[Reference](https://blog.stackademic.com/securing-apis-with-fastapi-489c3d4d1ea0)

# Setting up HTTPS

In [1]:
# # 1. Installing Nginx :
# sudo apt update
# sudo apt install nginx

# # 2. Obtaining an SSL certificate :
# sudo apt install certbot python3-certbot-nginx
# sudo certbot --nginx

# # 3. Configuring Nginx :
# server {
#     listen 80;
#     server_name yourdomain.com;
#     return 301 https://$host$request_uri;
# }

# server {
#     listen 443 ssl;
#     server_name yourdomain.com;

#     ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
#     ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

#     location / {
#         proxy_pass http://127.0.0.1:8000;
#         proxy_set_header Host $host;
#         proxy_set_header X-Real-IP $remote_addr;
#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#         proxy_set_header X-Forwarded-Proto $scheme;
#     }
# }

# # 4. Restart Nginx :
# sudo systemctl restart nginx

# Configuring CORS (Cross-Origin Resource Sharing)

In [3]:
# 1. Install the CORS middleware :
!pip install fastapi[all]

Collecting fastapi[all]
  Downloading fastapi-0.115.2-py3-none-any.whl.metadata (27 kB)
Collecting starlette<0.41.0,>=0.37.2 (from fastapi[all])
  Downloading starlette-0.40.0-py3-none-any.whl.metadata (6.0 kB)
Collecting fastapi-cli>=0.0.5 (from fastapi-cli[standard]>=0.0.5; extra == "all"->fastapi[all])
  Downloading fastapi_cli-0.0.5-py3-none-any.whl.metadata (7.0 kB)
Collecting httpx>=0.23.0 (from fastapi[all])
  Downloading httpx-0.27.2-py3-none-any.whl.metadata (7.1 kB)
Collecting python-multipart>=0.0.7 (from fastapi[all])
  Downloading python_multipart-0.0.12-py3-none-any.whl.metadata (1.9 kB)
Collecting ujson!=4.0.2,!=4.1.0,!=4.2.0,!=4.3.0,!=5.0.0,!=5.1.0,>=4.0.1 (from fastapi[all])
  Downloading ujson-5.10.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (9.3 kB)
Collecting orjson>=3.2.1 (from fastapi[all])
  Downloading orjson-3.10.7-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (50 kB)
[2K     [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

In [4]:
# 2. Configure CORS in your FastAPI application :
from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware

app = FastAPI()

origins = [
    "http://localhost",
    "http://localhost:8080",
    "https://yourdomain.com"
]

app.add_middleware(
    CORSMiddleware,
    allow_origins=origins,
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)

In [5]:
# 3. Authentication and authorisation
# Install PyJWT :
! pip install pyjwt



In [6]:
# Create functions to generate and verify JWT tokens :
import jwt
from datetime import datetime, timedelta

SECRET_KEY = "your_secret_key"
ALGORITHM = "HS256"

def create_access_token(data: dict, expires_delta: timedelta = None):
    to_encode = data.copy()
    if expires_delta:
        expire = datetime.utcnow() + expires_delta
    else:
        expire = datetime.utcnow() + timedelta(minutes=15)
    to_encode.update({"exp": expire})
    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
    return encoded_jwt

def verify_token(token: str):
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        return payload
    except jwt.ExpiredSignatureError:
        return None
    except jwt.InvalidTokenError:
        return None

In [7]:
# Protecting endpoints with dependencies :
from fastapi import Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")

def get_current_user(token: str = Depends(oauth2_scheme)):
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": "Bearer"},
    )
    payload = verify_token(token)
    if payload is None:
        raise credentials_exception
    return payload

@app.get("/users/me")
async def read_users_me(current_user: dict = Depends(get_current_user)):
    return current_user

In [8]:
# Rate Limiting
!pip install slowapi

Collecting slowapi
  Downloading slowapi-0.1.9-py3-none-any.whl.metadata (3.0 kB)
Collecting limits>=2.3 (from slowapi)
  Downloading limits-3.13.0-py3-none-any.whl.metadata (7.2 kB)
Downloading slowapi-0.1.9-py3-none-any.whl (14 kB)
Downloading limits-3.13.0-py3-none-any.whl (45 kB)
[2K   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m45.5/45.5 kB[0m [31m1.9 MB/s[0m eta [36m0:00:00[0m
[?25hInstalling collected packages: limits, slowapi
Successfully installed limits-3.13.0 slowapi-0.1.9


In [9]:
# Configuring rate limiting in FastAPI :
from slowapi import Limiter
from slowapi.util import get_remote_address
from slowapi.middleware import SlowAPIMiddleware

limiter = Limiter(key_func=get_remote_address)

app = FastAPI()
app.state.limiter = limiter
app.add_middleware(SlowAPIMiddleware)

@app.get("/items/{item_id}")
@limiter.limit("5/minute")
async def read_item(item_id: int):
    return {"item_id": item_id}