to create human-readable test scenarios and validate the application's behavior through integration testing. This comprehensive testing approach gave us the possibility to deliver a secure and robust banking application.