Back to Portfolio

Todo List API

A RESTful API built with Laravel featuring role-based access control, tag management, and Docker support

View on GitHub

Project Overview

Purpose

The Todo List API is a comprehensive RESTful API built with Laravel that provides robust todo list management functionality. It features sophisticated role-based access control, tag management capabilities, and complete CRUD operations for managing users, tags, and todo lists.

Challenge

Build a scalable, secure API that implements fine-grained access control where administrators have full system access while regular users can only manage their own data. The system needed to support tag-based organization, containerized deployment, and comprehensive API documentation.

Solution

Implemented a RESTful API using Laravel with Laravel Sanctum for authentication. Created a policy-based authorization system that enforces role-specific permissions for all operations. Integrated Docker support via Laravel Sail for easy deployment, and provided comprehensive documentation through OpenAPI/Swagger specifications and Postman collections.

Key Features

Role-Based Access Control

Comprehensive policy-based authorization system. Admins have full CRUD access across all resources, while regular users can only view and manage their own data. Enforced at the API level for security.

Tag Management System

All authenticated users can create, edit, and delete tags for organizing todo items. Provides flexible categorization and filtering capabilities for better task organization.

Complete Todo List CRUD

Full lifecycle management for todo lists including create, read, update, and delete operations. Admin users can manage all lists, while regular users can only access their own.

Comprehensive Documentation

OpenAPI/Swagger specification for interactive API documentation. Includes Postman collection for easy testing and integration, providing clear examples for all endpoints.

Docker Support with Laravel Sail

Containerized deployment using Laravel Sail for consistent development and production environments. Simplifies setup and ensures reproducible builds across different systems.

User Management

Admin users can perform all user operations including creation, updates, and deletion. Regular users can view and update their own profile information for account management.

Technology Stack

Backend & Framework

  • Laravel Framework

    Modern PHP framework for robust API development

  • PHP (85.3%)

    Primary language with modern PHP features

  • Blade Templates (13.7%)

    Laravel's templating engine for views

  • Laravel Sanctum

    Token-based authentication for secure API access

Development & Deployment

  • Laravel Sail

    Docker-based development environment

  • Docker

    Containerization for consistent deployments

  • Composer

    PHP dependency management

  • Git

    Version control system

Documentation & Testing

  • OpenAPI/Swagger

    Interactive API documentation

  • Postman Collection

    Pre-configured API testing suite

Architecture & Access Control

Role-Based Permissions

The API implements a sophisticated policy-based authorization system that enforces different access levels based on user roles.

Admin Permissions

  • Full CRUD access to all users
  • Manage all todo lists across the system
  • Create, edit, and delete all tags
  • System-wide read and write access

Regular User Permissions

  • View and update own profile only
  • Manage only their own todo lists
  • Create, edit, and delete their own tags
  • No access to other users' data

Project Structure

Clean architecture following Laravel best practices with organized controllers, policies, and database layers.

Controllers (v1)

app/Http/Controllers/v1

Access Policies (v1)

app/Policies/v1

Database Layer

database/migrations & seeders

API Capabilities

User Management

  • User registration & authentication
  • Profile view & updates
  • Admin user CRUD operations
  • Role-based access enforcement

Todo List Management

  • Create new todo lists
  • View all accessible lists
  • Update list details
  • Delete owned lists

Tag Organization

  • Create custom tags
  • Edit tag names
  • Delete unused tags
  • Tag-based filtering

Technical Highlights

Policy-Based Authorization

Laravel policies provide granular control over resource access, ensuring users can only perform authorized actions.

  • Centralized authorization logic in policy classes
  • Automatic enforcement at controller level
  • Clear separation between admin and user permissions
  • Prevents unauthorized data access at API level

Docker Integration with Laravel Sail

Containerized development environment ensures consistency across development and production deployments.

  • One-command setup for local development
  • Isolated environment with all dependencies
  • Easy scaling and deployment options
  • Reproducible builds across different systems

API Documentation

Comprehensive documentation through multiple formats for easy integration and testing.

  • OpenAPI/Swagger specification for interactive docs
  • Postman collection for immediate testing
  • Clear endpoint examples and request/response formats
  • Authentication flow documentation
Back to Portfolio