Secure API Key & Access Management Service (SAKMS) built with FastAPI, MariaDB, SQLAlchemy 2, and strict type-safe Python.
This project provides a minimal yet production-ready foundation for:
- Secure API key issuance
- JWT authentication
- Key revocation & management
- Strong typing (Pydantic v2 + SQLAlchemy 2)
- OpenAPI / Swagger documentation
- Modern Python packaging using uv
- FastAPI RESTful API
- Automatic Swagger & ReDoc documentation
- JWT-based authentication
- Secure API key generation & hashing (Argon2)
- MariaDB / MySQL compatible
- Fully type-safe Python (no
Any) - Clean layered architecture (Router → Service → Model)
- Modern dependency management via
uv - Production-ready structure
- Python 3.12+
- FastAPI
- SQLAlchemy 2 (Typed ORM)
- Pydantic v2
- MariaDB / MySQL
- Argon2 (passlib)
- python-jose (JWT)
- uv (modern package manager)
fastapi-sakms/
│
├── app/
│ ├── main.py
│ ├── config.py
│ ├── database.py
│ ├── security.py
│ │
│ ├── models/
│ ├── schemas/
│ ├── services/
│ └── routers/
│
├── pyproject.toml
├── uv.lock
└── README.md
- Python 3.12+
- MariaDB / MySQL
uvpackage manager
Install uv if not installed:
pip install uvor
curl -Ls https://astral.sh/uv/install.sh | shCREATE DATABASE sakms CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;Update database URL in environment (optional):
export DB_URL="mysql+pymysql://root:password@127.0.0.1:3306/sakms"uv syncuv run uvicorn app.main:app --reloadSwagger UI:
http://127.0.0.1:8000/docs
ReDoc:
http://127.0.0.1:8000/redoc
POST /auth/register
POST /auth/login
POST /keys?token=YOUR_JWT
GET /keys?token=YOUR_JWT
POST /keys/{id}/revoke?token=YOUR_JWT
- API keys are hashed using Argon2
- Raw keys are shown only once during creation
- JWT tokens are signed securely
- Never commit
.envor secrets
Run with auto reload:
uv run uvicorn app.main:app --reload- Use Alembic migrations
- Add Redis rate limiting
- Enable HTTPS
- Use Docker
- Add RBAC / scopes
- Add audit logging
- Add async DB driver
- Add tests + CI/CD
MIT License
Seyyed Ali Mohammadiyeh (Max Base) 2026