@ -59,19 +59,19 @@ To handle that, we first convert the `username` and `password` to `bytes` encodi
Then we can use `secrets.compare_digest()` to ensure that `credentials.username` is `"stanleyjobson"`, and that `credentials.password` is `"swordfish"`.
@ -142,19 +142,19 @@ That way, using `secrets.compare_digest()` in your application code, it will be
After detecting that the credentials are incorrect, return an `HTTPException` with a status code 401 (the same returned when no credentials are provided) and add the header `WWW-Authenticate` to make the browser show the login prompt again:
@ -56,34 +56,34 @@ They are normally used to declare specific security permissions, for example:
First, let's quickly see the parts that change from the examples in the main **Tutorial - User Guide** for [OAuth2 with Password (and hashing), Bearer with JWT tokens](../../tutorial/security/oauth2-jwt.md){.internal-link target=_blank}. Now using OAuth2 scopes:
Because we are now declaring those scopes, they will show up in the API docs when you log-in/authorize.
@ -175,34 +176,34 @@ And we return the scopes as part of the JWT token.
But in your application, for security, you should make sure you only add the scopes that the user is actually able to have, or the ones you have predefined.
@ -364,34 +365,34 @@ We create an `HTTPException` that we can re-use (`raise`) later at several point
In this exception, we include the scopes required (if any) as a string separated by spaces (using `scope_str`). We put that string containing the scopes in the `WWW-Authenticate` header (this is part of the spec).
@ -185,16 +185,16 @@ With that you can connect the WebSocket and then send and receive messages:
When a WebSocket connection is closed, the `await websocket.receive_text()` will raise a `WebSocketDisconnect` exception, which you can then catch and handle like in this example.
@ -158,13 +158,31 @@ The syntax using `typing` is **compatible** with all versions, from Python 3.6 t
As Python advances, **newer versions** come with improved support for these type annotations and in many cases you won't even need to import and use the `typing` module to declare the type annotations.
If you can choose a more recent version of Python for your project, you will be able to take advantage of that extra simplicity. See some examples below.
If you can choose a more recent version of Python for your project, you will be able to take advantage of that extra simplicity.
In all the docs there are examples compatible with each version of Python (when there's a difference).
For example "**Python 3.6+**" means it's compatible with Python 3.6 or above (including 3.7, 3.8, 3.9, 3.10, etc). And "**Python 3.9+**" means it's compatible with Python 3.9 or above (including 3.10, etc).
If you can use the **latest versions of Python**, use the examples for the latest version, those will have the **best and simplest syntax**, for example, "**Python 3.10+**".
#### List
For example, let's define a variable to be a `list` of `str`.
=== "Python 3.6 and above"
=== "Python 3.9+"
Declare the variable, with the same colon (`:`) syntax.
As the type, put `list`.
As the list is a type that contains some internal types, you put them in square brackets:
@ -267,18 +273,18 @@ You can declare that a variable can be any of **several types**, for example, an
In Python 3.6 and above (including Python 3.10) you can use the `Union` type from `typing` and put inside the square brackets the possible types to accept.
In Python 3.10 there's also an**alternative syntax** where you can put the possible types separated by a <abbrtitle='also called "bitwise or operator", but that meaning is not relevant here'>vertical bar (`|`)</abbr>.
In Python 3.10 there's also a **new syntax** where you can put the possible types separated by a <abbrtitle='also called "bitwise or operator", but that meaning is not relevant here'>vertical bar (`|`)</abbr>.
@ -360,17 +366,7 @@ And then you won't have to worry about names like `Optional` and `Union`. 😎
These types that take type parameters in square brackets are called **Generic types** or **Generics**, for example:
=== "Python 3.6 and above"
* `List`
* `Tuple`
* `Set`
* `Dict`
* `Union`
* `Optional`
* ...and others.
=== "Python 3.9 and above"
=== "Python 3.10+"
You can use the same builtin types as generics (with square brackets and types inside):
@ -382,10 +378,12 @@ These types that take type parameters in square brackets are called **Generic ty
And the same as with Python 3.6, from the `typing` module:
* `Union`
* `Optional`
* `Optional` (the same as with Python 3.6)
* ...and others.
=== "Python 3.10 and above"
In Python 3.10, as an alternative to using the generics `Union` and `Optional`, you can use the <abbrtitle='also called "bitwise or operator", but that meaning is not relevant here'>vertical bar (`|`)</abbr> to declare unions of types, that's a lot better and simpler.
=== "Python 3.9+"
You can use the same builtin types as generics (with square brackets and types inside):
@ -397,10 +395,18 @@ These types that take type parameters in square brackets are called **Generic ty
And the same as with Python 3.6, from the `typing` module:
* `Union`
* `Optional` (the same as with Python 3.6)
* `Optional`
* ...and others.
In Python 3.10, as an alternative to using the generics `Union` and `Optional`, you can use the <abbrtitle='also called "bitwise or operator", but that meaning is not relevant here'>vertical bar (`|`)</abbr> to declare unions of types.
=== "Python 3.6+"
* `List`
* `Tuple`
* `Set`
* `Dict`
* `Union`
* `Optional`
* ...and others.
### Classes as types
@ -440,22 +446,22 @@ And you get all the editor support with that resulting object.
@ -57,40 +57,40 @@ Using `BackgroundTasks` also works with the dependency injection system, you can
**FastAPI** knows what to do in each case and how to re-use the same object, so that all the background tasks are merged together and are run in the background afterwards:
@ -6,22 +6,22 @@ To update an item you can use the <a href="https://developer.mozilla.org/en-US/d
You can use the `jsonable_encoder` to convert the input data to data that can be stored as JSON (e.g. with a NoSQL database). For example, converting `datetime` to `str`.
@ -19,16 +19,16 @@ To declare a **request** body, you use <a href="https://pydantic-docs.helpmanual
First, you need to import `BaseModel` from `pydantic`:
=== "Python 3.6 and above"
=== "Python 3.10+"
```Python hl_lines="4"
{!> ../../../docs_src/body/tutorial001.py!}
```Python hl_lines="2"
{!> ../../../docs_src/body/tutorial001_py310.py!}
```
=== "Python 3.10 and above"
=== "Python 3.6+"
```Python hl_lines="2"
{!> ../../../docs_src/body/tutorial001_py310.py!}
```Python hl_lines="4"
{!> ../../../docs_src/body/tutorial001.py!}
```
## Create your data model
@ -37,16 +37,16 @@ Then you declare your data model as a class that inherits from `BaseModel`.
Use standard Python types for all the attributes:
=== "Python 3.6 and above"
=== "Python 3.10+"
```Python hl_lines="7-11"
{!> ../../../docs_src/body/tutorial001.py!}
```Python hl_lines="5-9"
{!> ../../../docs_src/body/tutorial001_py310.py!}
```
=== "Python 3.10 and above"
=== "Python 3.6+"
```Python hl_lines="5-9"
{!> ../../../docs_src/body/tutorial001_py310.py!}
```Python hl_lines="7-11"
{!> ../../../docs_src/body/tutorial001.py!}
```
The same as when declaring query parameters, when a model attribute has a default value, it is not required. Otherwise, it is required. Use `None` to make it just optional.
@ -75,16 +75,16 @@ For example, this model above declares a JSON "`object`" (or Python `dict`) like
To add it to your *path operation*, declare it the same way you declared path and query parameters:
=== "Python 3.6 and above"
=== "Python 3.10+"
```Python hl_lines="18"
{!> ../../../docs_src/body/tutorial001.py!}
```Python hl_lines="16"
{!> ../../../docs_src/body/tutorial001_py310.py!}
```
=== "Python 3.10 and above"
=== "Python 3.6+"
```Python hl_lines="16"
{!> ../../../docs_src/body/tutorial001_py310.py!}
```Python hl_lines="18"
{!> ../../../docs_src/body/tutorial001.py!}
```
...and declare its type as the model you created, `Item`.
@ -149,16 +149,16 @@ But you would get the same editor support with <a href="https://www.jetbrains.co
Inside of the function, you can access all the attributes of the model object directly:
=== "Python 3.6 and above"
=== "Python 3.10+"
```Python hl_lines="21"
{!> ../../../docs_src/body/tutorial002.py!}
```Python hl_lines="19"
{!> ../../../docs_src/body/tutorial002_py310.py!}
```
=== "Python 3.10 and above"
=== "Python 3.6+"
```Python hl_lines="19"
{!> ../../../docs_src/body/tutorial002_py310.py!}
```Python hl_lines="21"
{!> ../../../docs_src/body/tutorial002.py!}
```
## Request body + path parameters
@ -167,16 +167,16 @@ You can declare path parameters and request body at the same time.
**FastAPI** will recognize that the function parameters that match path parameters should be **taken from the path**, and that function parameters that are declared to be Pydantic models should be **taken from the request body**.
=== "Python 3.6 and above"
=== "Python 3.10+"
```Python hl_lines="17-18"
{!> ../../../docs_src/body/tutorial003.py!}
```Python hl_lines="15-16"
{!> ../../../docs_src/body/tutorial003_py310.py!}
```
=== "Python 3.10 and above"
=== "Python 3.6+"
```Python hl_lines="15-16"
{!> ../../../docs_src/body/tutorial003_py310.py!}
```Python hl_lines="17-18"
{!> ../../../docs_src/body/tutorial003.py!}
```
## Request body + path + query parameters
@ -185,16 +185,16 @@ You can also declare **body**, **path** and **query** parameters, all at the sam
**FastAPI** will recognize each of them and take the data from the correct place.
=== "Python 3.6 and above"
=== "Python 3.10+"
```Python hl_lines="18"
{!> ../../../docs_src/body/tutorial004.py!}
```Python hl_lines="16"
{!> ../../../docs_src/body/tutorial004_py310.py!}
```
=== "Python 3.10 and above"
=== "Python 3.6+"
```Python hl_lines="16"
{!> ../../../docs_src/body/tutorial004_py310.py!}
```Python hl_lines="18"
{!> ../../../docs_src/body/tutorial004.py!}
```
The function parameters will be recognized as follows:
**FastAPI** calls the `CommonQueryParams` class. This creates an "instance" of that class and the instance will be passed as the parameter `commons` to your function.
@ -272,13 +271,7 @@ Now you can declare your dependency using this class.
Notice how we write `CommonQueryParams` twice in the above code:
But declaring the type is encouraged as that way your editor will know what will be passed as the parameter `commons`, and then it can help you with code completion, type checks, etc:
@ -381,13 +380,7 @@ But declaring the type is encouraged as that way your editor will know what will
But you see that we are having some code repetition here, writing `CommonQueryParams` twice:
**FastAPI** provides a shortcut for these cases, in where the dependency is *specifically* a class that **FastAPI** will "call" to create an instance of the class itself.
For those specific cases, you can do the following:
@ -109,19 +109,19 @@ And they can return values or not, the values won't be used.
So, you can re-use a normal dependency (that returns a value) you already use somewhere else, and even though the value won't be used, the dependency will be executed:
@ -161,14 +161,14 @@ And it will save the returned value in a <abbr title="A utility/system to store
In an advanced scenario where you know you need the dependency to be called at every step (possibly multiple times) in the same request instead of using the "cached" value, you can set the parameter `use_cache=False` when using `Depends`:
@ -181,16 +181,16 @@ To do that, use the standard Python type hint <a href="https://docs.python.org/3
!!! note
When defining a <ahref="https://pydantic-docs.helpmanual.io/usage/types/#unions"class="external-link"target="_blank">`Union`</a>, include the most specific type first, followed by the less specific type. In the example below, the more specific `PlaneItem` comes before `CarItem` in `Union[PlaneItem, CarItem]`.
@ -104,22 +104,22 @@ As descriptions tend to be long and cover multiple lines, you can declare the *p
You can write <ahref="https://en.wikipedia.org/wiki/Markdown"class="external-link"target="_blank">Markdown</a> in the docstring, it will be interpreted and displayed correctly (taking into account docstring indentation).
@ -110,7 +110,7 @@ It doesn't matter for **FastAPI**. It will detect the parameters by their names,
So, you can declare your function as:
=== "Python 3.6 - non-Annotated"
=== "Python 3.6 non-Annotated"
!!! tip
Try to use the main, `Annotated` version better.
@ -121,16 +121,16 @@ So, you can declare your function as:
But have in mind that if you use `Annotated`, you won't have this problem, it won't matter as you're not using the function parameter default values for `Query()` or `Path()`.
@ -161,16 +161,16 @@ Python won't do anything with that `*`, but it will know that all the following
Have in mind that if you use `Annotated`, as you are not using function parameter default values, you won't have this problem, and yo probably won't need to use `*`.
The query parameter `q` is of type `Union[str, None]` (or `str | None` in Python 3.10), that means that it's of type `str` but could also be `None`, and indeed, the default value is `None`, so FastAPI will know it's not required.
@ -34,7 +34,15 @@ To achieve that, first import:
* `Query` from `fastapi`
* `Annotated` from `typing` (or from `typing_extensions` in Python below 3.9)
=== "Python 3.6 and above"
=== "Python 3.10+"
In Python 3.9 or above, `Annotated` is part of the standard library, so you can import it from `typing`.
## Use `Annotated` in the type for the `q` parameter
Remember I told you before that `Annotated` can be used to add metadata to your parameters in the [Python Types Intro](../python-types.md#type-hints-with-metadata-annotations){.internal-link target=_blank}?
@ -60,30 +60,30 @@ Now it's the time to use it with FastAPI. 🚀
We had this type annotation:
=== "Python 3.6 and above"
=== "Python 3.10+"
```Python
q: Union[str, None] = None
q: str | None = None
```
=== "Python 3.10 and above"
=== "Python 3.6+"
```Python
q: str | None = None
q: Union[str, None] = None
```
What we will do is wrap that with `Annotated`, so it becomes:
=== "Python 3.6 and above"
=== "Python 3.10+"
```Python
q: Annotated[Union[str, None]] = None
q: Annotated[str | None] = None
```
=== "Python 3.10 and above"
=== "Python 3.6+"
```Python
q: Annotated[str | None] = None
q: Annotated[Union[str, None]] = None
```
Both of those versions mean the same thing, `q` is a parameter that can be a `str` or `None`, and by default, it is `None`.
@ -94,16 +94,16 @@ Now let's jump to the fun stuff. 🎉
Now that we have this `Annotated` where we can put more metadata, add `Query` to it, and set the parameter `max_length` to 50:
As in this case (without using `Annotated`) we have to replace the default value `None` in the function with `Query()`, we now need to set the default value with the parameter `Query(default=None)`, it serves the same purpose of defining that default value (at least for FastAPI).
@ -232,80 +232,80 @@ Because `Annotated` can have more than one metadata annotation, you could now ev
You can define a <abbrtitle="A regular expression, regex or regexp is a sequence of characters that define a search pattern for strings.">regular expression</abbr> that the parameter should match:
@ -861,40 +860,40 @@ The docs will show it like this:
To exclude a query parameter from the generated OpenAPI schema (and thus, from the automatic documentation systems), set the parameter `include_in_schema` of `Query` to `False`:
@ -4,22 +4,22 @@ You can declare the type used for the response by annotating the *path operation
You can use **type annotations** the same way you would for input data in function **parameters**, you can use Pydantic models, lists, dictionaries, scalar values like integers, booleans, etc.
So, **FastAPI** will take care of filtering out all the data that is not declared in the output model (using Pydantic).
@ -202,16 +202,16 @@ But in most of the cases where we need to do something like this, we want the mo
And in those cases, we can use classes and inheritance to take advantage of function **type annotations** to get better support in the editor and tools, and still get the FastAPI **data filtering**.
With this, we get tooling support, from editors and mypy as this code is correct in terms of types, but we also get the data filtering from FastAPI.
@ -278,16 +278,16 @@ But when you return some other arbitrary object that is not a valid Pydantic typ
The same would happen if you had something like a <abbrtitle='A union between multiple types means "any of these types".'>union</abbr> between different types where one or more of them are not valid Pydantic types, for example this would fail 💥:
...this fails because the type annotation is not a Pydantic type and is not just a single `Response` class or subclass, it's a union (any of the two) between a `Response` and a `dict`.
@ -300,16 +300,16 @@ But you might want to still keep the return type annotation in the function to g
In this case, you can disable the response model generation by setting `response_model=None`:
This will make FastAPI skip the response model generation and that way you can have any return type annotations you need without it affecting your FastAPI application. 🤓
@ -318,22 +318,22 @@ This will make FastAPI skip the response model generation and that way you can h
Your response model could have default values, like:
You can declare an `example` for a Pydantic model using `Config` and `schema_extra`, as described in <ahref="https://pydantic-docs.helpmanual.io/usage/schema/#schema-customization"class="external-link"target="_blank">Pydantic's docs: Schema customization</a>:
@ -134,19 +134,19 @@ In this example we are going to use **OAuth2**, with the **Password** flow, usin
When we create an instance of the `OAuth2PasswordBearer` class we pass in the `tokenUrl` parameter. This parameter contains the URL that the client (the frontend running in the user's browser) will use to send the `username` and `password` in order to get a token.
In the previous chapter the security system (which is based on the dependency injection system) was giving the *path operation function* a `token` as a `str`:
@ -79,120 +79,120 @@ Remember that dependencies can have sub-dependencies?
The same as we were doing before in the *path operation* directly, our new dependency `get_current_user` will receive a `token` as a `str` from the sub-dependency `oauth2_scheme`:
@ -182,40 +182,40 @@ If your database is stolen, the thief won't have your users' plaintext passwords
So, the thief won't be able to try to use those same passwords in another system (as many users use the same password everywhere, this would be dangerous).
@ -540,16 +540,16 @@ And then, when using the dependency in a *path operation function*, we declare i
This will then give us better editor support inside the *path operation function*, because the editor will know that the `db` parameter is of type `Session`:
@ -739,16 +739,16 @@ A "middleware" is basically a function that is always executed for each request,
The middleware we'll add (just a function) will create a new SQLAlchemy `SessionLocal` for each request, add it to the request and then close it once the request is finished.
@ -60,16 +60,16 @@ Portanto, você pode usar `user_agent` como faria normalmente no código Python,
Se por algum motivo você precisar desabilitar a conversão automática de sublinhados para hífens, defina o parâmetro `convert_underscores` de `Header` para `False`:
**FastAPI** знает, что нужно сделать в каждом случае и как переиспользовать тот же объект `BackgroundTasks`, так чтобы все фоновые задачи собрались и запустились вместе в фоне:
Sebastián Ramírez
2 years ago
GitHub