behdad088 · behdad088 · Nov 13, 2025 · Nov 13, 2025
diff --git a/src/Services/Basket/Basket.API.IntegrationTests/Features/DeleteBasket/DeleteBasketTests.cs b/src/Services/Basket/Basket.API.IntegrationTests/Features/DeleteBasket/DeleteBasketTests.cs
@@ -35,7 +35,7 @@ public async Task DeleteBasket_No_Token_Returns_Unauthorized(string username)
 
         // Act
         var result = await _client
-            .DeleteAsync($"api/v1/basket/{username}", timeout);
+            .DeleteAsync($"api/v1/basket/customers/{username}", timeout);
 
         // Assert
         result.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
@@ -51,7 +51,7 @@ public async Task DeleteBasket_No_Permission_Returns_Forbidden(string username)
         // Act
         var result = await _client
             .SetFakeBearerToken("sub")
-            .DeleteAsync($"api/v1/basket/{username}", timeout);
+            .DeleteAsync($"api/v1/basket/customers/{username}", timeout);
 
         // Assert
         result.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
@@ -96,7 +96,7 @@ public async Task DeleteBasket_Deletes_Basket_From_Cache_And_PostgresDb_Returns_
                 FakePermission.GetPermissions(
                     [Policies.BasketUserBasketDeletePermission],
                     username: username))
-            .DeleteAsync($"api/v1/basket/{username}", timeout);
+            .DeleteAsync($"api/v1/basket/customers/{username}", timeout);
         var response = await result.Content.ReadFromJsonAsync<DeleteBasketResponse>(timeout);
 
         // Assert

diff --git a/src/Services/Basket/Basket.API.IntegrationTests/Features/GetBasket/GetBasketTests.cs b/src/Services/Basket/Basket.API.IntegrationTests/Features/GetBasket/GetBasketTests.cs
@@ -35,7 +35,7 @@ public async Task GetBasket_No_Token_Returns_Unauthorized()
 
         // Act
         var result = await _client
-            .GetAsync($"api/v1/basket/{username}", timeout);
+            .GetAsync($"api/v1/basket/customers/{username}", timeout);
 
         // Assert
         result.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
@@ -51,7 +51,7 @@ public async Task GetBasket_No_Permission_Returns_Forbidden()
         // Act
         var result = await _client
             .SetFakeBearerToken(FakePermission.GetPermissions([], username: username))
-            .GetAsync($"api/v1/basket/{username}", timeout);
+            .GetAsync($"api/v1/basket/customers/{username}", timeout);
 
         // Assert
         result.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
@@ -69,7 +69,7 @@ public async Task GetBasket_Basket_NotFound_Returns_NotFound()
             .SetFakeBearerToken(
                 FakePermission.GetPermissions([Policies.BasketUserBasketGetPermission],
                     username: username))
-            .GetAsync($"api/v1/basket/{username}", timeout);
+            .GetAsync($"api/v1/basket/customers/{username}", timeout);
         var response = await result.Content.ReadFromJsonAsync<ProblemDetails>(timeout);
 
         // Assert
@@ -113,7 +113,7 @@ public async Task GetBasket_Basket_Only_Exists_In_Postgres_database_Should_Retur
         var result = await _client
             .SetFakeBearerToken(FakePermission.GetPermissions([Policies.BasketUserBasketGetPermission],
                 username: username))
-            .GetAsync($"api/v1/basket/{username}", timeout);
+            .GetAsync($"api/v1/basket/customers/{username}", timeout);
         var response = await result.Content.ReadFromJsonAsync<GetBasketResponse>(timeout);
 
         // Assert
@@ -161,7 +161,7 @@ public async Task GetBasket_Basket_Only_Exists_In_Redis_database_Should_Return_B
         var result = await _client
             .SetFakeBearerToken(FakePermission.GetPermissions([Policies.BasketUserBasketGetPermission],
                 username: username))
-            .GetAsync($"api/v1/basket/{username}", timeout);
+            .GetAsync($"api/v1/basket/customers/{username}", timeout);
         var response = await result.Content.ReadFromJsonAsync<GetBasketResponse>(timeout);
 
         // Assert

diff --git a/src/Services/Basket/Basket.API.IntegrationTests/Features/StoreBasket/StoreBasketTests.cs b/src/Services/Basket/Basket.API.IntegrationTests/Features/StoreBasket/StoreBasketTests.cs
@@ -45,7 +45,7 @@ public async Task StoreBasket_Null_Username_Returns_BadRequest(StoreBasketReques
                 [Policies.BasketUserBasketStorePermission], 
                 username: request.ShoppingCart.Username,
                 roles: ["admin"]))
-            .PostAsJsonAsync("api/v1/basket", invalidRequest, token);
+            .PostAsJsonAsync("api/v1/basket/customers", invalidRequest, token);
         var response = await result.Content.ReadFromJsonAsync<ProblemDetails>(token);
 
         // Assert
@@ -69,7 +69,7 @@ public async Task StoreBasket_Null_Request_Returns_BadRequest(StoreBasketRequest
                 [Policies.BasketUserBasketStorePermission], 
                 username: request.ShoppingCart?.Username,
                 roles: ["admin"]))
-            .PostAsJsonAsync("api/v1/basket", request, token);
+            .PostAsJsonAsync("api/v1/basket/customers", request, token);
         var response = await result.Content.ReadFromJsonAsync<ProblemDetails>(token);
 
         // Assert
@@ -92,7 +92,7 @@ public async Task StoreBasket_Null_Items_In_Request_Returns_BadRequest(StoreBask
             .SetFakeBearerToken(FakePermission.GetPermissions(
                 [Policies.BasketUserBasketStorePermission], 
                 username: request.ShoppingCart?.Username))
-            .PostAsJsonAsync("api/v1/basket", invalidRequest);
+            .PostAsJsonAsync("api/v1/basket/customers", invalidRequest);
         var response = await result.Content.ReadFromJsonAsync<ProblemDetails>();
 
         // Assert
@@ -118,7 +118,7 @@ public async Task StoreBasket_Zero_Quantity_In_Items_In_Request_Returns_BadReque
             .SetFakeBearerToken(FakePermission.GetPermissions(
                 [Policies.BasketUserBasketStorePermission], 
                 username: request.ShoppingCart?.Username))
-            .PostAsJsonAsync("api/v1/basket", invalidRequest, token);
+            .PostAsJsonAsync("api/v1/basket/customers", invalidRequest, token);
         var response = await result.Content.ReadFromJsonAsync<ProblemDetails>(token);
 
         // Assert
@@ -144,7 +144,7 @@ public async Task StoreBasket_Zero_Price_In_Items_In_Request_Returns_BadRequest(
             .SetFakeBearerToken(FakePermission.GetPermissions(
                 [Policies.BasketUserBasketStorePermission], 
                 username: request.ShoppingCart?.Username))
-            .PostAsJsonAsync("api/v1/basket", invalidRequest, token);
+            .PostAsJsonAsync("api/v1/basket/customers", invalidRequest, token);
         var response = await result.Content.ReadFromJsonAsync<ProblemDetails>(token);
 
         // Assert
@@ -167,7 +167,7 @@ public async Task StoreBasket_Valid_Request_Saves_Data_In_PostgresDb_And_Redis(S
             .SetFakeBearerToken(FakePermission.GetPermissions(
                 [Policies.BasketUserBasketStorePermission], 
                 username: request.ShoppingCart?.Username))
-            .PostAsJsonAsync("api/v1/basket", request, token);
+            .PostAsJsonAsync("api/v1/basket/customers", request, token);
         var response = await result.Content.ReadFromJsonAsync<StoreBasketResponse>(token);
 
         // Assert
@@ -208,7 +208,7 @@ public async Task StoreBasket_Valid_Request_Saves_Data_With_Valid_TotalPrice(Sto
             .SetFakeBearerToken(FakePermission.GetPermissions(
                 [Policies.BasketUserBasketStorePermission], 
                 username: request.ShoppingCart?.Username))
-            .PostAsJsonAsync("api/v1/basket", validRequest, token);
+            .PostAsJsonAsync("api/v1/basket/customers", validRequest, token);
         var response = await result.Content.ReadFromJsonAsync<StoreBasketResponse>(token);
 
         // Assert

diff --git a/src/Services/Basket/Basket.API/Authorization/UserAuthorizationHandler.cs b/src/Services/Basket/Basket.API/Authorization/UserAuthorizationHandler.cs
@@ -41,7 +41,7 @@ protected override Task HandleRequirementAsync(
         return Task.CompletedTask;
     }
 
-    private bool ValidateUserPermissions(
+    private static bool ValidateUserPermissions(
         IReadOnlyList<Claim> claims,
         IReadOnlyList<string> requirements
     )

diff --git a/src/Services/Basket/Basket.API/Features/DeleteBasket/DeleteBasketEndpoint.cs b/src/Services/Basket/Basket.API/Features/DeleteBasket/DeleteBasketEndpoint.cs
@@ -10,7 +10,7 @@ public static class DeleteBasketEndpoint
     public static IEndpointRouteBuilder MapDeleteBasketEndpoint(
         this IEndpointRouteBuilder app)
     {
-        app.MapDelete("/{username}", DeleteBasketAsync)
+        app.MapDelete("/customers/{username}", DeleteBasketAsync)
             .WithName("DeleteBasket")
             .Produces<DeleteBasketResponse>()
             .ProducesProblem(StatusCodes.Status400BadRequest)

diff --git a/src/Services/Basket/Basket.API/Features/GetBasket/GetBasketEndpoint.cs b/src/Services/Basket/Basket.API/Features/GetBasket/GetBasketEndpoint.cs
@@ -8,7 +8,7 @@ public static class GetBasketEndpoint
 {
     public static IEndpointRouteBuilder MapGetBasketEndpoint(this IEndpointRouteBuilder app)
     {
-        app.MapGet("/{username}", GetBasketAsync)
+        app.MapGet("/customers/{username}", GetBasketAsync)
             .WithName("GetBasket")
             .Produces<GetBasketResponse>()
             .ProducesProblem(StatusCodes.Status400BadRequest)

diff --git a/src/Services/Basket/Basket.API/Features/StoreBasket/StoreBasketEndpoint.cs b/src/Services/Basket/Basket.API/Features/StoreBasket/StoreBasketEndpoint.cs
@@ -8,7 +8,7 @@ public static class StoreBasketEndpoint
 {
     public static IEndpointRouteBuilder MapStoreBasketEndpoint(this IEndpointRouteBuilder app)
     {
-        app.MapPost("/", StoreBasketAsync)
+        app.MapPost("/customers", StoreBasketAsync)
             .WithName("StoreBasket")
             .Produces<StoreBasketResponse>()
             .ProducesProblem(StatusCodes.Status400BadRequest)

diff --git a/src/Services/Basket/Basket.API/openapi.yaml b/src/Services/Basket/Basket.API/openapi.yaml
@@ -0,0 +1,144 @@
+openapi: 3.0.1
+info:
+  title: Basket.API
+  version: v1
+paths:
+  /api/v1/basket/customers/{username}:
+    get:
+      tags:
+        - Basket API
+      summary: Get Basket by username
+      parameters:
+        - name: username
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GetBasketResponse'
+        '400':
+          description: Bad Request
+        '401':
+          description: Unauthorized
+        '403':
+          description: Forbidden
+        '404':
+          description: Not Found
+    delete:
+      tags:
+        - Basket API
+      summary: Delete Basket by username
+      parameters:
+        - name: username
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/DeleteBasketResponse'
+        '400':
+          description: Bad Request
+        '401':
+          description: Unauthorized
+        '403':
+          description: Forbidden
+        '404':
+          description: Not Found
+  /api/v1/basket/customers:
+    post:
+      tags:
+        - Basket API
+      summary: Store Basket
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/StoreBasketRequest'
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/StoreBasketResponse'
+        '400':
+          description: Bad Request
+        '401':
+          description: Unauthorized
+        '403':
+          description: Forbidden
+        '404':
+          description: Not Found
+components:
+  securitySchemes:
+    Bearer:
+      type: http
+      scheme: bearer
+      bearerFormat: JWT
+  schemas:
+    BasketDtoRequest:
+      type: object
+      properties:
+        username:
+          type: string
+        items:
+          type: array
+          items:
+            $ref: '#/components/schemas/BasketItem'
+    BasketDtoResponse:
+      type: object
+      properties:
+        username:
+          type: string
+        items:
+          type: array
+          items:
+            $ref: '#/components/schemas/BasketItem'
+        total_price:
+          type: number
+          format: decimal
+    BasketItem:
+      type: object
+      properties:
+        quantity:
+          type: integer
+          format: int32
+        color:
+          type: string
+        price:
+          type: number
+          format: decimal
+        product_id:
+          type: string
+        product_name:
+          type: string
+    DeleteBasketResponse:
+      type: object
+      properties:
+        is_success:
+          type: boolean
+    GetBasketResponse:
+      allOf:
+        - $ref: '#/components/schemas/BasketDtoResponse'
+    StoreBasketRequest:
+      type: object
+      properties:
+        shopping_cart:
+          $ref: '#/components/schemas/BasketDtoRequest'
+    StoreBasketResponse:
+      type: object
+      properties:
+        shopping_cart:
+          $ref: '#/components/schemas/BasketDtoResponse'
+security:
+  - Bearer: []