IshemaLink API — Security Hardening Demo | Hybrid Auth, Encryption, RBAC & Threat Modeling
Live demo of IshemaLink, a Django REST API digitizing Rwanda's logistics and courier market with full security hardening.
In this video I walk through:
🔐 Hybrid Authentication — Session-based login for the web dashboard + JWT for mobile/API clients, with rate-limited login (5 req/min)
🔑 Encryption & Decryption — Fernet (AES-128-CBC) symmetric encryption of sensitive National ID (NID) data, demonstrated live in the Django shell
📋 Audit Logging — Every access to sensitive endpoints (shipments, identity, privacy) is automatically recorded with user, IP, timestamp, and user-agent
🛡️ Role-Based Access Control (RBAC) — Granular roles (super_admin, sector_admin, agent, customs_officer, driver, customer) with sector-scoped permissions
✅ KYC & OTP Verification — Phone-based OTP with SHA-256 hashing and Rwanda NID validation pipeline
📦 GDPR-Style Privacy — Data export, account anonymization, and consent tracking
🧾 Threat Model — Top 3 threats analyzed: Brute-Force Attacks, Insider Threats, and JWT Token Theft — with implemented mitigations and residual risk
Tech Stack: Python, Django REST Framework, SimpleJWT, Fernet, Docker
📂 Source Code: https://github.com/YOUR_USERNAME/ishe...
📄 Threat Model: See THREAT_MODEL.md in the repository
#Django #API #Security #Rwanda #Logistics #RBAC #JWT #Encryption #ThreatModel