FastAPI Backend API¶
This project implements a Backend API using FastAPI, following a modular architecture and leveraging dependency injection as the primary mechanism for authentication, authorization, and cross-cutting concerns.
π§ Responsibilities of This API¶
- Expose RESTful HTTP endpoints
- Handle request validation and response serialization
- Enforce authentication and authorization via dependency injection
- Orchestrate domain services and business workflows
- Interact with persistence layers through repositories
- Provide structured logging and observability
π« Non-Responsibilities¶
- UI rendering
- Client-side state management
- Certificate or TLS management
- Infrastructure provisioning
- Hardcoded secrets or credentials
The API must remain stateless and focused on application-level concerns.
π Security Considerations¶
- Authentication is implemented using FastAPI dependency injection
- Authorization rules are enforced at the router or endpoint level
- Security dependencies are reusable and composable
- Secrets and credentials are injected via environment variables
- No secrets are stored in source code or configuration files
Typical authentication mechanisms include: - JWT Bearer tokens - OAuth2 flows - External identity providers
π± Dependency Injection Strategy¶
FastAPI dependencies are used to:
- Resolve the authenticated user
- Validate access tokens
- Enforce authorization rules
- Inject repositories and services
- Centralize cross-cutting concerns (logging, tracing)
This ensures: - Loose coupling - High testability - Clear separation of concerns
π Recommended Folder Structure¶
(FastAPI + Dependency Injection)
This structure promotes clean architecture, maintainability, and scalability, aligning with FastAPI best practices.
app/
β
ββ dependencies/ # FastAPI dependency providers
β ββ auth.py # Authentication dependencies
β ββ permissions.py # Authorization rules
β ββ database.py # DB session dependencies
β
ββ internal/ # Internal application configuration
β ββ config.py # App settings and environment config
β ββ README.md # Internal architecture notes
β
ββ migrations/ # Database migrations
β
ββ models/ # Domain and ORM models
β
ββ repositories/ # Data access layer
β
ββ routers/ # API route definitions
β ββ auth.py # Auth-related endpoints
β ββ users.py # User endpoints
β ββ health.py # Health checks
β
ββ schemes/ # Request and response schemas (Pydantic)
β
ββ services/ # Business logic and use cases
β
ββ utils/ # Cross-cutting utilities
β ββ constants/
β β ββ app.py # Application-level constants
β β ββ environment.py # Environment names and keys
β β ββ messages.py # Standard messages and errors
β β
β ββ handlers/ # Exception and error handlers
β ββ helpers/
β ββ functions.py # Shared helper functions
β
ββ __init__.py
β
ββ main.py # FastAPI application entry point
β
ββ logs/ # Application logs (runtime-generated)
β
ββ .dockerignore
ββ .env # Local environment variables (not committed)
ββ .env.sample # Environment variable template
β
ββ Dockerfile_develop # Development container image
ββ Dockerfile_production # Production container image
β
ββ entrypoint_develop.sh # Dev container startup script
ββ entrypoint_production.sh # Prod container startup script
β
ββ requirements_base.txt # Base dependencies
ββ requirements_develop.txt # Development dependencies
ββ requirements_production.txt # Production dependencies
β
ββ sshd_config # SSH configuration (if required)
ββ README.md # API overview and usage