"_[...] I'm using **FastAPI** a ton these days. [...] I'm actually planning to use it for all of my team's **ML services at Microsoft**. Some of them are getting integrated into the core **Windows** product and some **Office** products._"
@ -115,7 +115,7 @@ The key features are:
---
## **Typer**, the FastAPI of CLIs
## **Typer**, the FastAPI of CLIs { #typer-the-fastapi-of-clis }
@ -123,14 +123,14 @@ If you are building a <abbr title="Command Line Interface">CLI</abbr> app to be
**Typer** is FastAPI's little sibling. And it's intended to be the **FastAPI of CLIs**. ⌨️ 🚀
## Requirements
## Requirements { #requirements }
FastAPI stands on the shoulders of giants:
* <ahref="https://www.starlette.io/"class="external-link"target="_blank">Starlette</a> for the web parts.
* <ahref="https://docs.pydantic.dev/"class="external-link"target="_blank">Pydantic</a> for the data parts.
## Installation
## Installation { #installation }
Create and activate a <ahref="https://fastapi.tiangolo.com/virtual-environments/"class="external-link"target="_blank">virtual environment</a> and then install FastAPI:
**Note**: Make sure you put `"fastapi[standard]"` in quotes to ensure it works in all terminals.
## Example
## Example { #example }
### Create it
### Create it { #create-it }
Create a file `main.py` with:
@ -199,7 +199,7 @@ If you don't know, check the _"In a hurry?"_ section about <a href="https://fast
</details>
### Run it
### Run it { #run-it }
Run the server with:
@ -241,7 +241,7 @@ You can read more about it in the <a href="https://fastapi.tiangolo.com/fastapi-
</details>
### Check it
### Check it { #check-it }
Open your browser at <ahref="http://127.0.0.1:8000/items/5?q=somequery"class="external-link"target="_blank">http://127.0.0.1:8000/items/5?q=somequery</a>.
@ -258,7 +258,7 @@ You already created an API that:
* The _path_`/items/{item_id}` has a _path parameter_`item_id` that should be an `int`.
* The _path_`/items/{item_id}` has an optional `str`_query parameter_`q`.
### Interactive API docs
### Interactive API docs { #interactive-api-docs }
Now go to <ahref="http://127.0.0.1:8000/docs"class="external-link"target="_blank">http://127.0.0.1:8000/docs</a>.
@ -266,7 +266,7 @@ You will see the automatic interactive API documentation (provided by <a href="h
In summary, you declare **once** the types of parameters, body, etc. as function parameters.
@ -448,17 +448,17 @@ For a more complete example including more features, see the <a href="https://fa
* **Cookie Sessions**
* ...and more.
## Performance
## Performance { #performance }
Independent TechEmpower benchmarks show **FastAPI** applications running under Uvicorn as <ahref="https://www.techempower.com/benchmarks/#section=test&runid=7464e520-0dc2-473d-bd34-dbdfd7e85911&hw=ph&test=query&l=zijzen-7"class="external-link"target="_blank">one of the fastest Python frameworks available</a>, only below Starlette and Uvicorn themselves (used internally by FastAPI). (*)
To understand more about it, see the section <ahref="https://fastapi.tiangolo.com/benchmarks/"class="internal-link"target="_blank">Benchmarks</a>.
When you install FastAPI with `pip install "fastapi[standard]"` it comes with the `standard` group of optional dependencies:
@ -478,15 +478,15 @@ Used by FastAPI:
* `fastapi-cli[standard]` - to provide the `fastapi` command.
* This includes `fastapi-cloud-cli`, which allows you to deploy your FastAPI application to <ahref="https://fastapicloud.com"class="external-link"target="_blank">FastAPI Cloud</a>.
### Without `standard` Dependencies
### Without `standard` Dependencies { #without-standard-dependencies }
If you don't want to include the `standard` optional dependencies, you can install with `pip install fastapi` instead of `pip install "fastapi[standard]"`.
### Without `fastapi-cloud-cli`
### Without `fastapi-cloud-cli` { #without-fastapi-cloud-cli }
If you want to install FastAPI with the standard dependencies but without the `fastapi-cloud-cli`, you can install with `pip install "fastapi[standard-no-fastapi-cloud-cli]"`.
## Combine predefined responses and custom ones { #combine-predefined-responses-and-custom-ones }
You might want to have some predefined responses that apply to many *path operations*, but you want to combine them with custom responses needed by each *path operation*.
# Additional Status Codes { #additional-status-codes }
By default, **FastAPI** will return the responses using a `JSONResponse`, putting the content you return from your *path operation* inside of that `JSONResponse`.
It will use the default status code or the one you set in your *path operation*.
## Additional status codes
## Additional status codes { #additional-status-codes }
If you want to return additional status codes apart from the main one, you can do that by returning a `Response` directly, like a `JSONResponse`, and set the additional status code directly.
@ -34,7 +34,7 @@ You could also use `from starlette.responses import JSONResponse`.
///
## OpenAPI and API docs
## OpenAPI and API docs { #openapi-and-api-docs }
If you return additional status codes and responses directly, they won't be included in the OpenAPI schema (the API docs), because FastAPI doesn't have a way to know beforehand what you are going to return.
All the dependencies we have seen are a fixed function or class.
@ -10,7 +10,7 @@ Let's imagine that we want to have a dependency that checks if the query paramet
But we want to be able to parameterize that fixed content.
## A "callable" instance
## A "callable" instance { #a-callable-instance }
In Python there's a way to make an instance of a class a "callable".
@ -22,7 +22,7 @@ To do that, we declare a method `__call__`:
In this case, this `__call__` is what **FastAPI** will use to check for additional parameters and sub-dependencies, and this is what will be called to pass a value to the parameter in your *path operation function* later.
## Parameterize the instance
## Parameterize the instance { #parameterize-the-instance }
And now, we can use `__init__` to declare the parameters of the instance that we can use to "parameterize" the dependency:
@ -30,7 +30,7 @@ And now, we can use `__init__` to declare the parameters of the instance that we
In this case, **FastAPI** won't ever touch or care about `__init__`, we will use it directly in our code.
## Create an instance
## Create an instance { #create-an-instance }
We could create an instance of this class with:
@ -38,7 +38,7 @@ We could create an instance of this class with:
And that way we are able to "parameterize" our dependency, that now has `"bar"` inside of it, as the attribute `checker.fixed_content`.
## Use the instance as a dependency
## Use the instance as a dependency { #use-the-instance-as-a-dependency }
Then, we could use this `checker` in a `Depends(checker)`, instead of `Depends(FixedContentQueryChecker)`, because the dependency is the instance, `checker`, not the class itself.
You have already seen how to test your **FastAPI** applications using the provided `TestClient`. Up to now, you have only seen how to write synchronous tests, without using `async` functions.
@ -6,11 +6,11 @@ Being able to use asynchronous functions in your tests could be useful, for exam
Let's look at how we can make that work.
## pytest.mark.anyio
## pytest.mark.anyio { #pytest-mark-anyio }
If we want to call asynchronous functions in our tests, our test functions have to be asynchronous. AnyIO provides a neat plugin for this, that allows us to specify that some test functions are to be called asynchronously.
## HTTPX
## HTTPX { #httpx }
Even if your **FastAPI** application uses normal `def` functions instead of `async def`, it is still an `async` application underneath.
@ -18,7 +18,7 @@ The `TestClient` does some magic inside to call the asynchronous FastAPI applica
The `TestClient` is based on <ahref="https://www.python-httpx.org"class="external-link"target="_blank">HTTPX</a>, and luckily, we can use it directly to test the API.
## Example
## Example { #example }
For a simple example, let's consider a file structure similar to the one described in [Bigger Applications](../tutorial/bigger-applications.md){.internal-link target=_blank} and [Testing](../tutorial/testing.md){.internal-link target=_blank}:
@ -38,7 +38,7 @@ The file `test_main.py` would have the tests for `main.py`, it could look like t
{* ../../docs_src/async_tests/test_main.py *}
## Run it
## Run it { #run-it }
You can run your tests as usual via:
@ -52,7 +52,7 @@ $ pytest
</div>
## In Detail
## In Detail { #in-detail }
The marker `@pytest.mark.anyio` tells pytest that this test function should be called asynchronously:
@ -88,7 +88,7 @@ If your application relies on lifespan events, the `AsyncClient` won't trigger t
///
## Other Asynchronous Function Calls
## Other Asynchronous Function Calls { #other-asynchronous-function-calls }
As the testing function is now asynchronous, you can now also call (and `await`) other `async` functions apart from sending requests to your FastAPI application in your tests, exactly as you would call them anywhere else in your code.
In some situations, you might need to use a **proxy** server like Traefik or Nginx with a configuration that adds an extra path prefix that is not seen by your application.
@ -10,7 +10,7 @@ The `root_path` is used to handle these specific cases.
And it's also used internally when mounting sub-applications.
## Proxy with a stripped path prefix
## Proxy with a stripped path prefix { #proxy-with-a-stripped-path-prefix }
Having a proxy with a stripped path prefix, in this case, means that you could declare a path at `/app` in your code, but then, you add a layer on top (the proxy) that would put your **FastAPI** application under a path like `/api/v1`.
@ -66,7 +66,7 @@ The docs UI would also need the OpenAPI schema to declare that this API `server`
In this example, the "Proxy" could be something like **Traefik**. And the server would be something like FastAPI CLI with **Uvicorn**, running your FastAPI application.
### Providing the `root_path`
### Providing the `root_path` { #providing-the-root-path }
To achieve this, you can use the command line option `--root-path` like:
@ -90,7 +90,7 @@ And the `--root-path` command line option provides that `root_path`.
///
### Checking the current `root_path`
### Checking the current `root_path` { #checking-the-current-root-path }
You can get the current `root_path` used by your application for each request, it is part of the `scope` dictionary (that's part of the ASGI spec).
@ -119,7 +119,7 @@ The response would be something like:
}
```
### Setting the `root_path` in the FastAPI app
### Setting the `root_path` in the FastAPI app { #setting-the-root-path-in-the-fastapi-app }
Alternatively, if you don't have a way to provide a command line option like `--root-path` or equivalent, you can set the `root_path` parameter when creating your FastAPI app:
@ -127,7 +127,7 @@ Alternatively, if you don't have a way to provide a command line option like `--
Passing the `root_path` to `FastAPI` would be the equivalent of passing the `--root-path` command line option to Uvicorn or Hypercorn.
### About `root_path`
### About `root_path` { #about-root-path }
Keep in mind that the server (Uvicorn) won't use that `root_path` for anything else than passing it to the app.
@ -144,7 +144,7 @@ So, it won't expect to be accessed at `http://127.0.0.1:8000/api/v1/app`.
Uvicorn will expect the proxy to access Uvicorn at `http://127.0.0.1:8000/app`, and then it would be the proxy's responsibility to add the extra `/api/v1` prefix on top.
## About proxies with a stripped path prefix
## About proxies with a stripped path prefix { #about-proxies-with-a-stripped-path-prefix }
Keep in mind that a proxy with stripped path prefix is only one of the ways to configure it.
@ -152,7 +152,7 @@ Probably in many cases the default will be that the proxy doesn't have a strippe
In a case like that (without a stripped path prefix), the proxy would listen on something like `https://myawesomeapp.com`, and then if the browser goes to `https://myawesomeapp.com/api/v1/app` and your server (e.g. Uvicorn) listens on `http://127.0.0.1:8000` the proxy (without a stripped path prefix) would access Uvicorn at the same path: `http://127.0.0.1:8000/api/v1/app`.
## Testing locally with Traefik
## Testing locally with Traefik { #testing-locally-with-traefik }
You can easily run the experiment locally with a stripped path prefix using <ahref="https://docs.traefik.io/"class="external-link"target="_blank">Traefik</a>.
@ -231,7 +231,7 @@ $ fastapi run main.py --root-path /api/v1
</div>
### Check the responses
### Check the responses { #check-the-responses }
Now, if you go to the URL with the port for Uvicorn: <ahref="http://127.0.0.1:8000/app"class="external-link"target="_blank">http://127.0.0.1:8000/app</a>, you will see the normal response:
@ -267,7 +267,7 @@ And the version without the path prefix (`http://127.0.0.1:8000/app`), provided
That demonstrates how the Proxy (Traefik) uses the path prefix and how the server (Uvicorn) uses the `root_path` from the option `--root-path`.
### Check the docs UI
### Check the docs UI { #check-the-docs-ui }
But here's the fun part. ✨
@ -287,7 +287,7 @@ Right as we wanted it. ✔️
This is because FastAPI uses this `root_path` to create the default `server` in OpenAPI with the URL provided by `root_path`.
## Additional servers
## Additional servers { #additional-servers }
/// warning
@ -346,7 +346,7 @@ The docs UI will interact with the server that you select.
///
### Disable automatic server from `root_path`
### Disable automatic server from `root_path` { #disable-automatic-server-from-root-path }
If you don't want **FastAPI** to include an automatic server using the `root_path`, you can use the parameter `root_path_in_servers=False`:
@ -354,7 +354,7 @@ If you don't want **FastAPI** to include an automatic server using the `root_pat
and then it won't include it in the OpenAPI schema.
## Mounting a sub-application
## Mounting a sub-application { #mounting-a-sub-application }
If you need to mount a sub-application (as described in [Sub Applications - Mounts](sub-applications.md){.internal-link target=_blank}) while also using a proxy with `root_path`, you can do it normally, as you would expect.
By default, **FastAPI** will return the responses using `JSONResponse`.
@ -18,7 +18,7 @@ If you use a response class with no media type, FastAPI will expect your respons
///
## Use `ORJSONResponse`
## Use `ORJSONResponse` { #use-orjsonresponse }
For example, if you are squeezing performance, you can install and use <ahref="https://github.com/ijl/orjson"class="external-link"target="_blank">`orjson`</a> and set the response to be `ORJSONResponse`.
@ -48,7 +48,7 @@ The `ORJSONResponse` is only available in FastAPI, not in Starlette.
///
## HTML Response
## HTML Response { #html-response }
To return a response with HTML directly from **FastAPI**, use `HTMLResponse`.
@ -67,7 +67,7 @@ And it will be documented as such in OpenAPI.
///
### Return a `Response`
### Return a `Response` { #return-a-response }
As seen in [Return a Response directly](response-directly.md){.internal-link target=_blank}, you can also override the response directly in your *path operation*, by returning it.
@ -87,13 +87,13 @@ Of course, the actual `Content-Type` header, status code, etc, will come from th
///
### Document in OpenAPI and override `Response`
### Document in OpenAPI and override `Response` { #document-in-openapi-and-override-response }
If you want to override the response from inside of the function but at the same time document the "media type" in OpenAPI, you can use the `response_class` parameter AND return a `Response` object.
The `response_class` will then be used only to document the OpenAPI *path operation*, but your `Response` will be used as is.
#### Return an `HTMLResponse` directly
#### Return an `HTMLResponse` directly { #return-an-htmlresponse-directly }
For example, it could be something like:
@ -107,7 +107,7 @@ But as you passed the `HTMLResponse` in the `response_class` too, **FastAPI** wi
You can also declare the media type and many other details in OpenAPI using `responses`: [Additional Responses in OpenAPI](additional-responses.md){.internal-link target=_blank}.
FastAPI is built on top of **Pydantic**, and I have been showing you how to use Pydantic models to declare requests and responses.
@ -28,7 +28,7 @@ But if you have a bunch of dataclasses laying around, this is a nice trick to us
///
## Dataclasses in `response_model`
## Dataclasses in `response_model` { #dataclasses-in-response-model }
You can also use `dataclasses` in the `response_model` parameter:
@ -40,7 +40,7 @@ This way, its schema will show up in the API docs user interface:
<imgsrc="/img/tutorial/dataclasses/image01.png">
## Dataclasses in Nested Data Structures
## Dataclasses in Nested Data Structures { #dataclasses-in-nested-data-structures }
You can also combine `dataclasses` with other type annotations to make nested data structures.
@ -84,12 +84,12 @@ You can combine `dataclasses` with other type annotations in many different comb
Check the in-code annotation tips above to see more specific details.
## Learn More
## Learn More { #learn-more }
You can also combine `dataclasses` with other Pydantic models, inherit from them, include them in your own models, etc.
To learn more, check the <ahref="https://docs.pydantic.dev/latest/concepts/dataclasses/"class="external-link"target="_blank">Pydantic docs about dataclasses</a>.
## Version
## Version { #version }
This is available since FastAPI version `0.67.0`. 🔖
You can define logic (code) that should be executed before the application **starts up**. This means that this code will be executed **once**, **before** the application **starts receiving requests**.
@ -8,7 +8,7 @@ Because this code is executed before the application **starts** taking requests,
This can be very useful for setting up **resources** that you need to use for the whole app, and that are **shared** among requests, and/or that you need to **clean up** afterwards. For example, a database connection pool, or loading a shared machine learning model.
## Use Case
## Use Case { #use-case }
Let's start with an example **use case** and then see how to solve it with this.
@ -22,7 +22,7 @@ You could load it at the top level of the module/file, but that would also mean
That's what we'll solve, let's load the model before the requests are handled, but only right before the application starts receiving requests, not while the code is being loaded.
## Lifespan
## Lifespan { #lifespan }
You can define this *startup* and *shutdown* logic using the `lifespan` parameter of the `FastAPI` app, and a "context manager" (I'll show you what that is in a second).
@ -44,7 +44,7 @@ Maybe you need to start a new version, or you just got tired of running it. 🤷
///
### Lifespan function
### Lifespan function { #lifespan-function }
The first thing to notice, is that we are defining an async function with `yield`. This is very similar to Dependencies with `yield`.
@ -54,7 +54,7 @@ The first part of the function, before the `yield`, will be executed **before**
And the part after the `yield` will be executed **after** the application has finished.
If you check, the function is decorated with an `@asynccontextmanager`.
@ -84,7 +84,7 @@ The `lifespan` parameter of the `FastAPI` app takes an **async context manager**
{* ../../docs_src/events/tutorial003.py hl[22] *}
## Alternative Events (deprecated)
## Alternative Events (deprecated) { #alternative-events-deprecated }
/// warning
@ -100,7 +100,7 @@ You can define event handlers (functions) that need to be executed before the ap
These functions can be declared with `async def` or normal `def`.
### `startup` event
### `startup` event { #startup-event }
To add a function that should be run before the application starts, declare it with the event `"startup"`:
@ -112,7 +112,7 @@ You can add more than one event handler function.
And your application won't start receiving requests until all the `startup` event handlers have completed.
### `shutdown` event
### `shutdown` event { #shutdown-event }
To add a function that should be run when the application is shutting down, declare it with the event `"shutdown"`:
@ -138,7 +138,7 @@ So, we declare the event handler function with standard `def` instead of `async
///
### `startup` and `shutdown` together
### `startup` and `shutdown` together { #startup-and-shutdown-together }
There's a high chance that the logic for your *startup* and *shutdown* is connected, you might want to start something and then finish it, acquire a resource and then release it, etc.
@ -146,7 +146,7 @@ Doing that in separated functions that don't share logic or variables together i
Because of that, it's now recommended to instead use the `lifespan` as explained above.
## Technical Details
## Technical Details { #technical-details }
Just a technical detail for the curious nerds. 🤓
@ -160,6 +160,6 @@ Including how to handle lifespan state that can be used in other areas of your c
///
## Sub Applications
## Sub Applications { #sub-applications }
🚨 Keep in mind that these lifespan events (startup and shutdown) will only be executed for the main application, not for [Sub Applications - Mounts](sub-applications.md){.internal-link target=_blank}.
As **FastAPI** is based on the OpenAPI specification, you get automatic compatibility with many tools, including the automatic API docs (provided by Swagger UI).
One particular advantage that is not necessarily obvious is that you can **generate clients** (sometimes called <abbrtitle="Software Development Kits">**SDKs**</abbr> ) for your API, for many different **programming languages**.
There are many tools to generate clients from **OpenAPI**.
@ -12,7 +12,7 @@ A common tool is <a href="https://openapi-generator.tech/" class="external-link"
If you are building a **frontend**, a very interesting alternative is <ahref="https://github.com/hey-api/openapi-ts"class="external-link"target="_blank">openapi-ts</a>.
## Client and SDK Generators - Sponsor
## Client and SDK Generators - Sponsor { #client-and-sdk-generators-sponsor }
There are also some **company-backed** Client and SDK generators based on OpenAPI (FastAPI), in some cases they can offer you **additional features** on top of high-quality generated SDKs/clients.
@ -28,7 +28,7 @@ For example, you might want to try:
There are also several other companies offering similar services that you can search and find online. 🤓
## Generate a TypeScript Frontend Client
## Generate a TypeScript Frontend Client { #generate-a-typescript-frontend-client }
Let's start with a simple FastAPI application:
@ -36,7 +36,7 @@ Let's start with a simple FastAPI application:
Notice that the *path operations* define the models they use for request payload and response payload, using the models `Item` and `ResponseMessage`.
### API Docs
### API Docs { #api-docs }
If you go to the API docs, you will see that it has the **schemas** for the data to be sent in requests and received in responses:
@ -48,11 +48,11 @@ That information is available in the app's **OpenAPI schema**, and then shown in
And that same information from the models that is included in OpenAPI is what can be used to **generate the client code**.
### Generate a TypeScript Client
### Generate a TypeScript Client { #generate-a-typescript-client }
Now that we have the app with the models, we can generate the client code for the frontend.
#### Install `openapi-ts`
#### Install `openapi-ts` { #install-openapi-ts }
You can install `openapi-ts` in your frontend code with:
You can **modify** the way these operation IDs are **generated** to make them simpler and have **simpler method names** in the clients.
@ -174,7 +174,7 @@ In this case you will have to ensure that each operation ID is **unique** in som
For example, you could make sure that each *path operation* has a tag, and then generate the operation ID based on the **tag** and the *path operation***name** (the function name).
### Custom Generate Unique ID Function
### Custom Generate Unique ID Function { #custom-generate-unique-id-function }
FastAPI uses a **unique ID** for each *path operation*, it is used for the **operation ID** and also for the names of any needed custom models, for requests or responses.
@ -186,7 +186,7 @@ You can then pass that custom function to **FastAPI** as the `generate_unique_id
### Generate a TypeScript Client with Custom Operation IDs
### Generate a TypeScript Client with Custom Operation IDs { #generate-a-typescript-client-with-custom-operation-ids }
Now if you generate the client again, you will see that it has the improved method names:
@ -194,7 +194,7 @@ Now if you generate the client again, you will see that it has the improved meth
As you see, the method names now have the tag and then the function name, now they don't include information from the URL path and the HTTP operation.
### Preprocess the OpenAPI Specification for the Client Generator
### Preprocess the OpenAPI Specification for the Client Generator { #preprocess-the-openapi-specification-for-the-client-generator }
The generated code still has some **duplicated information**.
@ -218,7 +218,7 @@ We could download the OpenAPI JSON to a file `openapi.json` and then we could **
With that, the operation IDs would be renamed from things like `items-get_items` to just `get_items`, that way the client generator can generate simpler method names.
### Generate a TypeScript Client with the Preprocessed OpenAPI
### Generate a TypeScript Client with the Preprocessed OpenAPI { #generate-a-typescript-client-with-the-preprocessed-openapi }
Now as the end result is in a file `openapi.json`, you would modify the `package.json` to use that local file, for example:
@ -244,7 +244,7 @@ After generating the new client, you would now have **clean method names**, with
The main [Tutorial - User Guide](../tutorial/index.md){.internal-link target=_blank} should be enough to give you a tour through all the main features of **FastAPI**.
@ -14,7 +14,7 @@ And it's possible that for your use case, the solution is in one of them.
///
## Read the Tutorial first
## Read the Tutorial first { #read-the-tutorial-first }
You could still use most of the features in **FastAPI** with the knowledge from the main [Tutorial - User Guide](../tutorial/index.md){.internal-link target=_blank}.
As **FastAPI** is based on Starlette and implements the <abbrtitle="Asynchronous Server Gateway Interface">ASGI</abbr> specification, you can use any ASGI middleware.
Enforces that all incoming requests have a correctly set `Host` header, in order to guard against HTTP Host Header attacks.
@ -71,7 +71,7 @@ The following arguments are supported:
If an incoming request does not validate correctly then a `400` response will be sent.
## `GZipMiddleware`
## `GZipMiddleware` { #gzipmiddleware }
Handles GZip responses for any request that includes `"gzip"` in the `Accept-Encoding` header.
@ -84,7 +84,7 @@ The following arguments are supported:
* `minimum_size` - Do not GZip responses that are smaller than this minimum size in bytes. Defaults to `500`.
* `compresslevel` - Used during GZip compression. It is an integer ranging from 1 to 9. Defaults to `9`. Lower value results in faster compression but larger file sizes, while higher value results in slower compression but smaller file sizes.
You could create an API with a *path operation* that could trigger a request to an *external API* created by someone else (probably the same developer that would be *using* your API).
@ -6,7 +6,7 @@ The process that happens when your API app calls the *external API* is named a "
In this case, you could want to document how that external API *should* look like. What *path operation* it should have, what body it should expect, what response it should return, etc.
## An app with callbacks
## An app with callbacks { #an-app-with-callbacks }
Let's see all this with an example.
@ -23,7 +23,7 @@ Then your API will (let's imagine):
* Send a notification back to the API user (the external developer).
* This will be done by sending a POST request (from *your API*) to some *external API* provided by that external developer (this is the "callback").
## The normal **FastAPI** app
## The normal **FastAPI** app { #the-normal-fastapi-app }
Let's first see how the normal API app would look like before adding the callback.
@ -41,7 +41,7 @@ The `callback_url` query parameter uses a Pydantic <a href="https://docs.pydanti
The only new thing is the `callbacks=invoices_callback_router.routes` as an argument to the *path operation decorator*. We'll see what that is next.
## Documenting the callback
## Documenting the callback { #documenting-the-callback }
The actual callback code will depend heavily on your own API app.
@ -70,7 +70,7 @@ When implementing the callback yourself, you could use something like <a href="h
///
## Write the callback documentation code
## Write the callback documentation code { #write-the-callback-documentation-code }
This code won't be executed in your app, we only need it to *document* how that *external API* should look like.
@ -86,13 +86,13 @@ Temporarily adopting this point of view (of the *external developer*) can help y
///
### Create a callback `APIRouter`
### Create a callback `APIRouter` { #create-a-callback-apirouter }
First create a new `APIRouter` that will contain one or more callbacks.
### Create the callback *path operation* { #create-the-callback-path-operation }
To create the callback *path operation* use the same `APIRouter` you created above.
@ -108,7 +108,7 @@ There are 2 main differences from a normal *path operation*:
* It doesn't need to have any actual code, because your app will never call this code. It's only used to document the *external API*. So, the function could just have `pass`.
* The *path* can contain an <ahref="https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.1.0.md#key-expression"class="external-link"target="_blank">OpenAPI 3 expression</a> (see more below) where it can use variables with parameters and parts of the original request sent to *your API*.
### The callback path expression
### The callback path expression { #the-callback-path-expression }
The callback *path* can have an <ahref="https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.1.0.md#key-expression"class="external-link"target="_blank">OpenAPI 3 expression</a> that can contain parts of the original request sent to *your API*.
@ -163,7 +163,7 @@ Notice how the callback URL used contains the URL received as a query parameter
///
### Add the callback router
### Add the callback router { #add-the-callback-router }
At this point you have the *callback path operation(s)* needed (the one(s) that the *external developer* should implement in the *external API*) in the callback router you created above.
@ -177,7 +177,7 @@ Notice that you are not passing the router itself (`invoices_callback_router`) t
///
### Check the docs
### Check the docs { #check-the-docs }
Now you can start your app and go to <ahref="http://127.0.0.1:8000/docs"class="external-link"target="_blank">http://127.0.0.1:8000/docs</a>.
There are cases where you want to tell your API **users** that your app could call *their* app (sending a request) with some data, normally to **notify** of some type of **event**.
@ -6,7 +6,7 @@ This means that instead of the normal process of your users sending requests to
This is normally called a **webhook**.
## Webhooks steps
## Webhooks steps { #webhooks-steps }
The process normally is that **you define** in your code what is the message that you will send, the **body of the request**.
@ -16,7 +16,7 @@ And **your users** define in some way (for example in a web dashboard somewhere)
All the **logic** about how to register the URLs for webhooks and the code to actually send those requests is up to you. You write it however you want to in **your own code**.
## Documenting webhooks with **FastAPI** and OpenAPI
## Documenting webhooks with **FastAPI** and OpenAPI { #documenting-webhooks-with-fastapi-and-openapi }
With **FastAPI**, using OpenAPI, you can define the names of these webhooks, the types of HTTP operations that your app can send (e.g. `POST`, `PUT`, etc.) and the request **bodies** that your app would send.
@ -28,7 +28,7 @@ Webhooks are available in OpenAPI 3.1.0 and above, supported by FastAPI `0.99.0`
///
## An app with webhooks
## An app with webhooks { #an-app-with-webhooks }
When you create a **FastAPI** application, there is a `webhooks` attribute that you can use to define *webhooks*, the same way you would define *path operations*, for example with `@app.webhooks.post()`.
@ -46,7 +46,7 @@ Notice that with webhooks you are actually not declaring a *path* (like `/items/
This is because it is expected that **your users** would define the actual **URL path** where they want to receive the webhook request in some other way (e.g. a web dashboard).
### Check the docs
### Check the docs { #check-the-docs }
Now you can start your app and go to <ahref="http://127.0.0.1:8000/docs"class="external-link"target="_blank">http://127.0.0.1:8000/docs</a>.
### Using the *path operation function* name as the operationId
### Using the *path operation function* name as the operationId { #using-the-path-operation-function-name-as-the-operationid }
If you want to use your APIs' function names as `operationId`s, you can iterate over all of them and override each *path operation's*`operation_id` using their `APIRoute.name`.
@ -36,13 +36,13 @@ Even if they are in different modules (Python files).
///
## Exclude from OpenAPI
## Exclude from OpenAPI { #exclude-from-openapi }
To exclude a *path operation* from the generated OpenAPI schema (and thus, from the automatic documentation systems), use the parameter `include_in_schema` and set it to `False`:
You probably have seen how to declare the `response_model` and `status_code` for a *path operation*.
@ -62,7 +62,7 @@ You can also declare additional responses with their models, status codes, etc.
There's a whole chapter here in the documentation about it, you can read it at [Additional Responses in OpenAPI](additional-responses.md){.internal-link target=_blank}.
## OpenAPI Extra
## OpenAPI Extra { #openapi-extra }
When you declare a *path operation* in your application, **FastAPI** automatically generates the relevant metadata about that *path operation* to be included in the OpenAPI schema.
@ -88,7 +88,7 @@ If you only need to declare additional responses, a more convenient way to do it
You can extend the OpenAPI schema for a *path operation* using the parameter `openapi_extra`.
### OpenAPI Extensions
### OpenAPI Extensions { #openapi-extensions }
This `openapi_extra` can be helpful, for example, to declare [OpenAPI Extensions](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#specificationExtensions):
@ -129,7 +129,7 @@ And if you see the resulting OpenAPI (at `/openapi.json` in your API), you will
The dictionary in `openapi_extra` will be deeply merged with the automatically generated OpenAPI schema for the *path operation*.
@ -145,7 +145,7 @@ In this example, we didn't declare any Pydantic model. In fact, the request body
Nevertheless, we can declare the expected schema for the request body.
### Custom OpenAPI content type
### Custom OpenAPI content type { #custom-openapi-content-type }
Using this same trick, you could use a Pydantic model to define the JSON Schema that is then included in the custom OpenAPI schema section for the *path operation*.
# Return a Response Directly { #return-a-response-directly }
When you create a **FastAPI***path operation* you can normally return any data from it: a `dict`, a `list`, a Pydantic model, a database model, etc.
@ -10,7 +10,7 @@ But you can return a `JSONResponse` directly from your *path operations*.
It might be useful, for example, to return custom headers or cookies.
## Return a `Response`
## Return a `Response` { #return-a-response }
In fact, you can return any `Response` or any sub-class of it.
@ -26,7 +26,7 @@ It won't do any data conversion with Pydantic models, it won't convert the conte
This gives you a lot of flexibility. You can return any data type, override any data declaration or validation, etc.
## Using the `jsonable_encoder` in a `Response`
## Using the `jsonable_encoder` in a `Response` { #using-the-jsonable-encoder-in-a-response }
Because **FastAPI** doesn't make any changes to a `Response` you return, you have to make sure its contents are ready for it.
@ -44,7 +44,7 @@ You could also use `from starlette.responses import JSONResponse`.
///
## Returning a custom `Response`
## Returning a custom `Response` { #returning-a-custom-response }
The example above shows all the parts you need, but it's not very useful yet, as you could have just returned the `item` directly, and **FastAPI** would put it in a `JSONResponse` for you, converting it to a `dict`, etc. All that by default.
@ -56,7 +56,7 @@ You could put your XML content in a string, put that in a `Response`, and return
## Use a `Response` parameter { #use-a-response-parameter }
You can declare a parameter of type `Response` in your *path operation function* (as you can do for cookies).
@ -16,7 +16,7 @@ And if you declared a `response_model`, it will still be used to filter and conv
You can also declare the `Response` parameter in dependencies, and set headers (and cookies) in them.
## Return a `Response` directly
## Return a `Response` directly { #return-a-response-directly }
You can also add headers when you return a `Response` directly.
@ -34,7 +34,7 @@ And as the `Response` can be used frequently to set headers and cookies, **FastA
///
## Custom Headers
## Custom Headers { #custom-headers }
Keep in mind that custom proprietary headers can be added <ahref="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers"class="external-link"target="_blank">using the 'X-' prefix</a>.
@ -26,7 +26,7 @@ When you try to open the URL for the first time (or click the "Execute" button i
<imgsrc="/img/tutorial/security/image12.png">
## Check the username
## Check the username { #check-the-username }
Here's a more complete example.
@ -52,7 +52,7 @@ if not (credentials.username == "stanleyjobson") or not (credentials.password ==
But by using the `secrets.compare_digest()` it will be secure against a type of attacks called "timing attacks".
### Timing Attacks
### Timing Attacks { #timing-attacks }
But what's a "timing attack"?
@ -80,19 +80,19 @@ if "stanleyjobsox" == "stanleyjobson" and "love123" == "swordfish":
Python will have to compare the whole `stanleyjobso` in both `stanleyjobsox` and `stanleyjobson` before realizing that both strings are not the same. So it will take some extra microseconds to reply back "Incorrect username or password".
#### The time to answer helps the attackers
#### The time to answer helps the attackers { #the-time-to-answer-helps-the-attackers }
At that point, by noticing that the server took some microseconds longer to send the "Incorrect username or password" response, the attackers will know that they got _something_ right, some of the initial letters were right.
And then they can try again knowing that it's probably something more similar to `stanleyjobsox` than to `johndoe`.
#### A "professional" attack
#### A "professional" attack { #a-professional-attack }
Of course, the attackers would not try all this by hand, they would write a program to do it, possibly with thousands or millions of tests per second. And they would get just one extra correct letter at a time.
But doing that, in some minutes or hours the attackers would have guessed the correct username and password, with the "help" of our application, just using the time taken to answer.
#### Fix it with `secrets.compare_digest()`
#### Fix it with `secrets.compare_digest()` { #fix-it-with-secrets-compare-digest }
But in our code we are actually using `secrets.compare_digest()`.
@ -100,7 +100,7 @@ In short, it will take the same time to compare `stanleyjobsox` to `stanleyjobso
That way, using `secrets.compare_digest()` in your application code, it will be safe against this whole range of security attacks.
### Return the error
### Return the error { #return-the-error }
After detecting that the credentials are incorrect, return an `HTTPException` with a status code 401 (the same returned when no credentials are provided) and add the header `WWW-Authenticate` to make the browser show the login prompt again:
There are some extra features to handle security apart from the ones covered in the [Tutorial - User Guide: Security](../../tutorial/security/index.md){.internal-link target=_blank}.
@ -12,7 +12,7 @@ And it's possible that for your use case, the solution is in one of them.
///
## Read the Tutorial first
## Read the Tutorial first { #read-the-tutorial-first }
The next sections assume you already read the main [Tutorial - User Guide: Security](../../tutorial/security/index.md){.internal-link target=_blank}.
You can use OAuth2 scopes directly with **FastAPI**, they are integrated to work seamlessly.
@ -26,7 +26,7 @@ But if you know you need it, or you are curious, keep reading.
///
## OAuth2 scopes and OpenAPI
## OAuth2 scopes and OpenAPI { #oauth2-scopes-and-openapi }
The OAuth2 specification defines "scopes" as a list of strings separated by spaces.
@ -58,7 +58,7 @@ For OAuth2 they are just strings.
///
## Global view
## Global view { #global-view }
First, let's quickly see the parts that change from the examples in the main **Tutorial - User Guide** for [OAuth2 with Password (and hashing), Bearer with JWT tokens](../../tutorial/security/oauth2-jwt.md){.internal-link target=_blank}. Now using OAuth2 scopes:
@ -66,7 +66,7 @@ First, let's quickly see the parts that change from the examples in the main **T
We now verify that all the scopes required, by this dependency and all the dependants (including *path operations*), are included in the scopes provided in the token received, otherwise raise an `HTTPException`.
@ -190,7 +190,7 @@ For this, we use `security_scopes.scopes`, that contains a `list` with all these
## Dependency tree and scopes { #dependency-tree-and-scopes }
Let's review again this dependency tree and the scopes.
@ -223,7 +223,7 @@ All depending on the `scopes` declared in each *path operation* and each depende
///
## More details about `SecurityScopes`
## More details about `SecurityScopes` { #more-details-about-securityscopes }
You can use `SecurityScopes` at any point, and in multiple places, it doesn't have to be at the "root" dependency.
@ -233,7 +233,7 @@ Because the `SecurityScopes` will have all the scopes declared by dependants, yo
They will be checked independently for each *path operation*.
## Check it
## Check it { #check-it }
If you open the API docs, you can authenticate and specify which scopes you want to authorize.
@ -245,7 +245,7 @@ And if you select the scope `me` but not the scope `items`, you will be able to
That's what would happen to a third party application that tried to access one of these *path operations* with a token provided by a user, depending on how many permissions the user gave the application.
## About third party integrations
## About third party integrations { #about-third-party-integrations }
In this example we are using the OAuth2 "password" flow.
@ -269,6 +269,6 @@ But in the end, they are implementing the same OAuth2 standard.
**FastAPI** includes utilities for all these OAuth2 authentication flows in `fastapi.security.oauth2`.
## `Security` in decorator `dependencies`
## `Security` in decorator `dependencies` { #security-in-decorator-dependencies }
The same way you can define a `list` of `Depends` in the decorator's `dependencies` parameter (as explained in [Dependencies in path operation decorators](../../tutorial/dependencies/dependencies-in-path-operation-decorators.md){.internal-link target=_blank}), you could also use `Security` with `scopes` there.
# Settings and Environment Variables { #settings-and-environment-variables }
In many cases your application could need some external settings or configurations, for example secret keys, database credentials, credentials for email services, etc.
@ -12,17 +12,17 @@ To understand environment variables you can read [Environment Variables](../envi
///
## Types and validation
## Types and validation { #types-and-validation }
These environment variables can only handle text strings, as they are external to Python and have to be compatible with other programs and the rest of the system (and even with different operating systems, as Linux, Windows, macOS).
That means that any value read in Python from an environment variable will be a `str`, and any conversion to a different type or any validation has to be done in code.
## Pydantic `Settings`
## Pydantic `Settings` { #pydantic-settings }
Fortunately, Pydantic provides a great utility to handle these settings coming from environment variables with <ahref="https://docs.pydantic.dev/latest/concepts/pydantic_settings/"class="external-link"target="_blank">Pydantic: Settings management</a>.
First, make sure you create your [virtual environment](../virtual-environments.md){.internal-link target=_blank}, activate it, and then install the `pydantic-settings` package:
@ -52,7 +52,7 @@ In Pydantic v1 it came included with the main package. Now it is distributed as
///
### Create the `Settings` object
### Create the `Settings` object { #create-the-settings-object }
Import `BaseSettings` from Pydantic and create a sub-class, very much like with a Pydantic model.
@ -88,13 +88,13 @@ Then, when you create an instance of that `Settings` class (in this case, in the
Next it will convert and validate the data. So, when you use that `settings` object, you will have data of the types you declared (e.g. `items_per_user` will be an `int`).
### Use the `settings`
### Use the `settings` { #use-the-settings }
Then you can use the new `settings` object in your application:
Next, you would run the server passing the configurations as environment variables, for example you could set an `ADMIN_EMAIL` and `APP_NAME` with:
@ -120,7 +120,7 @@ The `app_name` would be `"ChimichangApp"`.
And the `items_per_user` would keep its default value of `50`.
## Settings in another module
## Settings in another module { #settings-in-another-module }
You could put those settings in another module file as you saw in [Bigger Applications - Multiple Files](../tutorial/bigger-applications.md){.internal-link target=_blank}.
@ -138,13 +138,13 @@ You would also need a file `__init__.py` as you saw in [Bigger Applications - Mu
///
## Settings in a dependency
## Settings in a dependency { #settings-in-a-dependency }
In some occasions it might be useful to provide the settings from a dependency, instead of having a global object with `settings` that is used everywhere.
This could be especially useful during testing, as it's very easy to override a dependency with your own custom settings.
### The config file
### The config file { #the-config-file }
Coming from the previous example, your `config.py` file could look like:
@ -152,7 +152,7 @@ Coming from the previous example, your `config.py` file could look like:
Notice that now we don't create a default instance `settings = Settings()`.
### The main app file
### The main app file { #the-main-app-file }
Now we create a dependency that returns a new `config.Settings()`.
@ -170,7 +170,7 @@ And then we can require it from the *path operation function* as a dependency an
### Settings and testing { #settings-and-testing }
Then it would be very easy to provide a different settings object during testing by creating a dependency override for `get_settings`:
@ -180,7 +180,7 @@ In the dependency override we set a new value for the `admin_email` when creatin
Then we can test that it is used.
## Reading a `.env` file
## Reading a `.env` file { #reading-a-env-file }
If you have many settings that possibly change a lot, maybe in different environments, it might be useful to put them on a file and then read them from it as if they were environment variables.
@ -202,7 +202,7 @@ For this to work, you need to `pip install python-dotenv`.
### Read settings from `.env` { #read-settings-from-env }
And then update your `config.py` with:
@ -247,7 +247,7 @@ In Pydantic version 1 the configuration was done in an internal class `Config`,
Here we define the config `env_file` inside of your Pydantic `Settings` class, and set the value to the filename with the dotenv file we want to use.
### Creating the `Settings` only once with `lru_cache`
### Creating the `Settings` only once with `lru_cache` { #creating-the-settings-only-once-with-lru-cache }
Reading a file from disk is normally a costly (slow) operation, so you probably want to do it only once and then reuse the same settings object, instead of reading it for each request.
@ -274,7 +274,7 @@ But as we are using the `@lru_cache` decorator on top, the `Settings` object wil
Then for any subsequent call of `get_settings()` in the dependencies for the next requests, instead of executing the internal code of `get_settings()` and creating a new `Settings` object, it will return the same object that was returned on the first call, again and again.
`@lru_cache` modifies the function it decorates to return the same value that was returned the first time, instead of computing it again, executing the code of the function every time.
@ -337,7 +337,7 @@ That way, it behaves almost as if it was just a global variable. But as it uses
`@lru_cache` is part of `functools` which is part of Python's standard library, you can read more about it in the <ahref="https://docs.python.org/3/library/functools.html#functools.lru_cache"class="external-link"target="_blank">Python docs for `@lru_cache`</a>.
## Recap
## Recap { #recap }
You can use Pydantic Settings to handle the settings or configurations for your application, with all the power of Pydantic models.
# Sub Applications - Mounts { #sub-applications-mounts }
If you need to have two independent FastAPI applications, with their own independent OpenAPI and their own docs UIs, you can have a main app and "mount" one (or more) sub-application(s).
## Mounting a **FastAPI** application
## Mounting a **FastAPI** application { #mounting-a-fastapi-application }
"Mounting" means adding a completely "independent" application in a specific path, that then takes care of handling everything under that path, with the _path operations_ declared in that sub-application.
### Check the automatic API docs { #check-the-automatic-api-docs }
Now, run the `fastapi` command with your file:
@ -56,7 +56,7 @@ You will see the automatic API docs for the sub-application, including only its
If you try interacting with any of the two user interfaces, they will work correctly, because the browser will be able to talk to each specific app or sub-app.
When you mount a sub-application as described above, FastAPI will take care of communicating the mount path for the sub-application using a mechanism from the ASGI specification called a `root_path`.
You can also use `url_for()` inside of the template, it takes as arguments the same arguments that would be used by your *path operation function*.
@ -105,7 +105,7 @@ For example, with an ID of `42`, this would render:
<ahref="/items/42">
```
## Templates and static files
## Templates and static files { #templates-and-static-files }
You can also use `url_for()` inside of the template, and use it, for example, with the `StaticFiles` you mounted with the `name="static"`.
@ -121,6 +121,6 @@ In this example, it would link to a CSS file at `static/styles.css` with:
And because you are using `StaticFiles`, that CSS file would be served automatically by your **FastAPI** application at the URL `/static/styles.css`.
## More details
## More details { #more-details }
For more details, including how to test templates, check <ahref="https://www.starlette.io/templates/"class="external-link"target="_blank">Starlette's docs on templates</a>.
# Testing Dependencies with Overrides { #testing-dependencies-with-overrides }
## Overriding dependencies during testing
## Overriding dependencies during testing { #overriding-dependencies-during-testing }
There are some scenarios where you might want to override a dependency during testing.
@ -8,7 +8,7 @@ You don't want the original dependency to run (nor any of the sub-dependencies i
Instead, you want to provide a different dependency that will be used only during tests (possibly only some specific tests), and will provide a value that can be used where the value of the original dependency was used.
### Use cases: external service
### Use cases: external service { #use-cases-external-service }
An example could be that you have an external authentication provider that you need to call.
@ -20,7 +20,7 @@ You probably want to test the external provider once, but not necessarily call i
In this case, you can override the dependency that calls that provider, and use a custom dependency that returns a mock user, only for your tests.
### Use the `app.dependency_overrides` attribute
### Use the `app.dependency_overrides` attribute { #use-the-app-dependency-overrides-attribute }
For these cases, your **FastAPI** application has an attribute `app.dependency_overrides`, it is a simple `dict`.
# Using the Request Directly { #using-the-request-directly }
Up to now, you have been declaring the parts of the request that you need with their types.
@ -13,7 +13,7 @@ And by doing so, **FastAPI** is validating that data, converting it and generati
But there are situations where you might need to access the `Request` object directly.
## Details about the `Request` object
## Details about the `Request` object { #details-about-the-request-object }
As **FastAPI** is actually **Starlette** underneath, with a layer of several tools on top, you can use Starlette's <ahref="https://www.starlette.io/requests/"class="external-link"target="_blank">`Request`</a> object directly when you need to.
@ -23,7 +23,7 @@ Although any other parameter declared normally (for example, the body with a Pyd
But there are specific cases where it's useful to get the `Request` object.
## Use the `Request` object directly
## Use the `Request` object directly { #use-the-request-object-directly }
Let's imagine you want to get the client's IP address/host inside of your *path operation function*.
@ -43,7 +43,7 @@ The same way, you can declare any other parameter as normally, and additionally,
You can read more details about the <ahref="https://www.starlette.io/requests/"class="external-link"target="_blank">`Request` object in the official Starlette documentation site</a>.
You can use <ahref="https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API"class="external-link"target="_blank">WebSockets</a> with **FastAPI**.
## Install `WebSockets`
## Install `WebSockets` { #install-websockets }
Make sure you create a [virtual environment](../virtual-environments.md){.internal-link target=_blank}, activate it, and install `websockets`:
@ -16,9 +16,9 @@ $ pip install websockets
</div>
## WebSockets client
## WebSockets client { #websockets-client }
### In production
### In production { #in-production }
In your production system, you probably have a frontend created with a modern framework like React, Vue.js or Angular.
@ -40,7 +40,7 @@ But it's the simplest way to focus on the server-side of WebSockets and have a w
In your **FastAPI** application, create a `websocket`:
@ -54,7 +54,7 @@ You could also use `from starlette.websockets import WebSocket`.
///
## Await for messages and send messages
## Await for messages and send messages { #await-for-messages-and-send-messages }
In your WebSocket route you can `await` for messages and send messages.
@ -62,7 +62,7 @@ In your WebSocket route you can `await` for messages and send messages.
You can receive and send binary, text, and JSON data.
## Try it
## Try it { #try-it }
If your file is named `main.py`, run your application with:
@ -96,7 +96,7 @@ You can send (and receive) many messages:
And all of them will use the same WebSocket connection.
## Using `Depends` and others
## Using `Depends` and others { #using-depends-and-others }
In WebSocket endpoints you can import from `fastapi` and use:
@ -119,7 +119,7 @@ You can use a closing code from the <a href="https://tools.ietf.org/html/rfc6455
///
### Try the WebSockets with dependencies
### Try the WebSockets with dependencies { #try-the-websockets-with-dependencies }
If your file is named `main.py`, run your application with:
@ -150,7 +150,7 @@ With that you can connect the WebSocket and then send and receive messages:
<imgsrc="/img/tutorial/websockets/image05.png">
## Handling disconnections and multiple clients
## Handling disconnections and multiple clients { #handling-disconnections-and-multiple-clients }
When a WebSocket connection is closed, the `await websocket.receive_text()` will raise a `WebSocketDisconnect` exception, which you can then catch and handle like in this example.
@ -178,7 +178,7 @@ If you need something easy to integrate with FastAPI but that is more robust, su
///
## More info
## More info { #more-info }
To learn more about the options, check Starlette's documentation for:
# Including WSGI - Flask, Django, others { #including-wsgi-flask-django-others }
You can mount WSGI applications as you saw with [Sub Applications - Mounts](sub-applications.md){.internal-link target=_blank}, [Behind a Proxy](behind-a-proxy.md){.internal-link target=_blank}.
For that, you can use the `WSGIMiddleware` and use it to wrap your WSGI application, for example, Flask, Django, etc.
## Using `WSGIMiddleware`
## Using `WSGIMiddleware` { #using-wsgimiddleware }
You need to import `WSGIMiddleware`.
@ -14,7 +14,7 @@ And then mount that under a path.
# Alternatives, Inspiration and Comparisons { #alternatives-inspiration-and-comparisons }
What inspired **FastAPI**, how it compares to alternatives and what it learned from them.
## Intro
## Intro { #intro }
**FastAPI** wouldn't exist if not for the previous work of others.
@ -12,9 +12,9 @@ I have been avoiding the creation of a new framework for several years. First I
But at some point, there was no other option than creating something that provided all these features, taking the best ideas from previous tools, and combining them in the best way possible, using language features that weren't even available before (Python 3.6+ type hints).
It's the most popular Python framework and is widely trusted. It is used to build systems like Instagram.
@ -22,7 +22,7 @@ It's relatively tightly coupled with relational databases (like MySQL or Postgre
It was created to generate the HTML in the backend, not to create APIs used by a modern frontend (like React, Vue.js and Angular) or by other systems (like <abbrtitle="Internet of Things">IoT</abbr> devices) communicating with it.
There are several Flask REST frameworks, but after investing the time and work into investigating them, I found that many are discontinued or abandoned, with several standing issues that made them unfit.
One of the main features needed by API systems is data "<abbrtitle="also called marshalling, conversion">serialization</abbr>" which is taking data from the code (Python) and converting it into something that can be sent through the network. For example, converting an object containing data from a database into a JSON object. Converting `datetime` objects into strings, etc.
@ -153,7 +153,7 @@ Use code to define "schemas" that provide data types and validation, automatical
Hug was one of the first frameworks to implement the declaration of API parameter types using Python type hints. This was a great idea that inspired other tools to do the same.
@ -351,7 +351,7 @@ Hug inspired **FastAPI** to declare a `response` parameter in functions to set h
Starlette is a lightweight <abbrtitle="The new standard for building asynchronous Python web applications">ASGI</abbr> framework/toolkit, which is ideal for building high-performance asyncio services.
@ -462,7 +462,7 @@ So, anything that you can do with Starlette, you can do it directly with **FastA
Uvicorn is a lightning-fast ASGI server, built on uvloop and httptools.
@ -480,6 +480,6 @@ Check more details in the [Deployment](deployment/index.md){.internal-link targe
///
## Benchmarks and speed
## Benchmarks and speed { #benchmarks-and-speed }
To understand, compare, and see the difference between Uvicorn, Starlette and FastAPI, check the section about [Benchmarks](benchmarks.md){.internal-link target=_blank}.
@ -54,7 +54,7 @@ Anyway, in any of the cases above, FastAPI will still work asynchronously and be
But by following the steps above, it will be able to do some performance optimizations.
## Technical Details
## Technical Details { #technical-details }
Modern versions of Python have support for **"asynchronous code"** using something called **"coroutines"**, with **`async` and `await`** syntax.
@ -64,7 +64,7 @@ Let's see that phrase by parts in the sections below:
* **`async` and `await`**
* **Coroutines**
## Asynchronous Code
## Asynchronous Code { #asynchronous-code }
Asynchronous code just means that the language 💬 has a way to tell the computer / program 🤖 that at some point in the code, it 🤖 will have to wait for *something else* to finish somewhere else. Let's say that *something else* is called "slow-file" 📝.
@ -93,7 +93,7 @@ Instead of that, by being an "asynchronous" system, once finished, the task can
For "synchronous" (contrary to "asynchronous") they commonly also use the term "sequential", because the computer / program follows all the steps in sequence before switching to a different task, even if those steps involve waiting.
### Concurrency and Burgers
### Concurrency and Burgers { #concurrency-and-burgers }
This idea of **asynchronous** code described above is also sometimes called **"concurrency"**. It is different from **"parallelism"**.
@ -103,7 +103,7 @@ But the details between *concurrency* and *parallelism* are quite different.
To see the difference, imagine the following story about burgers:
### Concurrent Burgers
### Concurrent Burgers { #concurrent-burgers }
You go with your crush to get fast food, you stand in line while the cashier takes the orders from the people in front of you. 😍
@ -163,7 +163,7 @@ So you wait for your crush to finish the story (finish the current work ⏯ / ta
Then you go to the counter 🔀, to the initial task that is now finished ⏯, pick the burgers, say thanks and take them to the table. That finishes that step / task of interaction with the counter ⏹. That in turn, creates a new task, of "eating burgers" 🔀 ⏯, but the previous one of "getting burgers" is finished ⏹.
### Parallel Burgers
### Parallel Burgers { #parallel-burgers }
Now let's imagine these aren't "Concurrent Burgers", but "Parallel Burgers".
@ -233,7 +233,7 @@ And you have to wait 🕙 in the line for a long time or you lose your turn.
You probably wouldn't want to take your crush 😍 with you to run errands at the bank 🏦.
### Burger Conclusion
### Burger Conclusion { #burger-conclusion }
In this scenario of "fast food burgers with your crush", as there is a lot of waiting 🕙, it makes a lot more sense to have a concurrent system ⏸🔀⏯.
@ -253,7 +253,7 @@ And that's the same level of performance you get with **FastAPI**.
And as you can have parallelism and asynchronicity at the same time, you get higher performance than most of the tested NodeJS frameworks and on par with Go, which is a compiled language closer to C <ahref="https://www.techempower.com/benchmarks/#section=data-r17&hw=ph&test=query&l=zijmkf-1"class="external-link"target="_blank">(all thanks to Starlette)</a>.
### Is concurrency better than parallelism?
### Is concurrency better than parallelism? { #is-concurrency-better-than-parallelism }
Nope! That's not the moral of the story.
@ -290,7 +290,7 @@ For example:
* **Machine Learning**: it normally requires lots of "matrix" and "vector" multiplications. Think of a huge spreadsheet with numbers and multiplying all of them together at the same time.
* **Deep Learning**: this is a sub-field of Machine Learning, so, the same applies. It's just that there is not a single spreadsheet of numbers to multiply, but a huge set of them, and in many cases, you use a special processor to build and / or use those models.
### Concurrency + Parallelism: Web + Machine Learning
With **FastAPI** you can take advantage of concurrency that is very common for web development (the same main attraction of NodeJS).
@ -300,7 +300,7 @@ That, plus the simple fact that Python is the main language for **Data Science**
To see how to achieve this parallelism in production see the section about [Deployment](deployment/index.md){.internal-link target=_blank}.
## `async` and `await`
## `async` and `await` { #async-and-await }
Modern versions of Python have a very intuitive way to define asynchronous code. This makes it look just like normal "sequential" code and do the "awaiting" for you at the right moments.
@ -349,7 +349,7 @@ async def read_burgers():
return burgers
```
### More technical details
### More technical details { #more-technical-details }
You might have noticed that `await` can only be used inside of functions defined with `async def`.
@ -361,7 +361,7 @@ If you are working with **FastAPI** you don't have to worry about that, because
But if you want to use `async` / `await` without FastAPI, you can do it as well.
### Write your own async code
### Write your own async code { #write-your-own-async-code }
Starlette (and **FastAPI**) are based on <ahref="https://anyio.readthedocs.io/en/stable/"class="external-link"target="_blank">AnyIO</a>, which makes it compatible with both Python's standard library <ahref="https://docs.python.org/3/library/asyncio-task.html"class="external-link"target="_blank">asyncio</a> and <ahref="https://trio.readthedocs.io/en/stable/"class="external-link"target="_blank">Trio</a>.
@ -371,7 +371,7 @@ And even if you were not using FastAPI, you could also write your own async appl
I created another library on top of AnyIO, as a thin layer on top, to improve a bit the type annotations and get better **autocompletion**, **inline errors**, etc. It also has a friendly introduction and tutorial to help you **understand** and write **your own async code**: <ahref="https://asyncer.tiangolo.com/"class="external-link"target="_blank">Asyncer</a>. It would be particularly useful if you need to **combine async code with regular** (blocking/synchronous) code.
### Other forms of asynchronous code
### Other forms of asynchronous code { #other-forms-of-asynchronous-code }
This style of using `async` and `await` is relatively new in the language.
@ -385,13 +385,13 @@ In previous versions of Python, you could have used threads or <a href="https://
In previous versions of NodeJS / Browser JavaScript, you would have used "callbacks". Which leads to <ahref="http://callbackhell.com/"class="external-link"target="_blank">callback hell</a>.
## Coroutines
## Coroutines { #coroutines }
**Coroutine** is just the very fancy term for the thing returned by an `async def` function. Python knows that it is something like a function, that it can start and that it will end at some point, but that it might be paused ⏸ internally too, whenever there is an `await` inside of it.
But all this functionality of using asynchronous code with `async` and `await` is many times summarized as using "coroutines". It is comparable to the main key feature of Go, the "Goroutines".
## Conclusion
## Conclusion { #conclusion }
Let's see the same phrase from above:
@ -401,7 +401,7 @@ That should make more sense now. ✨
All that is what powers FastAPI (through Starlette) and what makes it have such an impressive performance.
## Very Technical Details
## Very Technical Details { #very-technical-details }
/// warning
@ -413,7 +413,7 @@ If you have quite some technical knowledge (coroutines, threads, blocking, etc.)
When you declare a *path operation function* with normal `def` instead of `async def`, it is run in an external threadpool that is then awaited, instead of being called directly (as it would block the server).
@ -421,15 +421,15 @@ If you are coming from another async framework that does not work in the way des
Still, in both situations, chances are that **FastAPI** will [still be faster](index.md#performance){.internal-link target=_blank} than (or at least comparable to) your previous framework.
### Dependencies
### Dependencies { #dependencies }
The same applies for [dependencies](tutorial/dependencies/index.md){.internal-link target=_blank}. If a dependency is a standard `def` function instead of `async def`, it is run in the external threadpool.
### Sub-dependencies
### Sub-dependencies { #sub-dependencies }
You can have multiple dependencies and [sub-dependencies](tutorial/dependencies/sub-dependencies.md){.internal-link target=_blank} requiring each other (as parameters of the function definitions), some of them might be created with `async def` and some with normal `def`. It would still work, and the ones created with normal `def` would be called on an external thread (from the threadpool) instead of being "awaited".
### Other utility functions
### Other utility functions { #other-utility-functions }
Any other utility function that you call directly can be created with normal `def` or `async def` and FastAPI won't affect the way you call it.
Independent TechEmpower benchmarks show **FastAPI** applications running under Uvicorn as <ahref="https://www.techempower.com/benchmarks/#section=test&runid=7464e520-0dc2-473d-bd34-dbdfd7e85911&hw=ph&test=query&l=zijzen-7"class="external-link"target="_blank">one of the fastest Python frameworks available</a>, only below Starlette and Uvicorn themselves (used internally by FastAPI).
But when checking benchmarks and comparisons you should keep the following in mind.
## Benchmarks and speed
## Benchmarks and speed { #benchmarks-and-speed }
When you check the benchmarks, it is common to see several tools of different types compared as equivalent.
Some cloud providers ✨ [**sponsor FastAPI**](../help-fastapi.md#sponsor-the-author){.internal-link target=_blank} ✨, this ensures the continued and healthy **development** of FastAPI and its **ecosystem**.
When deploying a **FastAPI** application, or actually, any type of web API, there are several concepts that you probably care about, and using them you can find the **most appropriate** way to **deploy your application**.
@ -23,7 +23,7 @@ In the next chapters, I'll give you more **concrete recipes** to deploy FastAPI
But for now, let's check these important **conceptual ideas**. These concepts also apply to any other type of web API. 💡
## Security - HTTPS
## Security - HTTPS { #security-https }
In the [previous chapter about HTTPS](https.md){.internal-link target=_blank} we learned about how HTTPS provides encryption for your API.
@ -31,7 +31,7 @@ We also saw that HTTPS is normally provided by a component **external** to your
And there has to be something in charge of **renewing the HTTPS certificates**, it could be the same component or it could be something different.
### Example Tools for HTTPS
### Example Tools for HTTPS { #example-tools-for-https }
Some of the tools you could use as a TLS Termination Proxy are:
@ -55,11 +55,11 @@ I'll show you some concrete examples in the next chapters.
Then the next concepts to consider are all about the program running your actual API (e.g. Uvicorn).
## Program and Process
## Program and Process { #program-and-process }
We will talk a lot about the running "**process**", so it's useful to have clarity about what it means, and what's the difference with the word "**program**".
### What is a Program
### What is a Program { #what-is-a-program }
The word **program** is commonly used to describe many things:
@ -67,7 +67,7 @@ The word **program** is commonly used to describe many things:
* The **file** that can be **executed** by the operating system, for example: `python`, `python.exe` or `uvicorn`.
* A particular program while it is **running** on the operating system, using the CPU, and storing things in memory. This is also called a **process**.
### What is a Process
### What is a Process { #what-is-a-process }
The word **process** is normally used in a more specific way, only referring to the thing that is running in the operating system (like in the last point above):
@ -88,11 +88,11 @@ And, for example, you will probably see that there are multiple processes runnin
Now that we know the difference between the terms **process** and **program**, let's continue talking about deployments.
## Running on Startup
## Running on Startup { #running-on-startup }
In most cases, when you create a web API, you want it to be **always running**, uninterrupted, so that your clients can always access it. This is of course, unless you have a specific reason why you want it to run only in certain situations, but most of the time you want it constantly running and **available**.
### In a Remote Server
### In a Remote Server { #in-a-remote-server }
When you set up a remote server (a cloud server, a virtual machine, etc.) the simplest thing you can do is use `fastapi run` (which uses Uvicorn) or something similar, manually, the same way you do when developing locally.
@ -102,15 +102,15 @@ But if your connection to the server is lost, the **running process** will proba
And if the server is restarted (for example after updates, or migrations from the cloud provider) you probably **won't notice it**. And because of that, you won't even know that you have to restart the process manually. So, your API will just stay dead. 😱
### Run Automatically on Startup
### Run Automatically on Startup { #run-automatically-on-startup }
In general, you will probably want the server program (e.g. Uvicorn) to be started automatically on server startup, and without needing any **human intervention**, to have a process always running with your API (e.g. Uvicorn running your FastAPI app).
### Separate Program
### Separate Program { #separate-program }
To achieve this, you will normally have a **separate program** that would make sure your application is run on startup. And in many cases, it would also make sure other components or applications are also run, for example, a database.
### Example Tools to Run at Startup
### Example Tools to Run at Startup { #example-tools-to-run-at-startup }
Some examples of the tools that can do this job are:
@ -125,29 +125,29 @@ Some examples of the tools that can do this job are:
I'll give you more concrete examples in the next chapters.
## Restarts
## Restarts { #restarts }
Similar to making sure your application is run on startup, you probably also want to make sure it is **restarted** after failures.
### We Make Mistakes
### We Make Mistakes { #we-make-mistakes }
We, as humans, make **mistakes**, all the time. Software almost *always* has **bugs** hidden in different places. 🐛
And we as developers keep improving the code as we find those bugs and as we implement new features (possibly adding new bugs too 😅).
### Small Errors Automatically Handled
### Small Errors Automatically Handled { #small-errors-automatically-handled }
When building web APIs with FastAPI, if there's an error in our code, FastAPI will normally contain it to the single request that triggered the error. 🛡
The client will get a **500 Internal Server Error** for that request, but the application will continue working for the next requests instead of just crashing completely.
Nevertheless, there might be cases where we write some code that **crashes the entire application** making Uvicorn and Python crash. 💥
And still, you would probably not want the application to stay dead because there was an error in one place, you probably want it to **continue running** at least for the *path operations* that are not broken.
### Restart After Crash
### Restart After Crash { #restart-after-crash }
But in those cases with really bad errors that crash the running **process**, you would want an external component that is in charge of **restarting** the process, at least a couple of times...
@ -161,7 +161,7 @@ So let's focus on the main cases, where it could crash entirely in some particul
You would probably want to have the thing in charge of restarting your application as an **external component**, because by that point, the same application with Uvicorn and Python already crashed, so there's nothing in the same code of the same app that could do anything about it.
### Example Tools to Restart Automatically
### Example Tools to Restart Automatically { #example-tools-to-restart-automatically }
In most cases, the same tool that is used to **run the program on startup** is also used to handle automatic **restarts**.
@ -176,19 +176,19 @@ For example, this could be handled by:
* Handled internally by a cloud provider as part of their services
* Others...
## Replication - Processes and Memory
## Replication - Processes and Memory { #replication-processes-and-memory }
With a FastAPI application, using a server program like the `fastapi` command that runs Uvicorn, running it once in **one process** can serve multiple clients concurrently.
But in many cases, you will want to run several worker processes at the same time.
If you have more clients than what a single process can handle (for example if the virtual machine is not too big) and you have **multiple cores** in the server's CPU, then you could have **multiple processes** running with the same application at the same time, and distribute all the requests among them.
When you run **multiple processes** of the same API program, they are commonly called **workers**.
### Worker Processes and Ports
### Worker Processes and Ports { #worker-processes-and-ports }
Remember from the docs [About HTTPS](https.md){.internal-link target=_blank} that only one process can be listening on one combination of port and IP address in a server?
@ -196,19 +196,19 @@ This is still true.
So, to be able to have **multiple processes** at the same time, there has to be a **single process listening on a port** that then transmits the communication to each worker process in some way.
### Memory per Process
### Memory per Process { #memory-per-process }
Now, when the program loads things in memory, for example, a machine learning model in a variable, or the contents of a large file in a variable, all that **consumes a bit of the memory (RAM)** of the server.
And multiple processes normally **don't share any memory**. This means that each running process has its own things, variables, and memory. And if you are consuming a large amount of memory in your code, **each process** will consume an equivalent amount of memory.
### Server Memory
### Server Memory { #server-memory }
For example, if your code loads a Machine Learning model with **1 GB in size**, when you run one process with your API, it will consume at least 1 GB of RAM. And if you start **4 processes** (4 workers), each will consume 1 GB of RAM. So in total, your API will consume **4 GB of RAM**.
And if your remote server or virtual machine only has 3 GB of RAM, trying to load more than 4 GB of RAM will cause problems. 🚨
### Multiple Processes - An Example
### Multiple Processes - An Example { #multiple-processes-an-example }
In this example, there's a **Manager Process** that starts and controls two **Worker Processes**.
@ -224,7 +224,7 @@ An interesting detail is that the percentage of the **CPU used** by each process
If you have an API that does a comparable amount of computations every time and you have a lot of clients, then the **CPU utilization** will probably *also be stable* (instead of constantly going up and down quickly).
### Examples of Replication Tools and Strategies
### Examples of Replication Tools and Strategies { #examples-of-replication-tools-and-strategies }
There can be several approaches to achieve this, and I'll tell you more about specific strategies in the next chapters, for example when talking about Docker and containers.
@ -247,7 +247,7 @@ I'll tell you more about container images, Docker, Kubernetes, etc. in a future
///
## Previous Steps Before Starting
## Previous Steps Before Starting { #previous-steps-before-starting }
There are many cases where you want to perform some steps **before starting** your application.
@ -269,7 +269,7 @@ In that case, you wouldn't have to worry about any of this. 🤷
///
### Examples of Previous Steps Strategies
### Examples of Previous Steps Strategies { #examples-of-previous-steps-strategies }
This will **depend heavily** on the way you **deploy your system**, and it would probably be connected to the way you start programs, handling restarts, etc.
@ -285,7 +285,7 @@ I'll give you more concrete examples for doing this with containers in a future
///
## Resource Utilization
## Resource Utilization { #resource-utilization }
Your server(s) is (are) a **resource**, you can consume or **utilize**, with your programs, the computation time on the CPUs, and the RAM memory available.
@ -305,7 +305,7 @@ You could put an **arbitrary number** to target, for example, something **betwee
You can use simple tools like `htop` to see the CPU and RAM used in your server or the amount used by each process. Or you can use more complex monitoring tools, which may be distributed across servers, etc.
## Recap
## Recap { #recap }
You have been reading here some of the main concepts that you would probably need to keep in mind when deciding how to deploy your application:
# FastAPI in Containers - Docker { #fastapi-in-containers-docker }
When deploying FastAPI applications a common approach is to build a **Linux container image**. It's normally done using <ahref="https://www.docker.com/"class="external-link"target="_blank">**Docker**</a>. You can then deploy that container image in one of a few possible ways.
Containers (mainly Linux containers) are a very **lightweight** way to package applications including all their dependencies and necessary files while keeping them isolated from other containers (other applications or components) in the same system.
@ -42,7 +42,7 @@ This way, containers consume **little resources**, an amount comparable to runni
Containers also have their own **isolated** running processes (commonly just one process), file system, and network, simplifying deployment, security, development, etc.
## What is a Container Image
## What is a Container Image { #what-is-a-container-image }
A **container** is run from a **container image**.
@ -56,7 +56,7 @@ A container image is comparable to the **program** file and contents, e.g. `pyth
And the **container** itself (in contrast to the **container image**) is the actual running instance of the image, comparable to a **process**. In fact, a container is running only when it has a **process running** (and normally it's only a single process). The container stops when there's no process running in it.
## Container Images
## Container Images { #container-images }
Docker has been one of the main tools to create and manage **container images** and **containers**.
@ -79,7 +79,7 @@ So, you would run **multiple containers** with different things, like a database
All the container management systems (like Docker or Kubernetes) have these networking features integrated into them.
## Containers and Processes
## Containers and Processes { #containers-and-processes }
A **container image** normally includes in its metadata the default program or command that should be run when the **container** is started and the parameters to be passed to that program. Very similar to what would be if it was in the command line.
@ -91,7 +91,7 @@ A container normally has a **single process**, but it's also possible to start s
But it's not possible to have a running container without **at least one running process**. If the main process stops, the container stops.
## Build a Docker Image for FastAPI
## Build a Docker Image for FastAPI { #build-a-docker-image-for-fastapi }
Okay, let's build something now! 🚀
@ -103,7 +103,7 @@ This is what you would want to do in **most cases**, for example:
* When running on a **Raspberry Pi**
* Using a cloud service that would run a container image for you, etc.
Now in the same project directory create a file `Dockerfile` with:
@ -238,7 +238,7 @@ Make sure to **always** use the **exec form** of the `CMD` instruction, as expla
///
#### Use `CMD` - Exec Form
#### Use `CMD` - Exec Form { #use-cmd-exec-form }
The <ahref="https://docs.docker.com/reference/dockerfile/#cmd"class="external-link"target="_blank">`CMD`</a> Docker instruction can be written using two forms:
@ -262,7 +262,7 @@ You can read more about it in the <a href="https://docs.docker.com/reference/doc
This can be quite noticeable when using `docker compose`. See this Docker Compose FAQ section for more technical details: <ahref="https://docs.docker.com/compose/faq/#why-do-my-services-take-10-seconds-to-recreate-or-stop"class="external-link"target="_blank">Why do my services take 10 seconds to recreate or stop?</a>.
#### Directory Structure
#### Directory Structure { #directory-structure }
You should now have a directory structure like:
@ -275,7 +275,7 @@ You should now have a directory structure like:
└── requirements.txt
```
#### Behind a TLS Termination Proxy
#### Behind a TLS Termination Proxy { #behind-a-tls-termination-proxy }
If you are running your container behind a TLS Termination Proxy (load balancer) like Nginx or Traefik, add the option `--proxy-headers`, this will tell Uvicorn (through the FastAPI CLI) to trust the headers sent by that proxy telling it that the application is running behind HTTPS, etc.
@ -283,7 +283,7 @@ If you are running your container behind a TLS Termination Proxy (load balancer)
There's an important trick in this `Dockerfile`, we first copy the **file with the dependencies alone**, not the rest of the code. Let me tell you why is that.
@ -315,7 +315,7 @@ Then, near the end of the `Dockerfile`, we copy all the code. As this is what **
COPY ./app /code/app
```
### Build the Docker Image
### Build the Docker Image { #build-the-docker-image }
Now that all the files are in place, let's build the container image.
@ -340,7 +340,7 @@ In this case, it's the same current directory (`.`).
///
### Start the Docker Container
### Start the Docker Container { #start-the-docker-container }
You should be able to check it in your Docker container's URL, for example: <ahref="http://192.168.99.100/items/5?q=somequery"class="external-link"target="_blank">http://192.168.99.100/items/5?q=somequery</a> or <ahref="http://127.0.0.1/items/5?q=somequery"class="external-link"target="_blank">http://127.0.0.1/items/5?q=somequery</a> (or equivalent, using your Docker host).
@ -362,7 +362,7 @@ You will see something like:
{"item_id": 5, "q": "somequery"}
```
## Interactive API docs
## Interactive API docs { #interactive-api-docs }
Now you can go to <ahref="http://192.168.99.100/docs"class="external-link"target="_blank">http://192.168.99.100/docs</a> or <ahref="http://127.0.0.1/docs"class="external-link"target="_blank">http://127.0.0.1/docs</a> (or equivalent, using your Docker host).
@ -370,7 +370,7 @@ You will see the automatic interactive API documentation (provided by <a href="h
And you can also go to <ahref="http://192.168.99.100/redoc"class="external-link"target="_blank">http://192.168.99.100/redoc</a> or <ahref="http://127.0.0.1/redoc"class="external-link"target="_blank">http://127.0.0.1/redoc</a> (or equivalent, using your Docker host).
@ -378,7 +378,7 @@ You will see the alternative automatic documentation (provided by <a href="https
When you pass the file to `fastapi run` it will detect automatically that it is a single file and not part of a package and will know how to import it and serve your FastAPI app. 😎
## Deployment Concepts
## Deployment Concepts { #deployment-concepts }
Let's talk again about some of the same [Deployment Concepts](concepts.md){.internal-link target=_blank} in terms of containers.
@ -430,7 +430,7 @@ Let's review these **deployment concepts** in terms of containers:
* Memory
* Previous steps before starting
## HTTPS
## HTTPS { #https }
If we focus just on the **container image** for a FastAPI application (and later the running **container**), HTTPS normally would be handled **externally** by another tool.
@ -444,7 +444,7 @@ Traefik has integrations with Docker, Kubernetes, and others, so it's very easy
Alternatively, HTTPS could be handled by a cloud provider as one of their services (while still running the application in a container).
## Running on Startup and Restarts
## Running on Startup and Restarts { #running-on-startup-and-restarts }
There is normally another tool in charge of **starting and running** your container.
@ -454,7 +454,7 @@ In most (or all) cases, there's a simple option to enable running the container
Without using containers, making applications run on startup and with restarts can be cumbersome and difficult. But when **working with containers** in most cases that functionality is included by default. ✨
## Replication - Number of Processes
## Replication - Number of Processes { #replication-number-of-processes }
If you have a <abbrtitle="A group of machines that are configured to be connected and work together in some way.">cluster</abbr> of machines with **Kubernetes**, Docker Swarm Mode, Nomad, or another similar complex system to manage distributed containers on multiple machines, then you will probably want to **handle replication** at the **cluster level** instead of using a **process manager** (like Uvicorn with workers) in each container.
@ -462,7 +462,7 @@ One of those distributed container management systems like Kubernetes normally h
In those cases, you would probably want to build a **Docker image from scratch** as [explained above](#dockerfile), installing your dependencies, and running **a single Uvicorn process** instead of using multiple Uvicorn workers.
### Load Balancer
### Load Balancer { #load-balancer }
When using containers, you would normally have some component **listening on the main port**. It could possibly be another container that is also a **TLS Termination Proxy** to handle **HTTPS** or some similar tool.
@ -476,7 +476,7 @@ The same **TLS Termination Proxy** component used for HTTPS would probably also
And when working with containers, the same system you use to start and manage them would already have internal tools to transmit the **network communication** (e.g. HTTP requests) from that **load balancer** (that could also be a **TLS Termination Proxy**) to the container(s) with your app.
### One Load Balancer - Multiple Worker Containers
When working with **Kubernetes** or similar distributed container management systems, using their internal networking mechanisms would allow the single **load balancer** that is listening on the main **port** to transmit communication (requests) to possibly **multiple containers** running your app.
@ -486,7 +486,7 @@ And the distributed container system with the **load balancer** would **distribu
And normally this **load balancer** would be able to handle requests that go to *other* apps in your cluster (e.g. to a different domain, or under a different URL path prefix), and would transmit that communication to the right containers for *that other* application running in your cluster.
### One Process per Container
### One Process per Container { #one-process-per-container }
In this type of scenario, you probably would want to have **a single (Uvicorn) process per container**, as you would already be handling replication at the cluster level.
@ -494,7 +494,7 @@ So, in this case, you **would not** want to have a multiple workers in the conta
Having another process manager inside the container (as would be with multiple workers) would only add **unnecessary complexity** that you are most probably already taking care of with your cluster system.
### Containers with Multiple Processes and Special Cases
### Containers with Multiple Processes and Special Cases { #containers-with-multiple-processes-and-special-cases }
Of course, there are **special cases** where you could want to have **a container** with several **Uvicorn worker processes** inside.
Here are some examples of when that could make sense:
#### A Simple App
#### A Simple App { #a-simple-app }
You could want a process manager in the container if your application is **simple enough** that can run it on a **single server**, not a cluster.
#### Docker Compose
#### Docker Compose { #docker-compose }
You could be deploying to a **single server** (not a cluster) with **Docker Compose**, so you wouldn't have an easy way to manage replication of containers (with Docker Compose) while preserving the shared network and **load balancing**.
@ -540,7 +540,7 @@ The main point is, **none** of these are **rules written in stone** that you hav
* Memory
* Previous steps before starting
## Memory
## Memory { #memory }
If you run **a single process per container** you will have a more or less well-defined, stable, and limited amount of memory consumed by each of those containers (more than one if they are replicated).
@ -550,11 +550,11 @@ If your application is **simple**, this will probably **not be a problem**, and
If you run **multiple processes per container** you will have to make sure that the number of processes started doesn't **consume more memory** than what is available.
## Previous Steps Before Starting and Containers
## Previous Steps Before Starting and Containers { #previous-steps-before-starting-and-containers }
If you are using containers (e.g. Docker, Kubernetes), then there are two main approaches you can use.
### Multiple Containers
### Multiple Containers { #multiple-containers }
If you have **multiple containers**, probably each one running a **single process** (for example, in a **Kubernetes** cluster), then you would probably want to have a **separate container** doing the work of the **previous steps** in a single container, running a single process, **before** running the replicated worker containers.
@ -566,11 +566,11 @@ If you are using Kubernetes, this would probably be an <a href="https://kubernet
If in your use case there's no problem in running those previous steps **multiple times in parallel** (for example if you are not running database migrations, but just checking if the database is ready yet), then you could also just put them in each container right before starting the main process.
### Single Container
### Single Container { #single-container }
If you have a simple setup, with a **single container** that then starts multiple **worker processes** (or also just one process), then you could run those previous steps in the same container, right before starting the process with the app.
### Base Docker Image
### Base Docker Image { #base-docker-image }
There used to be an official FastAPI Docker image: <ahref="https://github.com/tiangolo/uvicorn-gunicorn-fastapi-docker"class="external-link"target="_blank">tiangolo/uvicorn-gunicorn-fastapi</a>. But it is now deprecated. ⛔️
@ -588,7 +588,7 @@ But now that Uvicorn (and the `fastapi` command) support using `--workers`, ther
///
## Deploy the Container Image
## Deploy the Container Image { #deploy-the-container-image }
After having a Container (Docker) Image there are several ways to deploy it.
@ -600,11 +600,11 @@ For example:
* With another tool like Nomad
* With a cloud service that takes your container image and deploys it
## Docker Image with `uv`
## Docker Image with `uv` { #docker-image-with-uv }
If you are using <ahref="https://github.com/astral-sh/uv"class="external-link"target="_blank">uv</a> to install and manage your project, you can follow their <ahref="https://docs.astral.sh/uv/guides/integration/docker/"class="external-link"target="_blank">uv Docker guide</a>.
## Recap
## Recap { #recap }
Using container systems (e.g. with **Docker** and **Kubernetes**) it becomes fairly straightforward to handle all the **deployment concepts**:
It is easy to assume that HTTPS is something that is just "enabled" or not.
@ -43,7 +43,7 @@ Some of the options you could use as a TLS Termination Proxy are:
* Nginx
* HAProxy
## Let's Encrypt
## Let's Encrypt { #let-s-encrypt }
Before Let's Encrypt, these **HTTPS certificates** were sold by trusted third parties.
@ -57,11 +57,11 @@ The domains are securely verified and the certificates are generated automatical
The idea is to automate the acquisition and renewal of these certificates so that you can have **secure HTTPS, for free, forever**.
## HTTPS for Developers
## HTTPS for Developers { #https-for-developers }
Here's an example of how an HTTPS API could look like, step by step, paying attention mainly to the ideas important for developers.
### Domain Name
### Domain Name { #domain-name }
It would probably all start by you **acquiring** some **domain name**. Then, you would configure it in a DNS server (possibly your same cloud provider).
@ -77,7 +77,7 @@ This Domain Name part is way before HTTPS, but as everything depends on the doma
///
### DNS
### DNS { #dns }
Now let's focus on all the actual HTTPS parts.
@ -87,7 +87,7 @@ The DNS servers would tell the browser to use some specific **IP address**. That
The browser would then communicate with that IP address on **port 443** (the HTTPS port).
@ -97,7 +97,7 @@ The first part of the communication is just to establish the connection between
This interaction between the client and the server to establish the TLS connection is called the **TLS handshake**.
### TLS with SNI Extension
### TLS with SNI Extension { #tls-with-sni-extension }
**Only one process** in the server can be listening on a specific **port** in a specific **IP address**. There could be other processes listening on other ports in the same IP address, but only one for each combination of IP address and port.
@ -127,7 +127,7 @@ Notice that the encryption of the communication happens at the **TCP level**, no
///
### HTTPS Request
### HTTPS Request { #https-request }
Now that the client and server (specifically the browser and the TLS Termination Proxy) have an **encrypted TCP connection**, they can start the **HTTP communication**.
@ -135,19 +135,19 @@ So, the client sends an **HTTPS request**. This is just an HTTP request through
The TLS Termination Proxy would use the encryption agreed to **decrypt the request**, and would transmit the **plain (decrypted) HTTP request** to the process running the application (for example a process with Uvicorn running the FastAPI application).
The TLS Termination Proxy would then **encrypt the response** using the cryptography agreed before (that started with the certificate for `someapp.example.com`), and send it back to the browser.
@ -157,7 +157,7 @@ Next, the browser would verify that the response is valid and encrypted with the
The client (browser) will know that the response comes from the correct server because it is using the cryptography they agreed using the **HTTPS certificate** before.
In the same server (or servers), there could be **multiple applications**, for example, other API programs or a database.
@ -167,7 +167,7 @@ Only one process can be handling the specific IP and port (the TLS Termination P
That way, the TLS Termination Proxy could handle HTTPS and certificates for **multiple domains**, for multiple applications, and then transmit the requests to the right application in each case.
### Certificate Renewal
### Certificate Renewal { #certificate-renewal }
At some point in the future, each certificate would **expire** (about 3 months after acquiring it).
@ -190,7 +190,7 @@ To do that, and to accommodate different application needs, there are several wa
All this renewal process, while still serving the app, is one of the main reasons why you would want to have a **separate system to handle HTTPS** with a TLS Termination Proxy instead of just using the TLS certificates with the application server directly (e.g. Uvicorn).
## Recap
## Recap { #recap }
Having **HTTPS** is very important, and quite **critical** in most cases. Most of the effort you as a developer have to put around HTTPS is just about **understanding these concepts** and how they work.
Deploying a **FastAPI** application is relatively easy.
## What Does Deployment Mean
## What Does Deployment Mean { #what-does-deployment-mean }
To **deploy** an application means to perform the necessary steps to make it **available to the users**.
@ -10,7 +10,7 @@ For a **web API**, it normally involves putting it in a **remote machine**, with
This is in contrast to the **development** stages, where you are constantly changing the code, breaking it and fixing it, stopping and restarting the development server, etc.
# Run a Server Manually { #run-a-server-manually }
## Use the `fastapi run` Command
## Use the `fastapi run` Command { #use-the-fastapi-run-command }
In short, use `fastapi run` to serve your FastAPI application:
@ -42,7 +42,7 @@ That would work for most of the cases. 😎
You could use that command for example to start your **FastAPI** app in a container, in a server, etc.
## ASGI Servers
## ASGI Servers { #asgi-servers }
Let's go a little deeper into the details.
@ -58,7 +58,7 @@ There are several alternatives, including:
* <ahref="https://github.com/emmett-framework/granian"class="external-link"target="_blank">Granian</a>: A Rust HTTP server for Python applications.
* <ahref="https://unit.nginx.org/howto/fastapi/"class="external-link"target="_blank">NGINX Unit</a>: NGINX Unit is a lightweight and versatile web application runtime.
## Server Machine and Server Program
## Server Machine and Server Program { #server-machine-and-server-program }
There's a small detail about names to keep in mind. 💡
@ -68,7 +68,7 @@ Just keep in mind that when you read "server" in general, it could refer to one
When referring to the remote machine, it's common to call it **server**, but also **machine**, **VM** (virtual machine), **node**. Those all refer to some type of remote machine, normally running Linux, where you run programs.
## Install the Server Program
## Install the Server Program { #install-the-server-program }
When you install FastAPI, it comes with a production server, Uvicorn, and you can start it with the `fastapi run` command.
@ -100,7 +100,7 @@ When you install FastAPI with something like `pip install "fastapi[standard]"` y
///
## Run the Server Program
## Run the Server Program { #run-the-server-program }
If you installed an ASGI server manually, you would normally need to pass an import string in a special format for it to import your FastAPI application:
@ -141,7 +141,7 @@ It helps a lot during **development**, but you **shouldn't** use it in **product
///
## Deployment Concepts
## Deployment Concepts { #deployment-concepts }
These examples run the server program (e.g Uvicorn), starting **a single process**, listening on all the IPs (`0.0.0.0`) on a predefined port (e.g. `80`).
# Server Workers - Uvicorn with Workers { #server-workers-uvicorn-with-workers }
Let's check back those deployment concepts from before:
@ -25,7 +25,7 @@ In particular, when running on **Kubernetes** you will probably **not** want to
///
## Multiple Workers
## Multiple Workers { #multiple-workers }
You can start multiple workers with the `--workers` command line option:
@ -111,7 +111,7 @@ The only new option here is `--workers` telling Uvicorn to start 4 worker proces
You can also see that it shows the **PID** of each process, `27365` for the parent process (this is the **process manager**) and one for each worker process: `27368`, `27369`, `27370`, and `27367`.
## Deployment Concepts
## Deployment Concepts { #deployment-concepts }
Here you saw how to use multiple **workers** to **parallelize** the execution of the application, take advantage of **multiple cores** in the CPU, and be able to serve **more requests**.
@ -124,13 +124,13 @@ From the list of deployment concepts from above, using workers would mainly help
* **Memory**
* **Previous steps before starting**
## Containers and Docker
## Containers and Docker { #containers-and-docker }
In the next chapter about [FastAPI in Containers - Docker](docker.md){.internal-link target=_blank} I'll explain some strategies you could use to handle the other **deployment concepts**.
I'll show you how to **build your own image from scratch** to run a single Uvicorn process. It is a simple process and is probably what you would want to do when using a distributed container management system like **Kubernetes**.
## Recap
## Recap { #recap }
You can use multiple worker processes with the `--workers` CLI option with the `fastapi` or `uvicorn` commands to take advantage of **multi-core CPUs**, to run **multiple processes in parallel**.
# About FastAPI versions { #about-fastapi-versions }
**FastAPI** is already being used in production in many applications and systems. And the test coverage is kept at 100%. But its development is still moving quickly.
@ -8,7 +8,7 @@ That's why the current versions are still `0.x.x`, this reflects that each versi
You can create production applications with **FastAPI** right now (and you have probably been doing it for some time), you just have to make sure that you use a version that works correctly with the rest of your code.
## Pin your `fastapi` version
## Pin your `fastapi` version { #pin-your-fastapi-version }
The first thing you should do is to "pin" the version of **FastAPI** you are using to the specific latest version that you know works correctly for your application.
@ -32,11 +32,11 @@ that would mean that you would use the versions `0.112.0` or above, but less tha
If you use any other tool to manage your installations, like `uv`, Poetry, Pipenv, or others, they all have a way that you can use to define specific versions for your packages.
## Available versions
## Available versions { #available-versions }
You can see the available versions (e.g. to check what is the current latest) in the [Release Notes](../release-notes.md){.internal-link target=_blank}.
## About versions
## About versions { #about-versions }
Following the Semantic Versioning conventions, any version below `1.0.0` could potentially add breaking changes.
@ -62,7 +62,7 @@ The "MINOR" is the number in the middle, for example, in `0.2.3`, the MINOR vers
///
## Upgrading the FastAPI versions
## Upgrading the FastAPI versions { #upgrading-the-fastapi-versions }
You should add tests for your app.
@ -72,7 +72,7 @@ After you have tests, then you can upgrade the **FastAPI** version to a more rec
If everything is working, or after you make the necessary changes, and all your tests are passing, then you can pin your `fastapi` to that new recent version.
## About Starlette
## About Starlette { #about-starlette }
You shouldn't pin the version of `starlette`.
@ -80,7 +80,7 @@ Different versions of **FastAPI** will use a specific newer version of Starlette
So, you can just let **FastAPI** use the correct Starlette version.
## About Pydantic
## About Pydantic { #about-pydantic }
Pydantic includes the tests for **FastAPI** with its own tests, so new versions of Pydantic (above `1.0.0`) are always compatible with FastAPI.
@ -10,7 +10,7 @@ An environment variable (also known as "**env var**") is a variable that lives *
Environment variables could be useful for handling application **settings**, as part of the **installation** of Python, etc.
## Create and Use Env Vars
## Create and Use Env Vars { #create-and-use-env-vars }
You can **create** and use environment variables in the **shell (terminal)**, without needing Python:
@ -50,7 +50,7 @@ Hello Wade Wilson
////
## Read env vars in Python
## Read env vars in Python { #read-env-vars-in-python }
You could also create environment variables **outside** of Python, in the terminal (or with any other method), and then **read them in Python**.
@ -157,7 +157,7 @@ You can read more about it at <a href="https://12factor.net/config" class="exter
///
## Types and Validation
## Types and Validation { #types-and-validation }
These environment variables can only handle **text strings**, as they are external to Python and have to be compatible with other programs and the rest of the system (and even with different operating systems, as Linux, Windows, macOS).
@ -165,7 +165,7 @@ That means that **any value** read in Python from an environment variable **will
You will learn more about using environment variables for handling **application settings** in the [Advanced User Guide - Settings and Environment Variables](./advanced/settings.md){.internal-link target=_blank}.
By default, **auto-reload** is enabled, automatically reloading the server when you make changes to your code. This is resource-intensive and could be less stable than when it's disabled. You should only use it for development. It also listens on the IP address `127.0.0.1`, which is the IP for your machine to communicate with itself alone (`localhost`).
## `fastapi run`
## `fastapi run` { #fastapi-run }
Executing `fastapi run` starts FastAPI in production mode by default.
### Based on open standards { #based-on-open-standards }
* <ahref="https://github.com/OAI/OpenAPI-Specification"class="external-link"target="_blank"><strong>OpenAPI</strong></a> for API creation, including declarations of <abbrtitle="also known as: endpoints, routes">path</abbr><abbrtitle="also known as HTTP methods, as POST, GET, PUT, DELETE">operations</abbr>, parameters, request bodies, security, etc.
* Automatic data model documentation with <ahref="https://json-schema.org/"class="external-link"target="_blank"><strong>JSON Schema</strong></a> (as OpenAPI itself is based on JSON Schema).
* Designed around these standards, after a meticulous study. Instead of an afterthought layer on top.
* This also allows using automatic **client code generation** in many languages.
### Automatic docs
### Automatic docs { #automatic-docs }
Interactive API documentation and exploration web user interfaces. As the framework is based on OpenAPI, there are multiple options, 2 included by default.
@ -23,7 +23,7 @@ Interactive API documentation and exploration web user interfaces. As the framew
It's all based on standard **Python type** declarations (thanks to Pydantic). No new syntax to learn. Just standard modern Python.
@ -71,7 +71,7 @@ Pass the keys and values of the `second_user_data` dict directly as key-value ar
///
### Editor support
### Editor support { #editor-support }
All the framework was designed to be easy and intuitive to use, all the decisions were tested on multiple editors even before starting development, to ensure the best development experience.
@ -95,13 +95,13 @@ You will get completion in code you might even consider impossible before. As fo
No more typing the wrong key names, coming back and forth between docs, or scrolling up and down to find if you finally used `username` or `user_name`.
### Short
### Short { #short }
It has sensible **defaults** for everything, with optional configurations everywhere. All the parameters can be fine-tuned to do what you need and to define the API you need.
But by default, it all **"just works"**.
### Validation
### Validation { #validation }
* Validation for most (or all?) Python **data types**, including:
* JSON objects (`dict`).
@ -117,7 +117,7 @@ But by default, it all **"just works"**.
All the validation is handled by the well-established and robust **Pydantic**.
### Security and authentication
### Security and authentication { #security-and-authentication }
Security and authentication integrated. Without any compromise with databases or data models.
@ -134,7 +134,7 @@ Plus all the security features from Starlette (including **session cookies**).
All built as reusable tools and components that are easy to integrate with your systems, data stores, relational and NoSQL databases, etc.
FastAPI includes an extremely easy to use, but extremely powerful <abbrtitle='also known as "components", "resources", "services", "providers"'><strong>Dependency Injection</strong></abbr> system.
@ -145,19 +145,19 @@ FastAPI includes an extremely easy to use, but extremely powerful <abbr title='a
* Support for complex user authentication systems, **database connections**, etc.
* **No compromise** with databases, frontends, etc. But easy integration with all of them.
### Unlimited "plug-ins"
### Unlimited "plug-ins" { #unlimited-plug-ins }
Or in other way, no need for them, import and use the code you need.
Any integration is designed to be so simple to use (with dependencies) that you can create a "plug-in" for your application in 2 lines of code using the same structure and syntax used for your *path operations*.
### Tested
### Tested { #tested }
* 100% <abbrtitle="The amount of code that is automatically tested">test coverage</abbr>.
* 100% <abbrtitle="Python type annotations, with this your editor and external tools can give you better support">type annotated</abbr> code base.
* Used in production applications.
## Starlette features
## Starlette features { #starlette-features }
**FastAPI** is fully compatible with (and based on) <ahref="https://www.starlette.io/"class="external-link"target="_blank"><strong>Starlette</strong></a>. So, any additional Starlette code you have, will also work.
@ -175,7 +175,7 @@ With **FastAPI** you get all of **Starlette**'s features (as FastAPI is just Sta
* 100% test coverage.
* 100% type annotated codebase.
## Pydantic features
## Pydantic features { #pydantic-features }
**FastAPI** is fully compatible with (and based on) <ahref="https://docs.pydantic.dev/"class="external-link"target="_blank"><strong>Pydantic</strong></a>. So, any additional Pydantic code you have, will also work.
# Help FastAPI - Get Help { #help-fastapi-get-help }
Do you like **FastAPI**?
@ -10,7 +10,7 @@ There are very simple ways to help (several involve just one or two clicks).
And there are several ways to get help too.
## Subscribe to the newsletter
## Subscribe to the newsletter { #subscribe-to-the-newsletter }
You can subscribe to the (infrequent) [**FastAPI and friends** newsletter](newsletter.md){.internal-link target=_blank} to stay updated about:
@ -20,17 +20,17 @@ You can subscribe to the (infrequent) [**FastAPI and friends** newsletter](newsl
* Breaking changes 🚨
* Tips and tricks ✅
## Follow FastAPI on Twitter
## Follow FastAPI on Twitter { #follow-fastapi-on-twitter }
<ahref="https://twitter.com/fastapi"class="external-link"target="_blank">Follow @fastapi on **Twitter**</a> to get the latest news about **FastAPI**. 🐦
## Star **FastAPI** in GitHub
## Star **FastAPI** in GitHub { #star-fastapi-in-github }
You can "star" FastAPI in GitHub (clicking the star button at the top right): <ahref="https://github.com/fastapi/fastapi"class="external-link"target="_blank">https://github.com/fastapi/fastapi</a>. ⭐️
By adding a star, other users will be able to find it more easily and see that it has been already useful for others.
## Watch the GitHub repository for releases
## Watch the GitHub repository for releases { #watch-the-github-repository-for-releases }
You can "watch" FastAPI in GitHub (clicking the "watch" button at the top right): <ahref="https://github.com/fastapi/fastapi"class="external-link"target="_blank">https://github.com/fastapi/fastapi</a>. 👀
@ -38,7 +38,7 @@ There you can select "Releases only".
By doing it, you will receive notifications (in your email) whenever there's a new release (a new version) of **FastAPI** with bug fixes and new features.
## Connect with the author
## Connect with the author { #connect-with-the-author }
You can connect with <ahref="https://tiangolo.com"class="external-link"target="_blank">me (Sebastián Ramírez / `tiangolo`)</a>, the author.
@ -57,19 +57,19 @@ You can:
* Read other ideas, articles, and read about tools I have created.
* Follow me to read when I publish something new.
## Tweet about **FastAPI**
## Tweet about **FastAPI** { #tweet-about-fastapi }
<ahref="https://twitter.com/compose/tweet?text=I'm loving @fastapi because... https://github.com/fastapi/fastapi"class="external-link"target="_blank">Tweet about **FastAPI**</a> and let me and others know why you like it. 🎉
I love to hear about how **FastAPI** is being used, what you have liked in it, in which project/company are you using it, etc.
## Vote for FastAPI
## Vote for FastAPI { #vote-for-fastapi }
* <ahref="https://www.slant.co/options/34241/~fastapi-review"class="external-link"target="_blank">Vote for **FastAPI** in Slant</a>.
* <ahref="https://alternativeto.net/software/fastapi/about/"class="external-link"target="_blank">Vote for **FastAPI** in AlternativeTo</a>.
* <ahref="https://stackshare.io/pypi-fastapi"class="external-link"target="_blank">Say you use **FastAPI** on StackShare</a>.
## Help others with questions in GitHub
## Help others with questions in GitHub { #help-others-with-questions-in-github }
You can try and help others with their questions in:
@ -88,7 +88,7 @@ The idea is for the **FastAPI** community to be kind and welcoming. At the same
Here's how to help others with questions (in discussions or issues):
### Understand the question
### Understand the question { #understand-the-question }
* Check if you can understand what is the **purpose** and use case of the person asking.
@ -98,7 +98,7 @@ Here's how to help others with questions (in discussions or issues):
* If you can't understand the question, ask for more **details**.
### Reproduce the problem
### Reproduce the problem { #reproduce-the-problem }
For most of the cases and most of the questions there's something related to the person's **original code**.
@ -108,13 +108,13 @@ In many cases they will only copy a fragment of the code, but that's not enough
* If you are feeling too generous, you can try to **create an example** like that yourself, just based on the description of the problem. Just keep in mind that this might take a lot of time and it might be better to ask them to clarify the problem first.
### Suggest solutions
### Suggest solutions { #suggest-solutions }
* After being able to understand the question, you can give them a possible **answer**.
* In many cases, it's better to understand their **underlying problem or use case**, because there might be a better way to solve it than what they are trying to do.
### Ask to close
### Ask to close { #ask-to-close }
If they reply, there's a high chance you would have solved their problem, congrats, **you're a hero**! 🦸
@ -123,7 +123,7 @@ If they reply, there's a high chance you would have solved their problem, congra
* In GitHub Discussions: mark the comment as the **answer**.
* In GitHub Issues: **close** the issue.
## Watch the GitHub repository
## Watch the GitHub repository { #watch-the-github-repository }
You can "watch" FastAPI in GitHub (clicking the "watch" button at the top right): <ahref="https://github.com/fastapi/fastapi"class="external-link"target="_blank">https://github.com/fastapi/fastapi</a>. 👀
@ -131,7 +131,7 @@ If you select "Watching" instead of "Releases only" you will receive notificatio
Then you can try and help them solve those questions.
## Ask Questions
## Ask Questions { #ask-questions }
You can <ahref="https://github.com/fastapi/fastapi/discussions/new?category=questions"class="external-link"target="_blank">create a new question</a> in the GitHub repository, for example to:
@ -140,7 +140,7 @@ You can <a href="https://github.com/fastapi/fastapi/discussions/new?category=que
**Note**: if you do it, then I'm going to ask you to also help others. 😉
## Review Pull Requests
## Review Pull Requests { #review-pull-requests }
You can help me review pull requests from others.
@ -150,13 +150,13 @@ Again, please try your best to be kind. 🤗
Here's what to keep in mind and how to review a pull request:
### Understand the problem
### Understand the problem { #understand-the-problem }
* First, make sure you **understand the problem** that the pull request is trying to solve. It might have a longer discussion in a GitHub Discussion or issue.
* There's also a good chance that the pull request is not actually needed because the problem can be solved in a **different way**. Then you can suggest or ask about that.
### Don't worry about style
### Don't worry about style { #don-t-worry-about-style }
* Don't worry too much about things like commit message styles, I will squash and merge customizing the commit manually.
@ -164,7 +164,7 @@ Here's what to keep in mind and how to review a pull request:
And if there's any other style or consistency need, I'll ask directly for that, or I'll add commits on top with the needed changes.
### Check the code
### Check the code { #check-the-code }
* Check and read the code, see if it makes sense, **run it locally** and see if it actually solves the problem.
@ -182,7 +182,7 @@ So, it's really important that you actually read and run the code, and let me kn
* If the PR can be simplified in a way, you can ask for that, but there's no need to be too picky, there might be a lot of subjective points of view (and I will have my own as well 🙈), so it's better if you can focus on the fundamental things.
### Tests
### Tests { #tests }
* Help me check that the PR has **tests**.
@ -194,7 +194,7 @@ So, it's really important that you actually read and run the code, and let me kn
* Then also comment what you tried, that way I'll know that you checked it. 🤓
## Create a Pull Request
## Create a Pull Request { #create-a-pull-request }
You can [contribute](contributing.md){.internal-link target=_blank} to the source code with Pull Requests, for example:
@ -210,7 +210,7 @@ You can [contribute](contributing.md){.internal-link target=_blank} to the sourc
* Make sure to add tests.
* Make sure to add documentation if it's relevant.
## Help Maintain FastAPI
## Help Maintain FastAPI { #help-maintain-fastapi }
Help me maintain **FastAPI**! 🤓
@ -225,7 +225,7 @@ Those two tasks are what **consume time the most**. That's the main work of main
If you can help me with that, **you are helping me maintain FastAPI** and making sure it keeps **advancing faster and better**. 🚀
## Join the chat
## Join the chat { #join-the-chat }
Join the 👥 <ahref="https://discord.gg/VQjSZaeJmf"class="external-link"target="_blank">Discord chat server</a> 👥 and hang out with others in the FastAPI community.
@ -237,7 +237,7 @@ Use the chat only for other general conversations.
///
### Don't use the chat for questions
### Don't use the chat for questions { #don-t-use-the-chat-for-questions }
Keep in mind that as chats allow more "free conversation", it's easy to ask questions that are too general and more difficult to answer, so, you might not receive answers.
@ -247,7 +247,7 @@ Conversations in the chat systems are also not as easily searchable as in GitHub
On the other side, there are thousands of users in the chat systems, so there's a high chance you'll find someone to talk to there, almost all the time. 😄
## Sponsor the author
## Sponsor the author { #sponsor-the-author }
If your **product/company** depends on or is related to **FastAPI** and you want to reach its users, you can sponsor the author (me) through <ahref="https://github.com/sponsors/tiangolo"class="external-link"target="_blank">GitHub sponsors</a>. Depending on the tier, you could get some extra benefits, like a badge in the docs. 🎁
# History, Design and Future { #history-design-and-future }
Some time ago, <ahref="https://github.com/fastapi/fastapi/issues/3#issuecomment-454956920"class="external-link"target="_blank">a **FastAPI** user asked</a>:
@ -6,7 +6,7 @@ Some time ago, <a href="https://github.com/fastapi/fastapi/issues/3#issuecomment
Here's a little bit of that history.
## Alternatives
## Alternatives { #alternatives }
I have been creating APIs with complex requirements for several years (Machine Learning, distributed systems, asynchronous jobs, NoSQL databases, etc), leading several teams of developers.
@ -28,7 +28,7 @@ But at some point, there was no other option than creating something that provid
</blockquote>
## Investigation
## Investigation { #investigation }
By using all the previous alternatives I had the chance to learn from all of them, take ideas, and combine them in the best way I could find for myself and the teams of developers I have worked with.
@ -38,7 +38,7 @@ Also, the best approach was to use already existing standards.
So, before even starting to code **FastAPI**, I spent several months studying the specs for OpenAPI, JSON Schema, OAuth2, etc. Understanding their relationship, overlap, and differences.
## Design
## Design { #design }
Then I spent some time designing the developer "API" I wanted to have as a user (as a developer using FastAPI).
@ -52,7 +52,7 @@ That way I could find the best ways to reduce code duplication as much as possib
All in a way that provided the best development experience for all the developers.
## Requirements
## Requirements { #requirements }
After testing several alternatives, I decided that I was going to use <ahref="https://docs.pydantic.dev/"class="external-link"target="_blank">**Pydantic**</a> for its advantages.
@ -60,11 +60,11 @@ Then I contributed to it, to make it fully compliant with JSON Schema, to suppor
During the development, I also contributed to <ahref="https://www.starlette.io/"class="external-link"target="_blank">**Starlette**</a>, the other key requirement.
## Development
## Development { #development }
By the time I started creating **FastAPI** itself, most of the pieces were already in place, the design was defined, the requirements and tools were ready, and the knowledge about the standards and specifications was clear and fresh.
## Future
## Future { #future }
By this point, it's already clear that **FastAPI** with its ideas is being useful for many people.
If you needed to, you could use settings and environment variables to configure OpenAPI conditionally depending on the environment, and even disable it entirely.
## About security, APIs, and docs
## About security, APIs, and docs { #about-security-apis-and-docs }
Hiding your documentation user interfaces in production *shouldn't* be the way to protect your API.
@ -23,7 +23,7 @@ If you want to secure your API, there are several better things you can do, for
Nevertheless, you might have a very specific use case where you really need to disable the API docs for some environment (e.g. for production) or depending on configurations from environment variables.
## Conditional OpenAPI from settings and env vars
## Conditional OpenAPI from settings and env vars { #conditional-openapi-from-settings-and-env-vars }
You can easily use the same Pydantic settings to configure your generated OpenAPI and the docs UIs.
You can configure some extra <ahref="https://swagger.io/docs/open-source-tools/swagger-ui/usage/configuration/"class="external-link"target="_blank">Swagger UI parameters</a>.
@ -8,7 +8,7 @@ To configure them, pass the `swagger_ui_parameters` argument when creating the `
FastAPI converts the configurations to **JSON** to make them compatible with JavaScript, as that's what Swagger UI needs.
## Other Swagger UI Parameters { #other-swagger-ui-parameters }
To see all the other possible configurations you can use, read the official <ahref="https://swagger.io/docs/open-source-tools/swagger-ui/usage/configuration/"class="external-link"target="_blank">docs for Swagger UI parameters</a>.
Now, you should be able to go to your docs at <ahref="http://127.0.0.1:8000/docs"class="external-link"target="_blank">http://127.0.0.1:8000/docs</a>, and reload the page, it will load those assets from the new CDN.
## Self-hosting JavaScript and CSS for docs
## Self-hosting JavaScript and CSS for docs { #self-hosting-javascript-and-css-for-docs }
Self-hosting the JavaScript and CSS could be useful if, for example, you need your app to keep working even while offline, without open Internet access, or in a local network.
Here you'll see how to serve those files yourself, in the same FastAPI app, and configure the docs to use them.
### Test the static files { #test-the-static-files }
Start your application and go to <ahref="http://127.0.0.1:8000/static/redoc.standalone.js"class="external-link"target="_blank">http://127.0.0.1:8000/static/redoc.standalone.js</a>.
@ -138,7 +138,7 @@ That confirms that you are being able to serve static files from your app, and t
Now we can configure the app to use those static files for the docs.
### Disable the automatic docs for static files
### Disable the automatic docs for static files { #disable-the-automatic-docs-for-static-files }
The same as when using a custom CDN, the first step is to disable the automatic docs, as those use the CDN by default.
@ -146,7 +146,7 @@ To disable them, set their URLs to `None` when creating your `FastAPI` app:
### Test Static Files UI { #test-static-files-ui }
Now, you should be able to disconnect your WiFi, go to your docs at <ahref="http://127.0.0.1:8000/docs"class="external-link"target="_blank">http://127.0.0.1:8000/docs</a>, and reload the page.
There are some cases where you might need to modify the generated OpenAPI schema.
In this section you will see how.
## The normal process
## The normal process { #the-normal-process }
The normal (default) process, is as follows.
@ -33,31 +33,31 @@ The parameter `summary` is available in OpenAPI 3.1.0 and above, supported by Fa
///
## Overriding the defaults
## Overriding the defaults { #overriding-the-defaults }
Using the information above, you can use the same utility function to generate the OpenAPI schema and override each part that you need.
For example, let's add <ahref="https://github.com/Rebilly/ReDoc/blob/master/docs/redoc-vendor-extensions.md#x-logo"class="external-link"target="_blank">ReDoc's OpenAPI extension to include a custom logo</a>.
### Normal **FastAPI**
### Normal **FastAPI** { #normal-fastapi }
First, write all your **FastAPI** application as normally:
Once you go to <ahref="http://127.0.0.1:8000/redoc"class="external-link"target="_blank">http://127.0.0.1:8000/redoc</a> you will see that you are using your custom logo (in this example, **FastAPI**'s logo):
# General - How To - Recipes { #general-how-to-recipes }
Here are several pointers to other places in the docs, for general or frequent questions.
## Filter Data - Security
## Filter Data - Security { #filter-data-security }
To ensure that you don't return more data than you should, read the docs for [Tutorial - Response Model - Return Type](../tutorial/response-model.md){.internal-link target=_blank}.
To add tags to your *path operations*, and group them in the docs UI, read the docs for [Tutorial - Path Operation Configurations - Tags](../tutorial/path-operation-configuration.md#tags){.internal-link target=_blank}.
## Documentation Summary and Description - OpenAPI
## Documentation Summary and Description - OpenAPI { #documentation-summary-and-description-openapi }
To add a summary and description to your *path operations*, and show them in the docs UI, read the docs for [Tutorial - Path Operation Configurations - Summary and Description](../tutorial/path-operation-configuration.md#summary-and-description){.internal-link target=_blank}.
To define the description of the response, shown in the docs UI, read the docs for [Tutorial - Path Operation Configurations - Response description](../tutorial/path-operation-configuration.md#response-description){.internal-link target=_blank}.
## Documentation Deprecate a *Path Operation* - OpenAPI
To deprecate a *path operation*, and show it in the docs UI, read the docs for [Tutorial - Path Operation Configurations - Deprecation](../tutorial/path-operation-configuration.md#deprecate-a-path-operation){.internal-link target=_blank}.
## Convert any Data to JSON-compatible
## Convert any Data to JSON-compatible { #convert-any-data-to-json-compatible }
To convert any data to JSON-compatible, read the docs for [Tutorial - JSON Compatible Encoder](../tutorial/encoder.md){.internal-link target=_blank}.
To add metadata to your OpenAPI schema, including a license, version, contact, etc, read the docs for [Tutorial - Metadata and Docs URLs](../tutorial/metadata.md){.internal-link target=_blank}.
## OpenAPI Custom URL
## OpenAPI Custom URL { #openapi-custom-url }
To customize the OpenAPI URL (or remove it), read the docs for [Tutorial - Metadata and Docs URLs](../tutorial/metadata.md#openapi-url){.internal-link target=_blank}.
## OpenAPI Docs URLs
## OpenAPI Docs URLs { #openapi-docs-urls }
To update the URLs used for the automatically generated docs user interfaces, read the docs for [Tutorial - Metadata and Docs URLs](../tutorial/metadata.md#docs-urls){.internal-link target=_blank}.
* With <ahref="https://github.com/ciscorn/starlette-graphene3"class="external-link"target="_blank">starlette-graphene3</a>
## GraphQL with Strawberry
## GraphQL with Strawberry { #graphql-with-strawberry }
If you need or want to work with **GraphQL**, <ahref="https://strawberry.rocks/"class="external-link"target="_blank">**Strawberry**</a> is the **recommended** library as it has the design closest to **FastAPI's** design, it's all based on **type annotations**.
@ -41,7 +41,7 @@ You can learn more about Strawberry in the <a href="https://strawberry.rocks/" c
And also the docs about <ahref="https://strawberry.rocks/docs/integrations/fastapi"class="external-link"target="_blank">Strawberry with FastAPI</a>.
## Older `GraphQLApp` from Starlette
## Older `GraphQLApp` from Starlette { #older-graphqlapp-from-starlette }
Previous versions of Starlette included a `GraphQLApp` class to integrate with <ahref="https://graphene-python.org/"class="external-link"target="_blank">Graphene</a>.
@ -53,7 +53,7 @@ If you need GraphQL, I still would recommend you check out <a href="https://stra
///
## Learn More
## Learn More { #learn-more }
You can learn more about **GraphQL** in the <ahref="https://graphql.org/"class="external-link"target="_blank">official GraphQL documentation</a>.
But if you use the same model as an output, like here:
@ -36,7 +36,7 @@ But if you use the same model as an output, like here:
...then because `description` has a default value, if you **don't return anything** for that field, it will still have that **default value**.
### Model for Output Response Data
### Model for Output Response Data { #model-for-output-response-data }
If you interact with the docs and check the response, even though the code didn't add anything in one of the `description` fields, the JSON response contains the default value (`null`):
@ -55,7 +55,7 @@ Because of that, the JSON Schema for a model can be different depending on if it
* for **input** the `description` will **not be required**
* for **output** it will be **required** (and possibly `None`, or in JSON terms, `null`)
### Model for Output in Docs
### Model for Output in Docs { #model-for-output-in-docs }
You can check the output model in the docs too, **both**`name` and `description` are marked as **required** with a **red asterisk**:
@ -63,7 +63,7 @@ You can check the output model in the docs too, **both** `name` and `description
### Model for Input and Output in Docs { #model-for-input-and-output-in-docs }
And if you check all the available Schemas (JSON Schemas) in OpenAPI, you will see that there are two, one `Item-Input` and one `Item-Output`.
@ -77,7 +77,7 @@ But for `Item-Output`, `description` is **required**, it has a red asterisk.
With this feature from **Pydantic v2**, your API documentation is more **precise**, and if you have autogenerated clients and SDKs, they will be more precise too, with a better **developer experience** and consistency. 🎉
## Do not Separate Schemas
## Do not Separate Schemas { #do-not-separate-schemas }
Now, there are some cases where you might want to have the **same schema for input and output**.
@ -93,7 +93,7 @@ Support for `separate_input_output_schemas` was added in FastAPI `0.102.0`. 🤓
You can study about databases, SQL, and SQLModel in the <ahref="https://sqlmodel.tiangolo.com/"class="external-link"target="_blank">SQLModel docs</a>. 🤓
"_[...] I'm using **FastAPI** a ton these days. [...] I'm actually planning to use it for all of my team's **ML services at Microsoft**. Some of them are getting integrated into the core **Windows** product and some **Office** products._"
@ -111,7 +111,7 @@ The key features are:
---
## **Typer**, the FastAPI of CLIs
## **Typer**, the FastAPI of CLIs { #typer-the-fastapi-of-clis }
@ -119,14 +119,14 @@ If you are building a <abbr title="Command Line Interface">CLI</abbr> app to be
**Typer** is FastAPI's little sibling. And it's intended to be the **FastAPI of CLIs**. ⌨️ 🚀
## Requirements
## Requirements { #requirements }
FastAPI stands on the shoulders of giants:
* <ahref="https://www.starlette.io/"class="external-link"target="_blank">Starlette</a> for the web parts.
* <ahref="https://docs.pydantic.dev/"class="external-link"target="_blank">Pydantic</a> for the data parts.
## Installation
## Installation { #installation }
Create and activate a <ahref="https://fastapi.tiangolo.com/virtual-environments/"class="external-link"target="_blank">virtual environment</a> and then install FastAPI:
**Note**: Make sure you put `"fastapi[standard]"` in quotes to ensure it works in all terminals.
## Example
## Example { #example }
### Create it
### Create it { #create-it }
Create a file `main.py` with:
@ -195,7 +195,7 @@ If you don't know, check the _"In a hurry?"_ section about <a href="https://fast
</details>
### Run it
### Run it { #run-it }
Run the server with:
@ -237,7 +237,7 @@ You can read more about it in the <a href="https://fastapi.tiangolo.com/fastapi-
</details>
### Check it
### Check it { #check-it }
Open your browser at <ahref="http://127.0.0.1:8000/items/5?q=somequery"class="external-link"target="_blank">http://127.0.0.1:8000/items/5?q=somequery</a>.
@ -254,7 +254,7 @@ You already created an API that:
* The _path_`/items/{item_id}` has a _path parameter_`item_id` that should be an `int`.
* The _path_`/items/{item_id}` has an optional `str`_query parameter_`q`.
### Interactive API docs
### Interactive API docs { #interactive-api-docs }
Now go to <ahref="http://127.0.0.1:8000/docs"class="external-link"target="_blank">http://127.0.0.1:8000/docs</a>.
@ -262,7 +262,7 @@ You will see the automatic interactive API documentation (provided by <a href="h
In summary, you declare **once** the types of parameters, body, etc. as function parameters.
@ -444,17 +444,17 @@ For a more complete example including more features, see the <a href="https://fa
* **Cookie Sessions**
* ...and more.
## Performance
## Performance { #performance }
Independent TechEmpower benchmarks show **FastAPI** applications running under Uvicorn as <ahref="https://www.techempower.com/benchmarks/#section=test&runid=7464e520-0dc2-473d-bd34-dbdfd7e85911&hw=ph&test=query&l=zijzen-7"class="external-link"target="_blank">one of the fastest Python frameworks available</a>, only below Starlette and Uvicorn themselves (used internally by FastAPI). (*)
To understand more about it, see the section <ahref="https://fastapi.tiangolo.com/benchmarks/"class="internal-link"target="_blank">Benchmarks</a>.
When you install FastAPI with `pip install "fastapi[standard]"` it comes with the `standard` group of optional dependencies:
@ -474,15 +474,15 @@ Used by FastAPI:
* `fastapi-cli[standard]` - to provide the `fastapi` command.
* This includes `fastapi-cloud-cli`, which allows you to deploy your FastAPI application to <ahref="https://fastapicloud.com"class="external-link"target="_blank">FastAPI Cloud</a>.
### Without `standard` Dependencies
### Without `standard` Dependencies { #without-standard-dependencies }
If you don't want to include the `standard` optional dependencies, you can install with `pip install fastapi` instead of `pip install "fastapi[standard]"`.
### Without `fastapi-cloud-cli`
### Without `fastapi-cloud-cli` { #without-fastapi-cloud-cli }
If you want to install FastAPI with the standard dependencies but without the `fastapi-cloud-cli`, you can install with `pip install "fastapi[standard-no-fastapi-cloud-cli]"`.
# Full Stack FastAPI Template { #full-stack-fastapi-template }
Templates, while typically come with a specific setup, are designed to be flexible and customizable. This allows you to modify and adapt them to your project's requirements, making them an excellent starting point. 🏁
@ -6,7 +6,7 @@ You can use this template to get started, as it includes a lot of the initial se
### Generic types with type parameters { #generic-types-with-type-parameters }
There are some data structures that can contain other values, like `dict`, `list`, `set` and `tuple`. And the internal values can have their own type too.
@ -143,7 +143,7 @@ These types that have internal types are called "**generic**" types. And it's po
To declare those types and the internal types, you can use the standard Python module `typing`. It exists specifically to support these type hints.
#### Newer versions of Python
#### Newer versions of Python { #newer-versions-of-python }
The syntax using `typing` is **compatible** with all versions, from Python 3.6 to the latest ones, including Python 3.9, Python 3.10, etc.
@ -157,7 +157,7 @@ For example "**Python 3.6+**" means it's compatible with Python 3.6 or above (in
If you can use the **latest versions of Python**, use the examples for the latest version, those will have the **best and simplest syntax**, for example, "**Python 3.10+**".
#### List
#### List { #list }
For example, let's define a variable to be a `list` of `str`.
@ -221,7 +221,7 @@ Notice that the variable `item` is one of the elements in the list `items`.
And still, the editor knows it is a `str`, and provides support for that.
#### Tuple and Set
#### Tuple and Set { #tuple-and-set }
You would do the same to declare `tuple`s and `set`s:
@ -246,7 +246,7 @@ This means:
* The variable `items_t` is a `tuple` with 3 items, an `int`, another `int`, and a `str`.
* The variable `items_s` is a `set`, and each of its items is of type `bytes`.
#### Dict
#### Dict { #dict }
To define a `dict`, you pass 2 type parameters, separated by commas.
@ -276,7 +276,7 @@ This means:
* The keys of this `dict` are of type `str` (let's say, the name of each item).
* The values of this `dict` are of type `float` (let's say, the price of each item).
#### Union
#### Union { #union }
You can declare that a variable can be any of **several types**, for example, an `int` or a `str`.
@ -302,7 +302,7 @@ In Python 3.10 there's also a **new syntax** where you can put the possible type
In both cases this means that `item` could be an `int` or a `str`.
#### Possibly `None`
#### Possibly `None` { #possibly-none }
You can declare that a value could have a type, like `str`, but that it could also be `None`.
@ -342,7 +342,7 @@ This also means that in Python 3.10, you can use `Something | None`:
////
#### Using `Union` or `Optional`
#### Using `Union` or `Optional` { #using-union-or-optional }
If you are using a Python version below 3.10, here's a tip from my very **subjective** point of view:
@ -377,7 +377,7 @@ The good news is, once you are on Python 3.10 you won't have to worry about that
And then you won't have to worry about names like `Optional` and `Union`. 😎
#### Generic types
#### Generic types { #generic-types }
These types that take type parameters in square brackets are called **Generic types** or **Generics**, for example:
@ -429,7 +429,7 @@ And the same as with Python 3.8, from the `typing` module:
////
### Classes as types
### Classes as types { #classes-as-types }
You can also declare a class as the type of a variable.
@ -449,7 +449,7 @@ Notice that this means "`one_person` is an **instance** of the class `Person`".
It doesn't mean "`one_person` is the **class** called `Person`".
## Pydantic models
## Pydantic models { #pydantic-models }
<ahref="https://docs.pydantic.dev/"class="external-link"target="_blank">Pydantic</a> is a Python library to perform data validation.
@ -503,7 +503,7 @@ Pydantic has a special behavior when you use `Optional` or `Union[Something, Non
///
## Type Hints with Metadata Annotations
## Type Hints with Metadata Annotations { #type-hints-with-metadata-annotations }
Python also has a feature that allows putting **additional <abbr title="Data about the data, in this case, information about the type, e.g. a description.">metadata</abbr>** in these type hints using `Annotated`.
@ -547,7 +547,7 @@ And also that your code will be very compatible with many other Python tools and
///
## Type hints in **FastAPI**
## Type hints in **FastAPI** { #type-hints-in-fastapi }
**FastAPI** takes advantage of these type hints to do several things.
You can define background tasks to be run *after* returning a response.
@ -11,7 +11,7 @@ This includes, for example:
* Processing data:
* For example, let's say you receive a file that must go through a slow process, you can return a response of "Accepted" (HTTP 202) and process the file in the background.
## Using `BackgroundTasks`
## Using `BackgroundTasks` { #using-backgroundtasks }
First, import `BackgroundTasks` and define a parameter in your *path operation function* with a type declaration of `BackgroundTasks`:
@ -19,7 +19,7 @@ First, import `BackgroundTasks` and define a parameter in your *path operation f
**FastAPI** will create the object of type `BackgroundTasks` for you and pass it as that parameter.
## Create a task function
## Create a task function { #create-a-task-function }
Create a function to be run as the background task.
@ -33,7 +33,7 @@ And as the write operation doesn't use `async` and `await`, we define the functi
## Add the background task { #add-the-background-task }
Inside of your *path operation function*, pass your task function to the *background tasks* object with the method `.add_task()`:
@ -45,7 +45,7 @@ Inside of your *path operation function*, pass your task function to the *backgr
* Any sequence of arguments that should be passed to the task function in order (`email`).
* Any keyword arguments that should be passed to the task function (`message="some notification"`).
## Dependency Injection
## Dependency Injection { #dependency-injection }
Using `BackgroundTasks` also works with the dependency injection system, you can declare a parameter of type `BackgroundTasks` at multiple levels: in a *path operation function*, in a dependency (dependable), in a sub-dependency, etc.
@ -61,7 +61,7 @@ If there was a query in the request, it will be written to the log in a backgrou
And then another background task generated at the *path operation function* will write a message using the `email` path parameter.
## Technical Details
## Technical Details { #technical-details }
The class `BackgroundTasks` comes directly from <ahref="https://www.starlette.io/background/"class="external-link"target="_blank">`starlette.background`</a>.
@ -73,7 +73,7 @@ It's still possible to use `BackgroundTask` alone in FastAPI, but you have to cr
You can see more details in <ahref="https://www.starlette.io/background/"class="external-link"target="_blank">Starlette's official docs for Background Tasks</a>.
## Caveat
## Caveat { #caveat }
If you need to perform heavy background computation and you don't necessarily need it to be run by the same process (for example, you don't need to share memory, variables, etc), you might benefit from using other bigger tools like <ahref="https://docs.celeryq.dev"class="external-link"target="_blank">Celery</a>.
@ -81,6 +81,6 @@ They tend to require more complex configurations, a message/job queue manager, l
But if you need to access variables and objects from the same **FastAPI** app, or you need to perform small background tasks (like sending an email notification), you can simply just use `BackgroundTasks`.
## Recap
## Recap { #recap }
Import and use `BackgroundTasks` with parameters in *path operation functions* and dependencies to add background tasks.
### Import the `APIRouter` { #import-the-apirouter }
Now we import the other submodules that have `APIRouter`s:
@ -357,7 +357,7 @@ Now we import the other submodules that have `APIRouter`s:
As the files `app/routers/users.py` and `app/routers/items.py` are submodules that are part of the same Python package `app`, we can use a single dot `.` to import them using "relative imports".
### How the importing works
### How the importing works { #how-the-importing-works }
The section:
@ -399,7 +399,7 @@ To learn more about Python Packages and Modules, read <a href="https://docs.pyth
///
### Avoid name collisions
### Avoid name collisions { #avoid-name-collisions }
We are importing the submodule `items` directly, instead of importing just its variable `router`.
@ -420,7 +420,7 @@ So, to be able to use both of them in the same file, we import the submodules di
### Include the `APIRouter`s for `users` and `items`
### Include the `APIRouter`s for `users` and `items` { #include-the-apirouter-s-for-users-and-items }
Now, let's include the `router`s from the submodules `users` and `items`:
@ -458,7 +458,7 @@ So it won't affect performance. ⚡
///
### Include an `APIRouter` with a custom `prefix`, `tags`, `responses`, and `dependencies`
### Include an `APIRouter` with a custom `prefix`, `tags`, `responses`, and `dependencies` { #include-an-apirouter-with-a-custom-prefix-tags-responses-and-dependencies }
Now, let's imagine your organization gave you the `app/internal/admin.py` file.
@ -491,7 +491,7 @@ But that will only affect that `APIRouter` in our app, not in any other code tha
So, for example, other projects could use the same `APIRouter` with a different authentication method.
### Include a *path operation*
### Include a *path operation* { #include-a-path-operation }
We can also add *path operations* directly to the `FastAPI` app.
@ -517,7 +517,7 @@ As we cannot just isolate them and "mount" them independently of the rest, the *
///
## Check the automatic API docs
## Check the automatic API docs { #check-the-automatic-api-docs }
Now, run your app:
@ -537,7 +537,7 @@ You will see the automatic API docs, including the paths from all the submodules
The same way you can declare additional validation and metadata in *path operation function* parameters with `Query`, `Path` and `Body`, you can declare validation and metadata inside of Pydantic models using Pydantic's `Field`.
## Import `Field`
## Import `Field` { #import-field }
First, you have to import it:
@ -15,7 +15,7 @@ Notice that `Field` is imported directly from `pydantic`, not from `fastapi` as
///
## Declare model attributes
## Declare model attributes { #declare-model-attributes }
You can then use `Field` with model attributes:
@ -41,7 +41,7 @@ Notice how each model's attribute with a type, default value and `Field` has the
///
## Add extra information
## Add extra information { #add-extra-information }
You can declare extra information in `Field`, `Query`, `Body`, etc. And it will be included in the generated JSON Schema.
@ -54,7 +54,7 @@ As these keys may not necessarily be part of the OpenAPI specification, some Ope
///
## Recap
## Recap { #recap }
You can use Pydantic's `Field` to declare extra validations and metadata for model attributes.
### Use the submodel as a type { #use-the-submodel-as-a-type }
And then we can use it as the type of an attribute:
@ -112,7 +112,7 @@ Again, doing just that declaration, with **FastAPI** you get:
* Data validation
* Automatic documentation
## Special types and validation
## Special types and validation { #special-types-and-validation }
Apart from normal singular types like `str`, `int`, `float`, etc. you can use more complex singular types that inherit from `str`.
@ -124,7 +124,7 @@ For example, as in the `Image` model we have a `url` field, we can declare it to
The string will be checked to be a valid URL, and documented in JSON Schema / OpenAPI as such.
## Attributes with lists of submodels
## Attributes with lists of submodels { #attributes-with-lists-of-submodels }
You can also use Pydantic models as subtypes of `list`, `set`, etc.:
@ -162,7 +162,7 @@ Notice how the `images` key now has a list of image objects.
///
## Deeply nested models
## Deeply nested models { #deeply-nested-models }
You can define arbitrarily deeply nested models:
@ -174,7 +174,7 @@ Notice how `Offer` has a list of `Item`s, which in turn have an optional list of
///
## Bodies of pure lists
## Bodies of pure lists { #bodies-of-pure-lists }
If the top level value of the JSON body you expect is a JSON `array` (a Python `list`), you can declare the type in the parameter of the function, the same as in Pydantic models:
## Update replacing with `PUT` { #update-replacing-with-put }
To update an item you can use the <ahref="https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/PUT"class="external-link"target="_blank">HTTP `PUT`</a> operation.
@ -10,7 +10,7 @@ You can use the `jsonable_encoder` to convert the input data to data that can be
`PUT` is used to receive data that should replace the existing data.
### Warning about replacing
### Warning about replacing { #warning-about-replacing }
That means that if you want to update the item `bar` using `PUT` with a body containing:
@ -26,7 +26,7 @@ because it doesn't include the already stored attribute `"tax": 20.2`, the input
And the data would be saved with that "new" `tax` of `10.5`.
## Partial updates with `PATCH`
## Partial updates with `PATCH` { #partial-updates-with-patch }
You can also use the <ahref="https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/PATCH"class="external-link"target="_blank">HTTP `PATCH`</a> operation to *partially* update data.
@ -44,7 +44,7 @@ But this guide shows you, more or less, how they are intended to be used.
///
### Using Pydantic's `exclude_unset` parameter
### Using Pydantic's `exclude_unset` parameter { #using-pydantic-s-exclude-unset-parameter }
If you want to receive partial updates, it's very useful to use the parameter `exclude_unset` in Pydantic's model's `.model_dump()`.
@ -64,7 +64,7 @@ Then you can use this to generate a `dict` with only the data that was set (sent
## Create your data model { #create-your-data-model }
Then you declare your data model as a class that inherits from `BaseModel`.
@ -55,7 +55,7 @@ For example, this model above declares a JSON "`object`" (or Python `dict`) like
}
```
## Declare it as a parameter
## Declare it as a parameter { #declare-it-as-a-parameter }
To add it to your *path operation*, declare it the same way you declared path and query parameters:
@ -63,7 +63,7 @@ To add it to your *path operation*, declare it the same way you declared path an
...and declare its type as the model you created, `Item`.
## Results
## Results { #results }
With just that Python type declaration, **FastAPI** will:
@ -76,7 +76,7 @@ With just that Python type declaration, **FastAPI** will:
* Generate <ahref="https://json-schema.org"class="external-link"target="_blank">JSON Schema</a> definitions for your model, you can also use them anywhere else you like if it makes sense for your project.
* Those schemas will be part of the generated OpenAPI schema, and used by the automatic documentation <abbrtitle="User Interfaces">UIs</abbr>.
## Automatic docs
## Automatic docs { #automatic-docs }
The JSON Schemas of your models will be part of your OpenAPI generated schema, and will be shown in the interactive API docs:
@ -86,7 +86,7 @@ And will also be used in the API docs inside each *path operation* that needs th
<imgsrc="/img/tutorial/body/image02.png">
## Editor support
## Editor support { #editor-support }
In your editor, inside your function you will get type hints and completion everywhere (this wouldn't happen if you received a `dict` instead of a Pydantic model):
@ -122,13 +122,13 @@ It improves editor support for Pydantic models, with:
///
## Use the model
## Use the model { #use-the-model }
Inside of the function, you can access all the attributes of the model object directly:
{* ../../docs_src/body/tutorial002_py310.py *}
## Request body + path parameters
## Request body + path parameters { #request-body-path-parameters }
You can declare path parameters and request body at the same time.
@ -137,7 +137,7 @@ You can declare path parameters and request body at the same time.
You can also declare **body**, **path** and **query** parameters, all at the same time.
@ -161,6 +161,6 @@ But adding the type annotations will allow your editor to give you better suppor
///
## Without Pydantic
## Without Pydantic { #without-pydantic }
If you don't want to use Pydantic models, you can also use **Body** parameters. See the docs for [Body - Multiple Parameters: Singular values in body](body-multiple-params.md#singular-values-in-body){.internal-link target=_blank}.
# CORS (Cross-Origin Resource Sharing) { #cors-cross-origin-resource-sharing }
<ahref="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS"class="external-link"target="_blank">CORS or "Cross-Origin Resource Sharing"</a> refers to the situations when a frontend running in a browser has JavaScript code that communicates with a backend, and the backend is in a different "origin" than the frontend.
## Origin
## Origin { #origin }
An origin is the combination of protocol (`http`, `https`), domain (`myapp.com`, `localhost`, `localhost.tiangolo.com`), and port (`80`, `443`, `8080`).
@ -14,7 +14,7 @@ So, all these are different origins:
Even if they are all in `localhost`, they use different protocols or ports, so, they are different "origins".
## Steps
## Steps { #steps }
So, let's say you have a frontend running in your browser at `http://localhost:8080`, and its JavaScript is trying to communicate with a backend running at `http://localhost` (because we don't specify a port, the browser will assume the default port `80`).
@ -24,7 +24,7 @@ To achieve this, the `:80`-backend must have a list of "allowed origins".
In this case, the list would have to include `http://localhost:8080` for the `:8080`-frontend to work correctly.
## Wildcards
## Wildcards { #wildcards }
It's also possible to declare the list as `"*"` (a "wildcard") to say that all are allowed.
@ -32,7 +32,7 @@ But that will only allow certain types of communication, excluding everything th
So, for everything to work correctly, it's better to specify explicitly the allowed origins.
## Use `CORSMiddleware`
## Use `CORSMiddleware` { #use-corsmiddleware }
You can configure it in your **FastAPI** application using the `CORSMiddleware`.
@ -66,17 +66,17 @@ The following arguments are supported:
The middleware responds to two particular types of HTTP request...
### CORS preflight requests
### CORS preflight requests { #cors-preflight-requests }
These are any `OPTIONS` request with `Origin` and `Access-Control-Request-Method` headers.
In this case the middleware will intercept the incoming request and respond with appropriate CORS headers, and either a `200` or `400` response for informational purposes.
### Simple requests
### Simple requests { #simple-requests }
Any request with an `Origin` header. In this case the middleware will pass the request through as normal, but will include appropriate CORS headers on the response.
## More info
## More info { #more-info }
For more info about <abbrtitle="Cross-Origin Resource Sharing">CORS</abbr>, check the <ahref="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS"class="external-link"target="_blank">Mozilla CORS documentation</a>.
### About `__name__ == "__main__"` { #about-name-main }
The main purpose of the `__name__ == "__main__"` is to have some code that is executed when your file is called with:
@ -26,7 +26,7 @@ but is not called when another file imports it, like in:
from myapp import app
```
#### More details
#### More details { #more-details }
Let's say your file is named `myapp.py`.
@ -78,7 +78,7 @@ For more information, check <a href="https://docs.python.org/3/library/__main__.
///
## Run your code with your debugger
## Run your code with your debugger { #run-your-code-with-your-debugger }
Because you are running the Uvicorn server directly from your code, you can call your Python program (your FastAPI application) directly from the debugger.
## Classes as dependencies { #classes-as-dependencies }
You might notice that to create an instance of a Python class, you use that same syntax.
@ -89,7 +89,7 @@ In both cases, it will have:
In both cases the data will be converted, validated, documented on the OpenAPI schema, etc.
## Use it
## Use it { #use-it }
Now you can declare your dependency using this class.
@ -97,7 +97,7 @@ Now you can declare your dependency using this class.
**FastAPI** calls the `CommonQueryParams` class. This creates an "instance" of that class and the instance will be passed as the parameter `commons` to your function.
## Type annotation vs `Depends`
## Type annotation vs `Depends` { #type-annotation-vs-depends }
Notice how we write `CommonQueryParams` twice in the above code:
@ -193,7 +193,7 @@ But declaring the type is encouraged as that way your editor will know what will
<imgsrc="/img/tutorial/dependencies/image02.png">
## Shortcut
## Shortcut { #shortcut }
But you see that we are having some code repetition here, writing `CommonQueryParams` twice:
# Dependencies in path operation decorators { #dependencies-in-path-operation-decorators }
In some cases you don't really need the return value of a dependency inside your *path operation function*.
@ -8,7 +8,7 @@ But you still need it to be executed/solved.
For those cases, instead of declaring a *path operation function* parameter with `Depends`, you can add a `list` of `dependencies` to the *path operation decorator*.
## Add `dependencies` to the *path operation decorator*
## Add `dependencies` to the *path operation decorator* { #add-dependencies-to-the-path-operation-decorator }
The *path operation decorator* receives an optional argument `dependencies`.
@ -36,23 +36,23 @@ But in real cases, when implementing security, you would get more benefits from
///
## Dependencies errors and return values
## Dependencies errors and return values { #dependencies-errors-and-return-values }
You can use the same dependency *functions* you use normally.
## Dependencies for a group of *path operations* { #dependencies-for-a-group-of-path-operations }
Later, when reading about how to structure bigger applications ([Bigger Applications - Multiple Files](../../tutorial/bigger-applications.md){.internal-link target=_blank}), possibly with multiple files, you will learn how to declare a single `dependencies` parameter for a group of *path operations*.
## Global Dependencies
## Global Dependencies { #global-dependencies }
Next we will see how to add dependencies to the whole `FastAPI` application, so that they apply to each *path operation*.
# Dependencies with yield { #dependencies-with-yield }
FastAPI supports dependencies that do some <abbrtitle='sometimes also called "exit code", "cleanup code", "teardown code", "closing code", "context manager exit code", etc.'>extra steps after finishing</abbr>.
@ -23,7 +23,7 @@ In fact, FastAPI uses those two decorators internally.
///
## A database dependency with `yield`
## A database dependency with `yield` { #a-database-dependency-with-yield }
For example, you could use this to create a database session and close it after finishing.
@ -47,7 +47,7 @@ You can use `async` or regular functions.
///
## A dependency with `yield` and `try`
## A dependency with `yield` and `try` { #a-dependency-with-yield-and-try }
If you use a `try` block in a dependency with `yield`, you'll receive any exception that was thrown when using the dependency.
@ -59,7 +59,7 @@ In the same way, you can use `finally` to make sure the exit steps are executed,
## Sub-dependencies with `yield` { #sub-dependencies-with-yield }
You can have sub-dependencies and "trees" of sub-dependencies of any size and shape, and any or all of them can use `yield`.
@ -93,7 +93,7 @@ This works thanks to Python's <a href="https://docs.python.org/3/library/context
///
## Dependencies with `yield` and `HTTPException`
## Dependencies with `yield` and `HTTPException` { #dependencies-with-yield-and-httpexception }
You saw that you can use dependencies with `yield` and have `try` blocks that catch exceptions.
@ -111,7 +111,7 @@ But it's there for you if you need it. 🤓
An alternative you could use to catch exceptions (and possibly also raise another `HTTPException`) is to create a [Custom Exception Handler](../handling-errors.md#install-custom-exception-handlers){.internal-link target=_blank}.
## Dependencies with `yield` and `except`
## Dependencies with `yield` and `except` { #dependencies-with-yield-and-except }
If you catch an exception using `except` in a dependency with `yield` and you don't raise it again (or raise a new exception), FastAPI won't be able to notice there was an exception, the same way that would happen with regular Python:
@ -119,7 +119,7 @@ If you catch an exception using `except` in a dependency with `yield` and you do
In this case, the client will see an *HTTP 500 Internal Server Error* response as it should, given that we are not raising an `HTTPException` or similar, but the server will **not have any logs** or any other indication of what was the error. 😱
### Always `raise` in Dependencies with `yield` and `except`
### Always `raise` in Dependencies with `yield` and `except` { #always-raise-in-dependencies-with-yield-and-except }
If you catch an exception in a dependency with `yield`, unless you are raising another `HTTPException` or similar, you should re-raise the original exception.
@ -129,7 +129,7 @@ You can re-raise the same exception using `raise`:
Now the client will get the same *HTTP 500 Internal Server Error* response, but the server will have our custom `InternalError` in the logs. 😎
## Execution of dependencies with `yield`
## Execution of dependencies with `yield` { #execution-of-dependencies-with-yield }
The sequence of execution is more or less like this diagram. Time flows from top to bottom. And each column is one of the parts interacting or executing code.
@ -184,7 +184,7 @@ If you raise any exception, it will be passed to the dependencies with yield, in
///
## Dependencies with `yield`, `HTTPException`, `except` and Background Tasks
## Dependencies with `yield`, `HTTPException`, `except` and Background Tasks { #dependencies-with-yield-httpexception-except-and-background-tasks }
/// warning
@ -194,13 +194,13 @@ These details are useful mainly if you were using a version of FastAPI prior to
///
### Dependencies with `yield` and `except`, Technical Details
### Dependencies with `yield` and `except`, Technical Details { #dependencies-with-yield-and-except-technical-details }
Before FastAPI 0.110.0, if you used a dependency with `yield`, and then you captured an exception with `except` in that dependency, and you didn't raise the exception again, the exception would be automatically raised/forwarded to any exception handlers or the internal server error handler.
This was changed in version 0.110.0 to fix unhandled memory consumption from forwarded exceptions without a handler (internal server errors), and to make it consistent with the behavior of regular Python code.
### Background Tasks and Dependencies with `yield`, Technical Details
### Background Tasks and Dependencies with `yield`, Technical Details { #background-tasks-and-dependencies-with-yield-technical-details }
Before FastAPI 0.106.0, raising exceptions after `yield` was not possible, the exit code in dependencies with `yield` was executed *after* the response was sent, so [Exception Handlers](../handling-errors.md#install-custom-exception-handlers){.internal-link target=_blank} would have already run.
@ -220,9 +220,9 @@ If you used to rely on this behavior, now you should create the resources for ba
For example, instead of using the same database session, you would create a new database session inside of the background task, and you would obtain the objects from the database using this new session. And then instead of passing the object from the database as a parameter to the background task function, you would pass the ID of that object and then obtain the object again inside the background task function.
## Context Managers
## Context Managers { #context-managers }
### What are "Context Managers"
### What are "Context Managers" { #what-are-context-managers }
"Context Managers" are any of those Python objects that you can use in a `with` statement.
@ -240,7 +240,7 @@ When the `with` block finishes, it makes sure to close the file, even if there w
When you create a dependency with `yield`, **FastAPI** will internally create a context manager for it, and combine it with some other related tools.
### Using context managers in dependencies with `yield`
### Using context managers in dependencies with `yield` { #using-context-managers-in-dependencies-with-yield }
For some types of applications you might want to add dependencies to the whole application.
@ -11,6 +11,6 @@ In that case, they will be applied to all the *path operations* in the applicati
And all the ideas in the section about [adding `dependencies` to the *path operation decorators*](dependencies-in-path-operation-decorators.md){.internal-link target=_blank} still apply, but in this case, to all of the *path operations* in the app.
## Dependencies for groups of *path operations*
## Dependencies for groups of *path operations* { #dependencies-for-groups-of-path-operations }
Later, when reading about how to structure bigger applications ([Bigger Applications - Multiple Files](../../tutorial/bigger-applications.md){.internal-link target=_blank}), possibly with multiple files, you will learn how to declare a single `dependencies` parameter for a group of *path operations*.
**FastAPI** has a very powerful but intuitive **<abbrtitle="also known as components, resources, providers, services, injectables">Dependency Injection</abbr>** system.
It is designed to be very simple to use, and to make it very easy for any developer to integrate other components with **FastAPI**.
## What is "Dependency Injection"
## What is "Dependency Injection" { #what-is-dependency-injection }
**"Dependency Injection"** means, in programming, that there is a way for your code (in this case, your *path operation functions*) to declare things that it requires to work and use: "dependencies".
@ -19,13 +19,13 @@ This is very useful when you need to:
All these, while minimizing code repetition.
## First Steps
## First Steps { #first-steps }
Let's see a very simple example. It will be so simple that it is not very useful, for now.
But this way we can focus on how the **Dependency Injection** system works.
### Create a dependency, or "dependable"
### Create a dependency, or "dependable" { #create-a-dependency-or-dependable }
Let's first focus on the dependency.
@ -61,11 +61,11 @@ Make sure you [Upgrade the FastAPI version](../../deployment/versions.md#upgradi
In the examples above, you see that there's a tiny bit of **code duplication**.
@ -140,7 +140,7 @@ The dependencies will keep working as expected, and the **best part** is that th
This will be especially useful when you use it in a **large code base** where you use **the same dependencies** over and over again in **many *path operations***.
## To `async` or not to `async`
## To `async` or not to `async` { #to-async-or-not-to-async }
As dependencies will also be called by **FastAPI** (the same as your *path operation functions*), the same rules apply while defining your functions.
@ -156,7 +156,7 @@ If you don't know, check the [Async: *"In a hurry?"*](../../async.md#in-a-hurry)
///
## Integrated with OpenAPI
## Integrated with OpenAPI { #integrated-with-openapi }
All the request declarations, validations and requirements of your dependencies (and sub-dependencies) will be integrated in the same OpenAPI schema.
@ -164,7 +164,7 @@ So, the interactive docs will have all the information from these dependencies t
<imgsrc="/img/tutorial/dependencies/image01.png">
## Simple usage
## Simple usage { #simple-usage }
If you look at it, *path operation functions* are declared to be used whenever a *path* and *operation* matches, and then **FastAPI** takes care of calling the function with the correct parameters, extracting the data from the request.
@ -182,7 +182,7 @@ Other common terms for this same idea of "dependency injection" are:
* injectables
* components
## **FastAPI** plug-ins
## **FastAPI** plug-ins { #fastapi-plug-ins }
Integrations and "plug-ins" can be built using the **Dependency Injection** system. But in fact, there is actually **no need to create "plug-ins"**, as by using dependencies it's possible to declare an infinite number of integrations and interactions that become available to your *path operation functions*.
@ -190,7 +190,7 @@ And dependencies can be created in a very simple and intuitive way that allows y
You will see examples of this in the next chapters, about relational and NoSQL databases, security, etc.
## Using the same dependency multiple times { #using-the-same-dependency-multiple-times }
If one of your dependencies is declared multiple times for the same *path operation*, for example, multiple dependencies have a common sub-dependency, **FastAPI** will know to call that sub-dependency only once per request.
There are some cases where you might need to convert a data type (like a Pydantic model) to something compatible with JSON (like a `dict`, `list`, etc).
@ -6,7 +6,7 @@ For example, if you need to store it in a database.
For that, **FastAPI** provides a `jsonable_encoder()` function.
## Using the `jsonable_encoder`
## Using the `jsonable_encoder` { #using-the-jsonable-encoder }
Let's imagine that you have a database `fake_db` that only receives JSON compatible data.
Up to now, you have been using common data types, like:
@ -17,7 +17,7 @@ And you will still have the same features as seen up to now:
* Data validation.
* Automatic annotation and documentation.
## Other data types
## Other data types { #other-data-types }
Here are some of the additional data types you can use:
@ -51,7 +51,7 @@ Here are some of the additional data types you can use:
* In requests and responses, handled the same as a `float`.
* You can check all the valid Pydantic data types here: <ahref="https://docs.pydantic.dev/latest/usage/types/types/"class="external-link"target="_blank">Pydantic data types</a>.
## Example
## Example { #example }
Here's an example *path operation* with parameters using some of the above types.
Continuing with the previous example, it will be common to have more than one related model.
@ -16,7 +16,7 @@ If you don't know, you will learn what a "password hash" is in the [security cha
///
## Multiple models
## Multiple models { #multiple-models }
Here's a general idea of how the models could look like with their password fields and the places where they are used:
@ -31,9 +31,9 @@ The examples here use `.dict()` for compatibility with Pydantic v1, but you shou
///
### About `**user_in.dict()`
### About `**user_in.dict()` { #about-user-in-dict }
#### Pydantic's `.dict()`
#### Pydantic's `.dict()` { #pydantic-s-dict }
`user_in` is a Pydantic model of class `UserIn`.
@ -70,7 +70,7 @@ we would get a Python `dict` with:
}
```
#### Unpacking a `dict`
#### Unpacking a `dict` { #unpacking-a-dict }
If we take a `dict` like `user_dict` and pass it to a function (or class) with `**user_dict`, Python will "unpack" it. It will pass the keys and values of the `user_dict` directly as key-value arguments.
@ -102,7 +102,7 @@ UserInDB(
)
```
#### A Pydantic model from the contents of another
#### A Pydantic model from the contents of another { #a-pydantic-model-from-the-contents-of-another }
As in the example above we got `user_dict` from `user_in.dict()`, this code:
@ -121,7 +121,7 @@ UserInDB(**user_in.dict())
So, we get a Pydantic model from the data in another Pydantic model.
#### Unpacking a `dict` and extra keywords
#### Unpacking a `dict` and extra keywords { #unpacking-a-dict-and-extra-keywords }
And then adding the extra keyword argument `hashed_password=hashed_password`, like in:
@ -147,7 +147,7 @@ The supporting additional functions `fake_password_hasher` and `fake_save_user`
///
## Reduce duplication
## Reduce duplication { #reduce-duplication }
Reducing code duplication is one of the core ideas in **FastAPI**.
@ -165,7 +165,7 @@ That way, we can declare just the differences between the models (with plaintext
But if we put that in the assignment `response_model=PlaneItem | CarItem` we would get an error, because Python would try to perform an **invalid operation** between `PlaneItem` and `CarItem` instead of interpreting that as a type annotation.
## List of models
## List of models { #list-of-models }
The same way, you can declare responses of lists of objects.
@ -205,7 +205,7 @@ For that, use the standard Python `typing.List` (or just `list` in Python 3.9 an
**FastAPI** generates a "schema" with all your API using the **OpenAPI** standard for defining APIs.
#### "Schema"
#### "Schema" { #schema }
A "schema" is a definition or description of something. Not the code that implements it, but just an abstract description.
#### API "schema"
#### API "schema" { #api-schema }
In this case, <ahref="https://github.com/OAI/OpenAPI-Specification"class="external-link"target="_blank">OpenAPI</a> is a specification that dictates how to define a schema of your API.
This schema definition includes your API paths, the possible parameters they take, etc.
#### Data "schema"
#### Data "schema" { #data-schema }
The term "schema" might also refer to the shape of some data, like a JSON content.
In that case, it would mean the JSON attributes, and data types they have, etc.
#### OpenAPI and JSON Schema
#### OpenAPI and JSON Schema { #openapi-and-json-schema }
OpenAPI defines an API schema for your API. And that schema includes definitions (or "schemas") of the data sent and received by your API using **JSON Schema**, the standard for JSON data schemas.
#### Check the `openapi.json`
#### Check the `openapi.json` { #check-the-openapi-json }
If you are curious about how the raw OpenAPI schema looks like, FastAPI automatically generates a JSON (schema) with the descriptions of all your API.
@ -135,7 +135,7 @@ It will show a JSON starting with something like:
...
```
#### What is OpenAPI for
#### What is OpenAPI for { #what-is-openapi-for }
The OpenAPI schema is what powers the two interactive documentation systems included.
@ -143,9 +143,9 @@ And there are dozens of alternatives, all based on OpenAPI. You could easily add
You could also use it to generate code automatically, for clients that communicate with your API. For example, frontend, mobile or IoT applications.
@ -314,7 +314,7 @@ You can also return Pydantic models (you'll see more about that later).
There are many other objects and models that will be automatically converted to JSON (including ORMs, etc). Try using your favorite ones, it's highly probable that they are already supported.
### The resulting response { #the-resulting-response }
If the client requests `http://example.com/items/foo` (an `item_id``"foo"`), that client will receive an HTTP status code of 200, and a JSON response of:
@ -69,7 +69,7 @@ They are handled automatically by **FastAPI** and converted to JSON.
///
## Add custom headers
## Add custom headers { #add-custom-headers }
There are some situations in where it's useful to be able to add custom headers to the HTTP error. For example, for some types of security.
@ -79,7 +79,7 @@ But in case you needed it for an advanced scenario, you can add custom headers:
You can add custom exception handlers with <ahref="https://www.starlette.io/exceptions/"class="external-link"target="_blank">the same exception utilities from Starlette</a>.
@ -109,7 +109,7 @@ You could also use `from starlette.requests import Request` and `from starlette.
///
## Override the default exception handlers
## Override the default exception handlers { #override-the-default-exception-handlers }
**FastAPI** has some default exception handlers.
@ -117,7 +117,7 @@ These handlers are in charge of returning the default JSON responses when you `r
You can override these exception handlers with your own.
If you want to use the exception along with the same default exception handlers from **FastAPI**, you can import and reuse the default exception handlers from `fastapi.exception_handlers`:
The same way as with regular header parameters, when you have underscore characters in the parameter names, they are **automatically converted to hyphens**.
@ -67,6 +67,6 @@ Before setting `convert_underscores` to `False`, bear in mind that some HTTP pro
///
## Summary
## Summary { #summary }
You can use **Pydantic models** to declare **headers** in **FastAPI**. 😎
You can also add additional metadata for the different tags used to group your path operations with the parameter `openapi_tags`.
@ -52,7 +52,7 @@ Each dictionary can contain:
* `description`: a `str` with a short description for the external docs.
* `url` (**required**): a `str` with the URL for the external documentation.
### Create metadata for tags
### Create metadata for tags { #create-metadata-for-tags }
Let's try that in an example with tags for `users` and `items`.
@ -68,7 +68,7 @@ You don't have to add metadata for all the tags that you use.
///
### Use your tags
### Use your tags { #use-your-tags }
Use the `tags` parameter with your *path operations* (and `APIRouter`s) to assign them to different tags:
@ -80,19 +80,19 @@ Read more about tags in [Path Operation Configuration](path-operation-configurat
///
### Check the docs
### Check the docs { #check-the-docs }
Now, if you check the docs, they will show all the additional metadata:
<imgsrc="/img/tutorial/metadata/image02.png">
### Order of tags
### Order of tags { #order-of-tags }
The order of each tag metadata dictionary also defines the order shown in the docs UI.
For example, even though `users` would go after `items` in alphabetical order, it is shown before them, because we added their metadata as the first dictionary in the list.
## OpenAPI URL
## OpenAPI URL { #openapi-url }
By default, the OpenAPI schema is served at `/openapi.json`.
@ -104,7 +104,7 @@ For example, to set it to be served at `/api/v1/openapi.json`:
If you want to disable the OpenAPI schema completely you can set `openapi_url=None`, that will also disable the documentation user interfaces that use it.
## Docs URLs
## Docs URLs { #docs-urls }
You can configure the two documentation user interfaces included:
You can add middleware to **FastAPI** applications.
@ -19,7 +19,7 @@ If there were any background tasks (covered in the [Background Tasks](background
///
## Create a middleware
## Create a middleware { #create-a-middleware }
To create a middleware you use the decorator `@app.middleware("http")` on top of a function.
@ -49,7 +49,7 @@ You could also use `from starlette.requests import Request`.
///
### Before and after the `response`
### Before and after the `response` { #before-and-after-the-response }
You can add code to be run with the `request`, before any *path operation* receives it.
@ -65,7 +65,7 @@ Here we use <a href="https://docs.python.org/3/library/time.html#time.perf_count
///
## Multiple middleware execution order
## Multiple middleware execution order { #multiple-middleware-execution-order }
When you add multiple middlewares using either `@app.middleware()` decorator or `app.add_middleware()` method, each new middleware wraps the application, forming a stack. The last middleware added is the *outermost*, and the first is the *innermost*.
@ -88,7 +88,7 @@ This results in the following execution order:
This stacking behavior ensures that middlewares are executed in a predictable and controllable order.
## Other middlewares
## Other middlewares { #other-middlewares }
You can later read more about other middlewares in the [Advanced User Guide: Advanced Middleware](../advanced/middleware.md){.internal-link target=_blank}.
If you have a big application, you might end up accumulating **several tags**, and you would want to make sure you always use the **same tag** for related *path operations*.
@ -48,13 +48,13 @@ In these cases, it could make sense to store the tags in an `Enum`.
## Description from docstring { #description-from-docstring }
As descriptions tend to be long and cover multiple lines, you can declare the *path operation* description in the function <abbrtitle="a multi-line string as the first expression inside a function (not assigned to any variable) used for documentation">docstring</abbr> and **FastAPI** will read it from there.
@ -66,7 +66,7 @@ It will be used in the interactive docs:
## Deprecate a *path operation* { #deprecate-a-path-operation }
If you need to mark a *path operation* as <abbrtitle="obsolete, recommended not to use it">deprecated</abbr>, but without removing it, pass the parameter `deprecated`:
@ -102,6 +102,6 @@ Check how deprecated and non-deprecated *path operations* look like:
# Path Parameters and Numeric Validations { #path-parameters-and-numeric-validations }
In the same way that you can declare more validations and metadata for query parameters with `Query`, you can declare the same type of validations and metadata for path parameters with `Path`.
## Import Path
## Import Path { #import-path }
First, import `Path` from `fastapi`, and import `Annotated`:
@ -18,7 +18,7 @@ Make sure you [Upgrade the FastAPI version](../deployment/versions.md#upgrading-
///
## Declare metadata
## Declare metadata { #declare-metadata }
You can declare all the same parameters as for `Query`.
@ -32,7 +32,7 @@ A path parameter is always required as it has to be part of the path. Even if yo
///
## Order the parameters as you need
## Order the parameters as you need { #order-the-parameters-as-you-need }
/// tip
@ -70,7 +70,7 @@ But keep in mind that if you use `Annotated`, you won't have this problem, it wo
### Better with `Annotated` { #better-with-annotated }
Keep in mind that if you use `Annotated`, as you are not using function parameter default values, you won't have this problem, and you probably won't need to use `*`.
With `Query`, `Path` (and others you haven't seen yet) you can declare metadata and string validations in the same ways as with [Query Parameters and String Validations](query-params-str-validations.md){.internal-link target=_blank}.
You can declare path "parameters" or "variables" with the same syntax used by Python format strings:
@ -12,7 +12,7 @@ So, if you run this example and go to <a href="http://127.0.0.1:8000/items/foo"
{"item_id":"foo"}
```
## Path parameters with types
## Path parameters with types { #path-parameters-with-types }
You can declare the type of a path parameter in the function, using standard Python type annotations:
@ -26,7 +26,7 @@ This will give you editor support inside of your function, with error checks, co
///
## Data <abbrtitle="also known as: serialization, parsing, marshalling">conversion</abbr>
## Data <abbrtitle="also known as: serialization, parsing, marshalling">conversion</abbr> { #data-conversion }
If you run this example and open your browser at <ahref="http://127.0.0.1:8000/items/3"class="external-link"target="_blank">http://127.0.0.1:8000/items/3</a>, you will see a response of:
@ -42,7 +42,7 @@ So, with that type declaration, **FastAPI** gives you automatic request <abbr ti
///
## Data validation
## Data validation { #data-validation }
But if you go to the browser at <ahref="http://127.0.0.1:8000/items/foo"class="external-link"target="_blank">http://127.0.0.1:8000/items/foo</a>, you will see a nice HTTP error of:
@ -77,7 +77,7 @@ This is incredibly helpful while developing and debugging code that interacts wi
///
## Documentation
## Documentation { #documentation }
And when you open your browser at <ahref="http://127.0.0.1:8000/docs"class="external-link"target="_blank">http://127.0.0.1:8000/docs</a>, you will see an automatic, interactive, API documentation like:
@ -91,7 +91,7 @@ Notice that the path parameter is declared to be an integer.
///
## Standards-based benefits, alternative documentation
## Standards-based benefits, alternative documentation { #standards-based-benefits-alternative-documentation }
And because the generated schema is from the <ahref="https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.1.0.md"class="external-link"target="_blank">OpenAPI</a> standard, there are many compatible tools.
@ -101,7 +101,7 @@ Because of this, **FastAPI** itself provides an alternative API documentation (u
The same way, there are many compatible tools. Including code generation tools for many languages.
## Pydantic
## Pydantic { #pydantic }
All the data validation is performed under the hood by <ahref="https://docs.pydantic.dev/"class="external-link"target="_blank">Pydantic</a>, so you get all the benefits from it. And you know you are in good hands.
@ -109,7 +109,7 @@ You can use the same type declarations with `str`, `float`, `bool` and many othe
Several of these are explored in the next chapters of the tutorial.
## Order matters
## Order matters { #order-matters }
When creating *path operations*, you can find situations where you have a fixed path.
@ -129,11 +129,11 @@ Similarly, you cannot redefine a path operation:
The first one will always be used since the path matches first.
## Predefined values
## Predefined values { #predefined-values }
If you have a *path operation* that receives a *path parameter*, but you want the possible valid *path parameter* values to be predefined, you can use a standard Python <abbrtitle="Enumeration">`Enum`</abbr>.
### Create an `Enum` class
### Create an `Enum` class { #create-an-enum-class }
Import `Enum` and create a sub-class that inherits from `str` and from `Enum`.
@ -155,29 +155,29 @@ If you are wondering, "AlexNet", "ResNet", and "LeNet" are just names of Machine
///
### Declare a *path parameter*
### Declare a *path parameter* { #declare-a-path-parameter }
Then create a *path parameter* with a type annotation using the enum class you created (`ModelName`):
Let's say you have a *path operation* with a path `/files/{file_path}`.
@ -214,7 +214,7 @@ But you need `file_path` itself to contain a *path*, like `home/johndoe/myfile.t
So, the URL for that file would be something like: `/files/home/johndoe/myfile.txt`.
### OpenAPI support
### OpenAPI support { #openapi-support }
OpenAPI doesn't support a way to declare a *path parameter* to contain a *path* inside, as that could lead to scenarios that are difficult to test and define.
@ -222,7 +222,7 @@ Nevertheless, you can still do it in **FastAPI**, using one of the internal tool
And the docs would still work, although not adding any documentation telling that the parameter should contain a path.
### Path convertor
### Path convertor { #path-convertor }
Using an option directly from Starlette you can declare a *path parameter* containing a *path* using a URL like:
@ -244,7 +244,7 @@ In that case, the URL would be: `/files//home/johndoe/myfile.txt`, with a double
///
## Recap
## Recap { #recap }
With **FastAPI**, by using short, intuitive and standard Python type declarations, you get:
We are going to enforce that even though `q` is optional, whenever it is provided, **its length doesn't exceed 50 characters**.
### Import `Query` and `Annotated`
### Import `Query` and `Annotated` { #import-query-and-annotated }
To achieve that, first import:
@ -39,7 +39,7 @@ Make sure you [Upgrade the FastAPI version](../deployment/versions.md#upgrading-
///
## Use `Annotated` in the type for the `q` parameter
## Use `Annotated` in the type for the `q` parameter { #use-annotated-in-the-type-for-the-q-parameter }
Remember I told you before that `Annotated` can be used to add metadata to your parameters in the [Python Types Intro](../python-types.md#type-hints-with-metadata-annotations){.internal-link target=_blank}?
@ -85,7 +85,7 @@ Both of those versions mean the same thing, `q` is a parameter that can be a `st
Now let's jump to the fun stuff. 🎉
## Add `Query` to `Annotated` in the `q` parameter
## Add `Query` to `Annotated` in the `q` parameter { #add-query-to-annotated-in-the-q-parameter }
Now that we have this `Annotated` where we can put more information (in this case some additional validation), add `Query` inside of `Annotated`, and set the parameter `max_length` to `50`:
@ -107,7 +107,7 @@ FastAPI will now:
* Show a **clear error** for the client when the data is not valid
* **Document** the parameter in the OpenAPI schema *path operation* (so it will show up in the **automatic docs UI**)
## Alternative (old): `Query` as the default value
## Alternative (old): `Query` as the default value { #alternative-old-query-as-the-default-value }
Previous versions of FastAPI (before <abbrtitle="before 2023-03">0.95.0</abbr>) required you to use `Query` as the default value of your parameter, instead of putting it in `Annotated`, there's a high chance that you will see code using it around, so I'll explain it to you.
### Advantages of `Annotated` { #advantages-of-annotated }
**Using `Annotated` is recommended** instead of the default value in function parameters, it is **better** for multiple reasons. 🤓
@ -184,13 +184,13 @@ When you don't use `Annotated` and instead use the **(old) default value style**
Because `Annotated` can have more than one metadata annotation, you could now even use the same function with other tools, like <ahref="https://typer.tiangolo.com/"class="external-link"target="_blank">Typer</a>. 🚀
You can define a <abbrtitle="A regular expression, regex or regexp is a sequence of characters that define a search pattern for strings.">regular expression</abbr>`pattern` that the parameter should match:
@ -206,7 +206,7 @@ If you feel lost with all these **"regular expression"** ideas, don't worry. The
Now you know that whenever you need them you can use them in **FastAPI**.
### Pydantic v1 `regex` instead of `pattern`
### Pydantic v1 `regex` instead of `pattern` { #pydantic-v1-regex-instead-of-pattern }
Before Pydantic version 2 and before FastAPI 0.100.0, the parameter was called `regex` instead of `pattern`, but it's now deprecated.
@ -220,7 +220,7 @@ You could still see some code using it:
But know that this is deprecated and it should be updated to use the new parameter `pattern`. 🤓
## Default values
## Default values { #default-values }
You can, of course, use default values other than `None`.
@ -234,7 +234,7 @@ Having a default value of any type, including `None`, makes the parameter option
///
## Required parameters
## Required parameters { #required-parameters }
When we don't need to declare more validations or metadata, we can make the `q` query parameter required just by not declaring a default value, like:
@ -262,7 +262,7 @@ So, when you need to declare a value as required while using `Query`, you can si
### Required, can be `None` { #required-can-be-none }
You can declare that a parameter can accept `None`, but that it's still required. This would force clients to send a value, even if the value is `None`.
@ -270,7 +270,7 @@ To do that, you can declare that `None` is a valid type but simply do not declar
## Query parameter list / multiple values { #query-parameter-list-multiple-values }
When you define a query parameter explicitly with `Query` you can also declare it to receive a list of values, or said in another way, to receive multiple values.
@ -307,7 +307,7 @@ The interactive API docs will update accordingly, to allow multiple values:
## Exclude parameters from OpenAPI { #exclude-parameters-from-openapi }
To exclude a query parameter from the generated OpenAPI schema (and thus, from the automatic documentation systems), set the parameter `include_in_schema` of `Query` to `False`:
With `data.items()` we get an <abbrtitle="Something we can iterate on with a for loop, like a list, set, etc.">iterable object</abbr> with tuples containing the key and value for each dictionary item.
@ -468,7 +468,7 @@ So, if the user didn't provide an item ID, they will still receive a random sugg
or any other case variation (uppercase, first letter in uppercase, etc), your function will see the parameter `short` with a `bool` value of `True`. Otherwise as `False`.
## Multiple path and query parameters
## Multiple path and query parameters { #multiple-path-and-query-parameters }
You can declare multiple path parameters and query parameters at the same time, **FastAPI** knows which is which.
Create file parameters the same way you would for `Body` or `Form`:
@ -50,7 +50,7 @@ Keep in mind that this means that the whole contents will be stored in memory. T
But there are several cases in which you might benefit from using `UploadFile`.
## File Parameters with `UploadFile`
## File Parameters with `UploadFile` { #file-parameters-with-uploadfile }
Define a file parameter with a type of `UploadFile`:
@ -66,7 +66,7 @@ Using `UploadFile` has several advantages over `bytes`:
* It has a <ahref="https://docs.python.org/3/glossary.html#term-file-like-object"class="external-link"target="_blank">file-like</a>`async` interface.
* It exposes an actual Python <ahref="https://docs.python.org/3/library/tempfile.html#tempfile.SpooledTemporaryFile"class="external-link"target="_blank">`SpooledTemporaryFile`</a> object that you can pass directly to other libraries that expect a file-like object.
### `UploadFile`
### `UploadFile` { #uploadfile }
`UploadFile` has the following attributes:
@ -109,7 +109,7 @@ When you use the `async` methods, **FastAPI** runs the file methods in a threadp
///
## What is "Form Data"
## What is "Form Data" { #what-is-form-data }
The way HTML forms (`<form></form>`) sends the data to the server normally uses a "special" encoding for that data, it's different from JSON.
@ -133,19 +133,19 @@ This is not a limitation of **FastAPI**, it's part of the HTTP protocol.
///
## Optional File Upload
## Optional File Upload { #optional-file-upload }
You can make a file optional by using standard type annotations and setting a default value of `None`:
## Forbid Extra Form Fields { #forbid-extra-form-fields }
In some special use cases (probably not very common), you might want to **restrict** the form fields to only those declared in the Pydantic model. And **forbid** any **extra** fields.
@ -73,6 +73,6 @@ They will receive an error response telling them that the field `extra` is not a
}
```
## Summary
## Summary { #summary }
You can use Pydantic models to declare form fields in FastAPI. 😎
Motov Yurii
1 day ago
GitHub