Book Image

Building Python Web APIs with FastAPI

By : Abdulazeez Abdulazeez Adeshina
Book Image

Building Python Web APIs with FastAPI

By: Abdulazeez Abdulazeez Adeshina

Overview of this book

RESTful web services are commonly used to create APIs for web-based applications owing to their light weight and high scalability. This book will show you how FastAPI, a high-performance web framework for building RESTful APIs in Python, allows you to build robust web APIs that are simple and intuitive and makes it easy to build quickly with very little boilerplate code. This book will help you set up a FastAPI application in no time and show you how to use FastAPI to build a REST API that receives and responds to user requests. You’ll go on to learn how to handle routing and authentication while working with databases in a FastAPI application. The book walks you through the four key areas: building and using routes for create, read, update, and delete (CRUD) operations; connecting the application to SQL and NoSQL databases; securing the application built; and deploying your application locally or to a cloud environment. By the end of this book, you’ll have developed a solid understanding of the FastAPI framework and be able to build and deploy robust REST APIs.
Table of Contents (14 chapters)
Part 1: An Introduction to FastAPI
Part 2: Building and Securing FastAPI Applications
Part 3: Testing And Deploying FastAPI Applications

Securing the application with OAuth2 and JWT

In this section, we’ll build out the authentication system for the event planner application. We’ll be making use of the OAuth2 password flow, which requires the client to send a username and password as form data. The username in our case is the email used when creating an account.

When the form data is sent to the server from the client, an access token, which is a signed JWT, is sent as a response. Usually, a background check is done to validate the credentials sent to the server before creating a token to allow further authorization. To authorize the authenticated user, the JWT is prefixed with Bearer when sent via the header to authorize the action on the server.

What Is a JWT and Why Is It Signed?

A JWT is an encoded string usually containing a dictionary housing a payload, a signature, and its algorithm. JWTs are signed using a unique key known only to the server and client to avoid the encoded string being...