Minimal FinTech-themed platform engineering project using FastAPI, Docker, pytest, Prometheus metrics, API key auth, correlation IDs, and GitHub Actions CI.
Service exposes:
GET /health→{"status": "ok", "environment": "<env>"}POST /score→ accepts{"amount", "country", "merchant"}and returns{"risk_score"}GET /metrics→ Prometheus metrics endpoint
Risk scoring is intentionally simple and rule-based for demonstration.
- FastAPI app with
/health,/score, and/metrics - Rule-based
RiskEngineencapsulated in its own class - Environment-based configuration via
pydantic-settings - API key check and naive per-minute rate limiting for
/score - Correlation ID middleware:
X-Request-Idheader in and out - Structured JSON logging with correlation IDs and risk engine logs
- Prometheus metrics for HTTP requests and risk scores
- Dockerfile using Gunicorn + Uvicorn workers
docker-composewith Prometheus- GitHub Actions CI:
- Installs dependencies
- Runs flake8 and pytest
- Builds Docker image
- Runs Trivy security scan on the repository
- Python 3.11+
- pip
- (Optional) Docker
- (Optional) Docker Compose
- (Optional) GitHub account for CI
Configuration is loaded from environment variables (via TRS_ prefix) or .env file.
Key settings:
TRS_ENVIRONMENT– environment name (default:local)TRS_API_KEY– API key required for/score(default:local-dev-key)TRS_RATE_LIMIT_PER_MINUTE– requests per minute per IP+endpoint (default:60)TRS_HIGH_RISK_COUNTRIES– comma-separated country codes (default:IR,KP,SY)TRS_HIGH_RISK_MERCHANTS– comma-separated merchant types (default:crypto_exchange,gambling)
Example .env:
TRS_ENVIRONMENT=local
TRS_API_KEY=local-dev-key
TRS_RATE_LIMIT_PER_MINUTE=120
TRS_HIGH_RISK_COUNTRIES=IR,KP,SY
TRS_HIGH_RISK_MERCHANTS=crypto_exchange,gambling