HyTrack API

Overview

A secure, high-performance REST API built with FastAPI to actively scrape and track shipment statuses for Blue Dart and Delhivery. This application serves as an independent microservice that replaces unreliable public APIs or manual checking by automating web scraping intelligently. It includes robust local API key management, rate-limiting, and hardened bcrypt hashing for administrative scale and security.

Architecture & How It Works

• Blue Dart: The API maps directly to their hidden third-party tracking GET endpoints and parses the HTML response using BeautifulSoup4.
• Delhivery: Because Delhivery's tracking portal is heavily JavaScript-rendered and blocks basic HTTP requests, HyTrack utilizes webdriver-manager to spin up live, headless Google Chrome instances via Selenium. It dynamically waits for the WebSockets and React components to load before extracting the tracking timeline.
• Hardware Platform: Running on a Raspberry Pi 5 (AArch64). Because launching headless Chrome browsers is highly RAM-intensive, the system utilizes global asynchronous semaphores to cap concurrent browser instances to strictly prevent out-of-memory crashes.

Security Features

• Military-Grade Hashing: All generated client keys are instantly hashed using native Python bcrypt (v5+). Plaintext tokens are never stored, ensuring full forward-secrecy.
• Rate Limiting: Active Rate Limiting via slowapi enforces a strict 10 requests/minute ceiling per IP address to prevent Denial of Service (DoS) sweeps.
• Timing Attack Prevention: The Master API Key is verified using constant-time digest comparison (secrets.compare_digest) to defeat side-channel timing attacks.
• Parameter Injection Protection: The FastAPI endpoints enforce rigid Regex bounds and character limits on all tracking waybills to prevent URL injection.