Skip to content

FastAPI Backend API

This project implements a Backend API using FastAPI, following a modular architecture and leveraging dependency injection as the primary mechanism for authentication, authorization, and cross-cutting concerns.


🧭 Responsibilities of This API

  • Expose RESTful HTTP endpoints
  • Handle request validation and response serialization
  • Enforce authentication and authorization via dependency injection
  • Orchestrate domain services and business workflows
  • Interact with persistence layers through repositories
  • Provide structured logging and observability

🚫 Non-Responsibilities

  • UI rendering
  • Client-side state management
  • Certificate or TLS management
  • Infrastructure provisioning
  • Hardcoded secrets or credentials

The API must remain stateless and focused on application-level concerns.


πŸ” Security Considerations

  • Authentication is implemented using FastAPI dependency injection
  • Authorization rules are enforced at the router or endpoint level
  • Security dependencies are reusable and composable
  • Secrets and credentials are injected via environment variables
  • No secrets are stored in source code or configuration files

Typical authentication mechanisms include: - JWT Bearer tokens - OAuth2 flows - External identity providers


🌱 Dependency Injection Strategy

FastAPI dependencies are used to:

  • Resolve the authenticated user
  • Validate access tokens
  • Enforce authorization rules
  • Inject repositories and services
  • Centralize cross-cutting concerns (logging, tracing)

This ensures: - Loose coupling - High testability - Clear separation of concerns


(FastAPI + Dependency Injection)

This structure promotes clean architecture, maintainability, and scalability, aligning with FastAPI best practices.


app/
β”‚
β”œβ”€ dependencies/                       # FastAPI dependency providers
β”‚  β”œβ”€ auth.py                          # Authentication dependencies
β”‚  β”œβ”€ permissions.py                  # Authorization rules
β”‚  └─ database.py                     # DB session dependencies
β”‚
β”œβ”€ internal/                           # Internal application configuration
β”‚  β”œβ”€ config.py                       # App settings and environment config
β”‚  └─ README.md                       # Internal architecture notes
β”‚
β”œβ”€ migrations/                         # Database migrations
β”‚
β”œβ”€ models/                             # Domain and ORM models
β”‚
β”œβ”€ repositories/                      # Data access layer
β”‚
β”œβ”€ routers/                           # API route definitions
β”‚  β”œβ”€ auth.py                         # Auth-related endpoints
β”‚  β”œβ”€ users.py                        # User endpoints
β”‚  └─ health.py                       # Health checks
β”‚
β”œβ”€ schemes/                           # Request and response schemas (Pydantic)
β”‚
β”œβ”€ services/                          # Business logic and use cases
β”‚
β”œβ”€ utils/                             # Cross-cutting utilities
β”‚  β”œβ”€ constants/
β”‚  β”‚  β”œβ”€ app.py                       # Application-level constants
β”‚  β”‚  β”œβ”€ environment.py               # Environment names and keys
β”‚  β”‚  └─ messages.py                  # Standard messages and errors
β”‚  β”‚
β”‚  β”œβ”€ handlers/                       # Exception and error handlers
β”‚  └─ helpers/
β”‚     └─ functions.py                 # Shared helper functions
β”‚
β”œβ”€ __init__.py
β”‚
β”œβ”€ main.py                            # FastAPI application entry point
β”‚
β”œβ”€ logs/                              # Application logs (runtime-generated)
β”‚
β”œβ”€ .dockerignore
β”œβ”€ .env                               # Local environment variables (not committed)
β”œβ”€ .env.sample                        # Environment variable template
β”‚
β”œβ”€ Dockerfile_develop                 # Development container image
β”œβ”€ Dockerfile_production              # Production container image
β”‚
β”œβ”€ entrypoint_develop.sh              # Dev container startup script
β”œβ”€ entrypoint_production.sh           # Prod container startup script
β”‚
β”œβ”€ requirements_base.txt              # Base dependencies
β”œβ”€ requirements_develop.txt           # Development dependencies
β”œβ”€ requirements_production.txt        # Production dependencies
β”‚
β”œβ”€ sshd_config                        # SSH configuration (if required)
└─ README.md                          # API overview and usage