A fully functional and scalable backend API built with FastAPI, implementing secure JWT-based authentication and role-based access control (RBAC) for Admin and User roles. Designed following modern backend best practices, the API ensures security, modularity, and performance, making it suitable for real-world production use cases.
This project allows:
- Users to register with email verification (OTP)
- Login using JWT authentication
- Register for events
- Admins to manage events, registrations, attendance, and export data
Built with a focus on security, scalability, and real-world backend practices.
-
User Signup → POST /signup → User provides name, email, password → OTP is generated & sent (email)
-
OTP Verification → POST /verify → User submits OTP → Account gets activated
-
Resend OTP (if needed) → POST /resend-otp → New OTP sent to user email
-
Login → POST /login → User submits email & password → Server validates credentials → JWT Access Token is generated
-
Access Protected Routes → GET /protected → User sends JWT token in Authorization header → Server verifies token → Access granted if valid
-
Forgot Password → POST /forgot-password → OTP sent to email
-
Reset Password → POST /reset-password → User submits OTP + new password → Password updated securely
-
View Events → GET /events → Fetch all available events
-
View Events in Table Format → GET /events-table → Structured/tabular event data
-
Register for Event → POST /register/{event_id} → Requires JWT Token → User registers for selected event
-
Get User Profile → GET /me → Returns logged-in user details
(Admin Authentication Required)
-
Create Event → POST /admin/create-event → Admin creates new event
-
Get All Users → GET /admin/users → Fetch all registered users
-
Delete Event → DELETE /admin/delete-event/{event_id} → Remove an event
-
Get All Registrations → GET /admin/registrations → View all event registrations
-
Get Registrations by Event → GET /admin/registrations/{event_id} → Filter registrations per event
-
Filter Events by Date → GET /admin/events-by-date → Retrieve events based on date
-
Export Registrations (CSV) → GET /admin/export → Download registration data as CSV
-
Mark Attendance → PUT /admin/mark-attendance/{registration_id} → Mark a user as attended
-
View Attendance → GET /admin/attendance → View attendance records
-
Get Only Attended Users → GET /admin/attended → Filter attended participants
Token Usage Authorization Header Format:
Authorization: Bearer <your_jwt_token>
- Backend: FastAPI
- Database: SQLite
- ORM: SQLAlchemy
- Authentication: JWT (python-jose)
- Password Hashing: Passlib
- API Testing: Swagger UI
- Data Export: Pandas
- Passlib (Password Hashing)
- SMTP (Email OTP System)
- Pydantic
- Python-dotenv
- id, name, email, password, role
- id, title, date, location
- id, user_id, event_id
git clone https://github.com/your-username/Event_Management_API.git
cd Event_Management_APIpython -m venv venv
venv\Scripts\activateWindows: venv\Scripts\activate
Mac/Linux: source venv/bin/activate
pip install -r requirements.txtCreate a .env file in root directory:
EMAIL=your_email@gmail.com
EMAIL_PASS=your_app_password
SECRET_KEY=your_secret_key
ALGORITHM=HS256
ACCESS_TOKEN_EXPIRE_MINUTES=120uvicorn main:app --reloadhttp://127.0.0.1:8000/docs
Signup → OTP Verification → Login → Authorize → Access Protected APIs
- OTP is sent to user email during signup
- Includes expiry time and resend option
- Ensures only valid users can register
- Forget Password and Reset Password
- Admin can export all registrations as CSV
- Useful for reporting and analytics
- Can be opened in Excel / Google Sheets
EVENT_API/ │ ├── main.py ├── auth.py ├── models.py |── database.py ├── requirements.txt ├── README.md ├── .env.example ├── .gitignore └── event.db
- Password hashing (
pbkdf2_sha256) - JWT token-based authentication
- Role-based access control
- Environment variable security (.env)
- OTP-based email verification
.envfile is not included (security reason)- Use
.env.exampleas reference - Gmail App Password is required for email functionality
Akinchan Nayek