## what is API and How It works

![what is api](https://github.com/Khalil-Haider/Backend/raw/main/Fastapi/fastapi_svg_image/WHAT%20IS%20api.jpg)

## FastApi

![FastAPI](https://github.com/Khalil-Haider/Backend/raw/main/Fastapi/fastapi_svg_image/fastapi.svg)

## FastAPI implementation

![FastAPI implementation](https://github.com/Khalil-Haider/Backend/raw/main/Fastapi/fastapi_svg_image/fastapi%20implementation.jpg)

## Project standard structure 

### simple

![Simple STR](https://github.com/Khalil-Haider/Backend/raw/main/Fastapi/fastapi_svg_image/simple_fastapi_project_str.svg)

### complex

# 📂 FastAPI Project Structure

```bash
my_fastapi_project/
├── app/
│   ├── __init__.py
│   ├── main.py                 # FastAPI app entry point
│   ├── core/
│   │   ├── __init__.py
│   │   ├── config.py            # Configuration settings
│   │   ├── security.py          # Authentication & authorization
│   │   └── database.py          # Database connection
│   ├── api/
│   │   ├── __init__.py
│   │   ├── deps.py              # Dependencies
│   │   └── v1/
│   │       ├── __init__.py
│   │       ├── api.py           # API router
│   │       └── endpoints/
│   │           ├── __init__.py
│   │           ├── users.py     # User endpoints
│   │           ├── items.py     # Item endpoints
│   │           └── auth.py      # Authentication endpoints
│   ├── models/
│   │   ├── __init__.py
│   │   ├── user.py              # User model
│   │   ├── item.py              # Item model
│   │   └── base.py              # Base model class
│   ├── schemas/
│   │   ├── __init__.py
│   │   ├── user.py              # User Pydantic schemas
│   │   ├── item.py              # Item Pydantic schemas
│   │   └── token.py             # Token schemas
│   ├── crud/
│   │   ├── __init__.py
│   │   ├── base.py              # Base CRUD operations
│   │   ├── user.py              # User CRUD operations
│   │   └── item.py              # Item CRUD operations
│   ├── services/
│   │   ├── __init__.py
│   │   ├── user_service.py      # User business logic
│   │   └── email_service.py     # Email service
│   ├── utils/
│   │   ├── __init__.py
│   │   └── helpers.py           # Utility functions
│   └── tests/
│       ├── __init__.py
│       ├── conftest.py          # Test configuration
│       ├── test_main.py         # Main app tests
│       └── api/
│           ├── __init__.py
│           └── test_users.py    # User endpoint tests
├── alembic/                     # Database migrations
│   ├── versions/
│   ├── env.py
│   └── script.py.mako
├── alembic.ini
├── requirements.txt
├── .env                         # Environment variables
├── .gitignore
├── Dockerfile
├── docker-compose.yml
└── README.md


## Http Method

![HTTP Method](https://github.com/Khalil-Haider/Backend/raw/main/Fastapi/fastapi_svg_image/https_method.svg)

## Core API Data Input Method 

![Core Api Concept](https://github.com/Khalil-Haider/Backend/raw/main/Fastapi/fastapi_svg_image/Core_API_concept.svg)

## FastAPI_parameter_tools_classes

![FastAPI_parameter_tools_classes](https://github.com/Khalil-Haider/Backend/raw/main/Fastapi/fastapi_svg_image/FastAPI_parameter_tools_classes.svg)

# Htts Status code 

![http_status_code](https://github.com/Khalil-Haider/Backend/raw/main/Fastapi/fastapi_svg_image/http_status_code.svg)

## FastAPi data validation

![data_validation](https://github.com/Khalil-Haider/Backend/raw/main/Fastapi/fastapi_svg_image/data_validation.svg)

### path Parameter

**PATH OPERATIONS & ROUTING**

| Concept | Description | Example | Notes |
|---------|-------------|---------|-------|
| **Static Paths** | Fixed URL segments | `@app.get("/users/")` | Exact match required |
| **Path Parameters** | Dynamic URL segments | `@app.get("/users/{user_id}")` | Captured as function parameters |
| **Path Parameter Types** | Type conversion for path params | `@app.get("/items/{item_id:int}")` | Built-in converters |
| **Multiple Path Parameters** | Multiple dynamic segments | `@app.get("/users/{user_id}/items/{item_id}")` | Order matters in function signature |
| **Path Parameter Validation** | Constraints on path params | `Path(..., gt=0, le=1000)` | Using Path() function |
| **Wildcard Paths** | Catch-all path segments | `@app.get("/files/{file_path:path}")` | Captures remaining path |

#### Static Paths
**Fixed URL segments that never change**

**Key Points:**

- URL must match exactly
- No dynamic parts
- Simple and predictable
- Each decorator (@pp.) corresponds to an HTTP method
- Functions define what happens when endpoint is called
- Return values are automatically converted to JSON

In [None]:
@app.get("/users")
def get_users():
    return {"users": ["alice", "bob", "charlie"]}

#### Path Parameters
**Dynamic parts of the URL captured as variables**

**Key Points:**

- Curly braces `{}` define dynamic segments
- Parameter name must match function argument
- Default type is string

In [None]:
@app.get("/users/{user_id}")
def get_user(user_id: str):
    return {"user_id": user_id}

#### Path Parameter Types
**Type conversion for path parameters**

In [None]:
@app.get("/users/{user_id}")
def get_user(user_id: int):  # Automatically converts to int
    return {"user_id": user_id, "type": type(user_id).__name__}

@app.get("/items/{item_id}")
def get_item(item_id: int):
    return {"item_id": item_id}

# Built-in type converters
@app.get("/files/{file_id}")
def get_file(file_id: float):
    return {"file_id": file_id}



**Common Types:**
- `int` - Integer numbers
- `float` - Decimal numbers  
- `str` - Strings (default)
- `bool` - Boolean values

#### Multiple Path Parameters
**Multiple dynamic segments in one path**

In [None]:
@app.get("/users/{user_id}/items/{item_id}")
def get_user_item(user_id: int, item_id: int):
    return {
        "user_id": user_id,
        "item_id": item_id,
        "message": f"Item {item_id} for user {user_id}"
    }

**Key Points:**
- Order of parameters matters
- Each parameter gets its own function argument
- Mix different types as needed

#### Path Parameter Validation
**Adding constraints and validation to path parameters**

In [None]:
from fastapi import Path

@app.get("/items/{item_id}")
def get_item(
    item_id: int = Path(..., gt=0, description="The ID of the item")
):
    return {"item_id": item_id}

@app.get("/products/{product_name}")
def get_product(
    product_name: str = Path(..., min_length=3, max_length=50)
):
    return {"product_name": product_name}

**Validation Options:**
- `gt` - Greater than
- `ge` - Greater than or equal
- `lt` - Less than
- `le` - Less than or equal
- `min_length` - Minimum string length
- `max_length` - Maximum string length

#### Wildcard Paths
**Capture remaining path segments**

In [None]:
@app.get("/files/{file_path:path}")
def get_file(file_path: str):
    return {"file_path": file_path}

# Examples of what this matches:
# /files/documents/report.pdf → file_path = "documents/report.pdf"
# /files/images/photos/vacation.jpg → file_path = "images/photos/vacation.jpg"

**Key Points:**
- `:path` captures everything including forward slashes
- Useful for file systems or nested resources
- Always comes at the end of the path

#### Path Operation Order
**Order matters when defining similar paths**

In [None]:
# ✅ CORRECT ORDER - Specific first
@app.get("/users/me")           # Static - matches first
def get_current_user():
    return {"user": "current_user"}

@app.get("/users/{user_id}")    # Dynamic - matches after
def get_user(user_id: int):
    return {"user_id": user_id}

# ❌ WRONG ORDER - Dynamic would catch everything
# @app.get("/users/{user_id}")  # This would match "/users/me" too!
# @app.get("/users/me")         # This would never be reached

**Key Rule:** 
- Define more specific paths before general ones

### Query parameter

**QUERY PARAMETERS**

| Concept | Description | Example | Default Behavior |
|---------|-------------|---------|------------------|
| **Basic Query Parameters** | URL parameters after ? | `def read_items(skip: int = 0):` | Optional with default values |
| **Required Query Parameters** | Mandatory query params | `def read_items(q: str):` | No default value = required |
| **Multiple Query Parameters** | Several query params | `def read_items(q: str, skip: int = 0, limit: int = 10):` | Combined in any order |
| **Query Parameter Types** | Type conversion | `skip: int`, `active: bool` | Automatic validation |
| **Query Parameter Validation** | Constraints on query params | `Query(..., min_length=3, max_length=50)` | Using Query() function |
| **Optional Query Parameters** | Nullable parameters | `q: Optional[str] = None` | Union types |
| **List Query Parameters** | Multiple values for same param | `tags: List[str] = Query([])` | ?tags=foo&tags=bar |

#### Basic Query Parameters

**URL parameters that come after the `?` symbol**

In [None]:

@app.get("/items/")
def read_items(skip: int = 0, limit: int = 10):
    return {"skip": skip, "limit": limit}

# URL: /items/?skip=5&limit=20
# Result: {"skip": 5, "limit": 20}

**Key Points:**
- Query parameters appear after `?` in URL
- Separated by `&` symbol
- Function parameters with default values become optional query params
- FastAPI automatically extracts and converts them

#### Required Query Parameters

**Parameters without default values are mandatory**

In [None]:
@app.get("/search/")
def search_items(q: str):  # No default = required
    return {"query": q, "message": f"Searching for: {q}"}

# ✅ Valid: /search/?q=python
# ❌ Invalid: /search/ (missing required parameter)

@app.get("/users/")
def get_users(country: str, city: str = "any"):
    return {"country": country, "city": city}

# ✅ Valid: /users/?country=USA
# ✅ Valid: /users/?country=USA&city=NewYork
# ❌ Invalid: /users/ (missing required 'country')

**Key Points:**
- No default value = required parameter
- FastAPI returns 422 error if required params are missing
- Mix required and optional parameters freely

#### Multiple Query Parameters

**Combine several query parameters in one endpoint**

In [None]:
@app.get("/products/")
def get_products(
    category: str = "all",
    min_price: float = 0.0,
    max_price: float = 1000.0,
    in_stock: bool = True
):
    return {
        "category": category,
        "price_range": f"{min_price}-{max_price}",
        "in_stock": in_stock
    }

# Examples:
# /products/
# /products/?category=electronics
# /products/?category=books&min_price=10&max_price=50
# /products/?in_stock=false&category=clothing

**Key Points:**
- Parameters can be provided in any order
- Only provide the ones you want to change
- All have sensible defaults

####  Query Parameter Types

**Automatic type conversion and validation**

In [None]:
@app.get("/filter/")
def filter_items(
    page: int = 1,           # Integer
    size: int = 10,          # Integer
    price: float = 0.0,      # Float
    active: bool = True,     # Boolean
    name: str = ""           # String
):
    return {
        "page": page,
        "size": size, 
        "price": price,
        "active": active,
        "name": name,
        "types": {
            "page": type(page).__name__,
            "price": type(price).__name__,
            "active": type(active).__name__
        }
    }

# Boolean examples:
# ?active=true, ?active=True, ?active=1, ?active=yes → True
# ?active=false, ?active=False, ?active=0, ?active=no → False

**Supported Types:**
- `int` - Integers
- `float` - Decimal numbers
- `bool` - Boolean values (flexible parsing)
- `str` - Strings (default)

#### Query Parameter Validation

**Adding constraints and validation using Query()**

In [None]:
from fastapi import Query

@app.get("/items/")
def read_items(
    q: str = Query(None, min_length=3, max_length=50),
    page: int = Query(1, gt=0, le=100),
    size: int = Query(10, gt=0, le=100)
):
    return {"query": q, "page": page, "size": size}

@app.get("/search/")
def search(
    keyword: str = Query(..., min_length=2, description="Search keyword"),
    category: str = Query("all", regex="^(all|books|electronics|clothing)$")
):
    return {"keyword": keyword, "category": category}

**Validation Options:**
- `min_length` / `max_length` - String length limits
- `gt` / `ge` / `lt` / `le` - Numeric comparisons
- `regex` - Pattern matching for strings
- `description` - Documentation for API docs
- `...` - Required parameter (alternative to no default)

#### Optional Query Parameters

**Parameters that can be None**

In [None]:
from typing import Optional

@app.get("/items/")
def read_items(
    q: Optional[str] = None,
    category: Optional[str] = None,
    min_price: Optional[float] = None
):
    filters = {}
    if q:
        filters["search"] = q
    if category:
        filters["category"] = category
    if min_price is not None:
        filters["min_price"] = min_price
    
    return {"filters": filters}

# Examples:
# /items/ → {"filters": {}}
# /items/?q=python → {"filters": {"search": "python"}}
# /items/?category=books&min_price=0 → {"filters": {"category": "books", "min_price": 0.0}}

**Key Points:**
- Use `Optional[Type]` for nullable parameters
- Check `if value:` for strings and lists
- Check `if value is not None:` for numbers that could be 0

#### 
## 7. List Query Parameters

**Accept multiple values for the same parameter**

In [None]:
from typing import List

@app.get("/items/")
def read_items(
    tags: List[str] = Query([]),
    categories: List[str] = Query(["all"])
):
    return {"tags": tags, "categories": categories}

# URL Examples:
# /items/?tags=python&tags=fastapi&tags=web
# Result: {"tags": ["python", "fastapi", "web"], "categories": ["all"]}

# Alternative syntax (some clients):
# /items/?tags=python,fastapi,web

@app.get("/filter/")  
def filter_by_ids(item_ids: List[int] = Query([])):
    return {"filtering_by_ids": item_ids}

# /filter/?item_ids=1&item_ids=5&item_ids=10
# Result: {"filtering_by_ids": [1, 5, 10]}

**Key Points:**
- Use `List[Type]` annotation
- Same parameter name repeated in URL
- Empty list `[]` as default for optional lists

#### Query vs Path Parameters

**When to use each type**

In [None]:
# Path parameters - identify specific resources
@app.get("/users/{user_id}/posts/{post_id}")
def get_user_post(user_id: int, post_id: int):
    return {"user_id": user_id, "post_id": post_id}

# Query parameters - filter, paginate, or configure
@app.get("/users/{user_id}/posts/")
def get_user_posts(
    user_id: int,  # Path parameter
    published: bool = True,  # Query parameter
    limit: int = 10  # Query parameter
):
    return {
        "user_id": user_id,
        "filters": {"published": published, "limit": limit}
    }

**Guidelines:**
- **Path parameters:** Resource identification (required, part of the URL structure)
- **Query parameters:** Filtering, pagination, optional configuration

**Best Practices:**
- Provide sensible defaults for optional parameters
- Use validation to prevent invalid data
- Keep parameter names consistent across endpoints
- Document complex parameters with descriptions
- Use enums for limited choice parameters

### REQUEST BODY & DATA MODELS

| Concept | Description | Example | Purpose |
|---------|-------------|---------|---------|
| **Pydantic Models** | Data validation and serialization | `class Item(BaseModel): name: str` | Type-safe data structures |
| **Request Body** | JSON payload in requests | `def create_item(item: Item):` | POST/PUT/PATCH data |
| **Nested Models** | Models within models | `class User(BaseModel): items: List[Item]` | Complex data structures |
| **Model Validation** | Automatic data validation | Field validators, custom validators | Data integrity |
| **Model Serialization** | Convert models to JSON | Automatic with response_model | API responses |
| **Field Validation** | Individual field constraints | `Field(..., min_length=1, max_length=100)` | Granular validation |
| **Custom Validators** | Custom validation logic | `@validator('email')` | Business rules |
| **Model Config** | Model behavior configuration | `class Config: orm_mode = True` | ORM integration |

#### Pydantic Models Basics

**Type-safe data structures using Pydantic BaseModel**

In [None]:
from fastapi import FastAPI
from pydantic import BaseModel
from typing import Optional

app = FastAPI()

class Item(BaseModel):
    name: str
    description: Optional[str] = None
    price: float
    is_active: bool = True

# Usage in endpoint
@app.post("/items/")
def create_item(item: Item):
    return {"message": f"Created item: {item.name}", "item": item}

**Key Points:**
- Inherits from `BaseModel`
- Type annotations define field types
- Optional fields have default values
- Automatic JSON validation and parsing

#### Request Body in Different HTTP Methods

**Using models in POST, PUT, and PATCH requests**

In [None]:
class User(BaseModel):
    username: str
    email: str
    full_name: Optional[str] = None
    is_active: bool = True

@app.post("/users/")
def create_user(user: User):
    return {"message": "User created", "user": user}

@app.put("/users/{user_id}")
def update_user(user_id: int, user: User):
    return {"user_id": user_id, "updated_user": user}

@app.patch("/users/{user_id}")
def partial_update_user(user_id: int, user: User):
    # Only provided fields will be updated
    return {"user_id": user_id, "changes": user.dict(exclude_unset=True)}

# PATCH request body (partial update):
# {
#   "full_name": "John Doe"
# }

**Key Points:**
- POST: Create new resources
- PUT: Full update (all fields)
- PATCH: Partial update (some fields)
- `exclude_unset=True` shows only provided fields

#### Field Validation with Field()

**Adding constraints and validation to individual fields**

In [None]:
from pydantic import BaseModel, Field
from typing import Optional

class Product(BaseModel):
    name: str = Field(..., min_length=1, max_length=100, description="Product name")
    price: float = Field(..., gt=0, le=10000, description="Product price in USD")
    quantity: int = Field(0, ge=0, description="Available quantity")
    category: str = Field(..., regex="^(electronics|books|clothing|food)$")
    tags: Optional[str] = Field(None, max_length=200)

@app.post("/products/")
def create_product(product: Product):
    return {"product": product}

**Field Validation Options:**
- `min_length` / `max_length` - String length
- `gt` / `ge` / `lt` / `le` - Numeric comparisons
- `regex` - Pattern matching
- `description` - Field documentation
- `...` - Required field indicator

#### Nested Models

**Models containing other models for complex data structures**

In [None]:
from typing import List, Optional

class Address(BaseModel):
    street: str
    city: str
    country: str
    postal_code: str

class Item(BaseModel):
    name: str
    price: float

class Order(BaseModel):
    order_id: int
    customer_name: str
    customer_email: str
    shipping_address: Address  # Nested model
    items: List[Item]  # List of nested models
    total_amount: float
    notes: Optional[str] = None

@app.post("/orders/")
def create_order(order: Order):
    return {
        "message": "Order created",
        "order_id": order.order_id,
        "customer": order.customer_name,
        "item_count": len(order.items),
        "total": order.total_amount
    }

**Key Points:**
- Use other models as field types
- `List[Model]` for arrays of objects
- Nested validation applies to all levels
- Complex JSON structures become type-safe

#### Custom Validators

**Adding business logic validation with custom methods**

In [None]:
from pydantic import BaseModel, validator, Field
import re

class User(BaseModel):
    username: str = Field(..., min_length=3, max_length=20)
    email: str
    age: int = Field(..., ge=13, le=120)
    password: str = Field(..., min_length=8)
    confirm_password: str

    @validator('email')
    def validate_email(cls, v):
        if '@' not in v or '.' not in v.split('@')[-1]:
            raise ValueError('Invalid email format')
        return v.lower()  # Convert to lowercase

    @validator('username')
    def validate_username(cls, v):
        if not re.match(r'^[a-zA-Z0-9_]+$', v):
            raise ValueError('Username can only contain letters, numbers, and underscores')
        return v

    @validator('confirm_password')
    def passwords_match(cls, v, values):
        if 'password' in values and v != values['password']:
            raise ValueError('Passwords do not match')
        return v

    @validator('password')
    def validate_password(cls, v):
        if not re.search(r'[A-Z]', v):
            raise ValueError('Password must contain at least one uppercase letter')
        if not re.search(r'[a-z]', v):
            raise ValueError('Password must contain at least one lowercase letter')
        if not re.search(r'\d', v):
            raise ValueError('Password must contain at least one digit')
        return v

@app.post("/register/")
def register_user(user: User):
    # Password confirmation not needed in response
    user_data = user.dict()
    del user_data['confirm_password']
    return {"message": "User registered successfully", "user": user_data}

**Custom Validator Features:**
- `@validator('field_name')` decorator
- Access to field value and other values
- Can transform data (like lowercase email)
- Can raise `ValueError` for validation errors
- Execute in order of definition

#### Model Configuration

**Customizing model behavior with Config class**

In [None]:
from pydantic import BaseModel
from datetime import datetime

class User(BaseModel):
    id: int
    name: str
    email: str
    created_at: datetime
    is_active: bool

    class Config:
        # Allow ORM objects (SQLAlchemy models)
        orm_mode = True
        
        # Custom JSON encoder for special types
        json_encoders = {
            datetime: lambda dt: dt.isoformat()
        }
        
        # Validate assignment after creation
        validate_assignment = True
        
        # Use enum values instead of names
        use_enum_values = True
        
        # Example data for documentation
        schema_extra = {
            "example": {
                "id": 1,
                "name": "John Doe",
                "email": "john@example.com",
                "created_at": "2023-01-01T10:00:00",
                "is_active": True
            }
        }

# Usage with ORM (if using databases like SQLAlchemy)
@app.get("/users/{user_id}", response_model=User)
def get_user(user_id: int):
    # Simulate database user object
    # With orm_mode=True, can return ORM object directly
    user_data = {
        "id": user_id,
        "name": "John Doe",
        "email": "john@example.com",
        "created_at": datetime.now(),
        "is_active": True
    }
    return user_data

**Config Options:**
- `orm_mode = True` - Work with ORM objects
- `validate_assignment = True` - Validate when fields change
- `json_encoders` - Custom serialization for specific types
- `schema_extra` - Example data for API docs

#### Union Types and Multiple Model Types

**Handling different request body formats**

In [None]:
from typing import Union
from pydantic import BaseModel

class ImagePost(BaseModel):
    type: str = "image"
    title: str
    image_url: str
    caption: Optional[str] = None

class TextPost(BaseModel):
    type: str = "text"
    title: str
    content: str
    tags: List[str] = []

class VideoPost(BaseModel):
    type: str = "video"
    title: str
    video_url: str
    duration: int  # seconds

# Union type allows any of the three models
@app.post("/posts/")
def create_post(post: Union[ImagePost, TextPost, VideoPost]):
    return {
        "message": f"Created {post.type} post",
        "title": post.title,
        "post_data": post
    }

# FastAPI will try each model until one validates successfully
# Request examples:
# {"type": "image", "title": "My Photo", "image_url": "http://example.com/photo.jpg"}
# {"type": "text", "title": "My Article", "content": "Article content here..."}
# {"type": "video", "title": "My Video", "video_url": "http://example.com/video.mp4", "duration": 300}

#### Error Handling and Validation

**Understanding and handling validation errors**

In [None]:
from fastapi import HTTPException
from pydantic import ValidationError

class Product(BaseModel):
    name: str = Field(..., min_length=1, max_length=50)
    price: float = Field(..., gt=0)
    category_id: int = Field(..., gt=0)
    
    @validator('name')
    def name_must_not_be_empty(cls, v):
        if not v.strip():
            raise ValueError('Name cannot be empty or whitespace only')
        return v.strip()

@app.post("/products/")
def create_product(product: Product):
    try:
        # FastAPI automatically validates, but you can add custom logic
        if product.name.lower() in ['admin', 'root', 'system']:
            raise HTTPException(status_code=400, detail="Reserved product name")
        
        return {"message": "Product created", "product": product}
    
    except ValidationError as e:
        # This is automatically handled by FastAPI, shown for reference
        raise HTTPException(status_code=422, detail=e.errors())

**Key Best Practices:**
- Use separate models for create, update, and response
- Add meaningful field validation and descriptions
- Use enums for limited choice fields
- Provide example data for API documentation
- Keep models focused and single-purpose
- Use custom validators for business logic
- Consider using `Optional` fields for partial updates

###  CONFIGURATION & SETTINGS


| Concept | Description | Implementation | Use Case |
|---------|-------------|----------------|----------|
| **Settings Management** | Application configuration | `BaseSettings` | Environment config |
| **Environment Variables** | Config from env vars | `.env` files | Deployment flexibility |
| **Config Validation** | Validate configuration | Pydantic settings | Config integrity |
| **Multiple Environments** | Different configs per env | Environment-specific settings | Dev/staging/prod |

In [None]:
# .env files 

DB_HOST=localhost
DB_PORT=5432
DB_NAME=sqlalchemy
DB_USER=postgres
DB_PASSWORD=1234

### VALIDATION & SERIALIZATION



| Concept | Description | Implementation | Benefits |
|---------|-------------|----------------|----------|
| **Automatic Validation** | Request data validation | Pydantic models | Type safety |
| **Field Validators** | Custom field validation | `@validator('field_name')` | Business rules |
| **Root Validators** | Validate entire model | `@root_validator` | Cross-field validation |
| **Type Hints** | Python type annotations | `name: str`, `age: int` | IDE support, validation |
| **Union Types** | Multiple possible types | `Union[str, int]` | Flexible inputs |
| **Optional Fields** | Nullable fields | `Optional[str]` | Not required |
| **Default Values** | Field defaults | `name: str = "default"` | Fallback values |
| **Alias Fields** | Alternative field names | `Field(alias="userName")` | API compatibility |

###  DEPENDENCIES



| Concept | Description | Example | Purpose |
|---------|-------------|---------|---------|
| **Dependency Injection** | Provide dependencies to functions | `Depends(get_db)` | Separation of concerns |
| **Function Dependencies** | Dependencies as functions | `def get_db(): ...` | Resource management |
| **Class Dependencies** | Dependencies as classes | `class CommonDependency: ...` | Stateful dependencies |
| **Sub-dependencies** | Dependencies with dependencies | `def get_user(db=Depends(get_db)):` | Dependency chains |
| **Dependency Override** | Override for testing | `app.dependency_overrides[get_db] = override_get_db` | Testing |
| **Global Dependencies** | App-level dependencies | `dependencies=[Depends(verify_token)]` | Cross-cutting concerns |
| **Path-level Dependencies** | Router-level dependencies | Router dependencies | Route groups |
| **Yield Dependencies** | Context manager dependencies | `yield db` | Resource cleanup |

#### Dependency Injection Basics

**Providing dependencies to endpoint functions using Depends()**

In [None]:
from fastapi import FastAPI, Depends

app = FastAPI()

# Simple dependency function
def get_message():
    return "Hello from dependency!"

@app.get("/")
def read_root(message: str = Depends(get_message)):
    return {"message": message}

# When /  is called:
# 1. FastAPI calls get_message()
# 2. Result is passed to read_root() as message parameter
# 3. Returns: {"message": "Hello from dependency!"}

**Key Points:**
- `Depends()` tells FastAPI to call the function and inject the result
- Dependency function runs before the endpoint function
- Result is passed as a parameter to the endpoint

#### Function Dependencies

**Using functions as dependencies for resource management**

In [None]:
# Database connection dependency
def get_db():
    return {"connection": "database_connected"}

# Configuration dependency
def get_config():
    return {"debug": True, "version": "1.0"}

# Using multiple dependencies
@app.get("/users/")
def get_users(
    db = Depends(get_db),
    config = Depends(get_config)
):
    return {
        "users": ["user1", "user2"],
        "db_status": db["connection"],
        "debug_mode": config["debug"]
    }

**Key Points:**
- Dependencies are just regular Python functions
- Each dependency runs independently
- Multiple dependencies can be used in one endpoint

#### Dependencies with Parameters

**Dependencies that accept parameters**

In [None]:
# Dependency with parameters
def get_query_filter(limit: int = 10, skip: int = 0):
    return {"limit": limit, "skip": skip}

# Dependency with required parameter
def get_token(token: str):
    return {"token": token, "valid": len(token) > 5}

@app.get("/items/")
def get_items(
    filters = Depends(get_query_filter),  # Uses query parameters
    auth = Depends(get_token)  # Uses query parameter 'token'
):
    return {
        "filters": filters,
        "auth_status": auth["valid"],
        "data": ["item1", "item2"]
    }

# URL: /items/?limit=5&skip=10&token=mytoken123

**Key Points:**
- Dependencies can have their own parameters
- Parameters come from query params, path params, or request body
- FastAPI handles parameter resolution automatically

#### Class Dependencies

**Using classes as dependencies for stateful objects**

In [None]:
class DatabaseConnection:
    def __init__(self):
        self.connected = True
        self.host = "localhost"
    
    def get_status(self):
        return f"Connected to {self.host}"

class UserService:
    def __init__(self, db: DatabaseConnection = Depends(DatabaseConnection)):
        self.db = db
    
    def get_user_count(self):
        return {"count": 5, "db_status": self.db.get_status()}

@app.get("/stats/")
def get_stats(user_service: UserService = Depends(UserService)):
    return user_service.get_user_count()

**Key Points:**
- Classes can be used as dependencies
- Class dependencies maintain state
- Classes can have their own dependencies in `__init__`

#### Sub-dependencies (Dependency Chains)

**Dependencies that depend on other dependencies**

In [None]:
# Level 1: Basic dependency
def get_database():
    return {"db": "connected"}

# Level 2: Depends on get_database
def get_user_repo(db = Depends(get_database)):
    return {"repo": "user_repository", "db": db}

# Level 3: Depends on get_user_repo (which depends on get_database)
def get_current_user(user_repo = Depends(get_user_repo)):
    return {
        "user": "john_doe",
        "repo": user_repo["repo"],
        "db_status": user_repo["db"]["db"]
    }

@app.get("/profile/")
def get_profile(current_user = Depends(get_current_user)):
    return {"profile": current_user}

**Key Points:**
- Dependencies can depend on other dependencies
- FastAPI resolves the entire dependency chain
- Sub-dependencies are cached per request

#### Dependency Caching

**Dependencies are cached within the same request**

In [None]:
call_count = 0

def expensive_operation():
    global call_count
    call_count += 1
    return {"result": f"Called {call_count} times", "data": "expensive_data"}

# Used in multiple places
@app.get("/endpoint1/")
def endpoint1(data = Depends(expensive_operation)):
    return {"endpoint": "1", "data": data}

@app.get("/endpoint2/")
def endpoint2(
    data1 = Depends(expensive_operation),
    data2 = Depends(expensive_operation)  # Same dependency, cached result
):
    return {
        "endpoint": "2", 
        "data1": data1,
        "data2": data2  # Will have same result as data1
    }

**Key Points:**
- Dependencies are calculated once per request
- Multiple uses of same dependency get cached result
- Reduces redundant operations

#### Dependency Override (Testing)

**Overriding dependencies for testing purposes**

In [None]:
# Original dependency
def get_real_database():
    return {"type": "production", "data": "real_data"}

# Test override
def get_fake_database():
    return {"type": "test", "data": "fake_data"}

@app.get("/data/")
def get_data(db = Depends(get_real_database)):
    return {"source": db["type"], "data": db["data"]}

# Override for testing
app.dependency_overrides[get_real_database] = get_fake_database

# Now when /data/ is called, it uses get_fake_database instead
# Returns: {"source": "test", "data": "fake_data"}

# Remove override
# app.dependency_overrides = {}

**Key Points:**
- Override dependencies without changing code
- Useful for testing with mock data
- Can be enabled/disabled dynamically

#### Global Dependencies

**App-level dependencies that apply to all endpoints**

In [None]:
def verify_api_key(api_key: str = ""):
    if len(api_key) < 5:
        return {"valid": False, "message": "Invalid API key"}
    return {"valid": True, "user": "authenticated_user"}

# Apply to entire app
app = FastAPI(dependencies=[Depends(verify_api_key)])

@app.get("/public/")
def public_endpoint(auth = Depends(verify_api_key)):
    if not auth["valid"]:
        return {"error": "Unauthorized"}
    return {"message": "Public data", "user": auth["user"]}

@app.get("/private/")
def private_endpoint(auth = Depends(verify_api_key)):
    if not auth["valid"]:
        return {"error": "Unauthorized"}
    return {"message": "Private data", "user": auth["user"]}

**Key Points:**
- Global dependencies run for all endpoints
- Still need to access dependency result in endpoints
- Good for authentication, logging, etc.

#### Router-level Dependencies

**Dependencies that apply to specific route groups**

In [None]:
from fastapi import APIRouter

# Router dependency
def admin_check():
    return {"role": "admin", "permissions": ["read", "write", "delete"]}

def user_check():
    return {"role": "user", "permissions": ["read"]}

# Admin router with admin dependency
admin_router = APIRouter(
    prefix="/admin",
    dependencies=[Depends(admin_check)]
)

@admin_router.get("/users/")
def admin_get_users(admin = Depends(admin_check)):
    return {"users": ["all_users"], "role": admin["role"]}

# User router with user dependency
user_router = APIRouter(
    prefix="/user", 
    dependencies=[Depends(user_check)]
)

@user_router.get("/profile/")
def user_profile(user = Depends(user_check)):
    return {"profile": "user_data", "role": user["role"]}

# Include routers
app.include_router(admin_router)
app.include_router(user_router)

**Key Points:**
- Router dependencies apply to all routes in that router
- Different routers can have different dependencies
- Useful for grouping related endpoints

#### Yield Dependencies (Context Managers)

**Dependencies with setup and cleanup using yield**

In [None]:
def get_db_connection():
    print("🔗 Opening database connection")
    db = {"connection": "opened", "transactions": []}
    
    try:
        yield db  # This is what gets injected
    finally:
        print("🔒 Closing database connection")
        db["connection"] = "closed"

def get_file_handler():
    print("📁 Opening file")
    file_handle = {"file": "opened", "content": []}
    
    try:
        yield file_handle
    finally:
        print("📁 Closing file")
        file_handle["file"] = "closed"

@app.get("/process/")
def process_data(
    db = Depends(get_db_connection),
    file = Depends(get_file_handler)
):
    # Both resources are opened before this runs
    return {
        "db_status": db["connection"],
        "file_status": file["file"],
        "message": "Processing completed"
    }
    # Both resources are closed after this completes

**Key Points:**
- `yield` creates context manager dependencies
- Code before `yield` runs at start
- Code after `yield` runs at end (cleanup)
- Great for resource management



**Best Practices:**
- Keep dependencies simple and focused
- Use descriptive names for dependency functions
- Leverage dependency caching for expensive operations
- Use `yield` for resources that need cleanup
- Group related dependencies in separate modules
- Override dependencies for testing
- Use type hints for better documentation

###  MIDDLEWARE



| Type | Description | Implementation | Purpose |
|------|-------------|----------------|---------|
| **Custom Middleware** | Custom processing logic | `@app.middleware("http")` | Request/response processing |
| **CORS Middleware** | Cross-Origin Resource Sharing | `CORSMiddleware` | Browser security |
| **Trusted Host Middleware** | Host validation | `TrustedHostMiddleware` | Security |
| **GZIP Middleware** | Response compression | `GZipMiddleware` | Performance |
| **HTTPS Redirect** | Force HTTPS | `HTTPSRedirectMiddleware` | Security |
| **Session Middleware** | Session management | Third-party middleware | Stateful sessions |

#### CORS Middleware

**Handling Cross-Origin Resource Sharing**

In [None]:

from fastapi.middleware.cors import CORSMiddleware

app = FastAPI()

# Add CORS middleware
app.add_middleware(
    CORSMiddleware,
    allow_origins=["http://localhost:3000", "https://myapp.com"],
    allow_credentials=True,
    allow_methods=["GET", "POST", "PUT", "DELETE"],
    allow_headers=["*"],
)

@app.get("/api/users/")
def get_users():
    return {"users": ["user1", "user2"]}

@app.post("/api/users/")
def create_user():
    return {"message": "User created"}

# For development (allow all origins)
# app.add_middleware(
#     CORSMiddleware,
#     allow_origins=["*"],
#     allow_credentials=True,
#     allow_methods=["*"],
#     allow_headers=["*"],
# )

**CORS Options:**
- `allow_origins` - List of allowed origins
- `allow_credentials` - Allow cookies/auth headers
- `allow_methods` - Allowed HTTP methods
- `allow_headers` - Allowed request headers
- `expose_headers` - Headers exposed to frontend

###  ERROR HANDLING



| Concept | Description | Example | Purpose |
|---------|-------------|---------|---------|
| **HTTPException** | HTTP error responses | `raise HTTPException(404, "Not found")` | Standard HTTP errors |
| **Custom Exception Handlers** | Handle specific exceptions | `@app.exception_handler(ValueError)` | Custom error responses |
| **Validation Errors** | Pydantic validation errors | Automatic handling | Input validation |
| **Request Validation Error** | Request parsing errors | Built-in handling | Malformed requests |
| **Custom Error Responses** | Tailored error messages | Custom exception classes | User-friendly errors |

###  AUTHENTICATION & AUTHORIZATION



| Concept | Description | Implementation | Use Case |
|---------|-------------|----------------|----------|
| **OAuth2** | OAuth 2.0 implementation | `OAuth2PasswordBearer` | Token-based auth |
| **JWT Tokens** | JSON Web Tokens | `python-jose[cryptography]` | Stateless auth |
| **Password Hashing** | Secure password storage | `passlib[bcrypt]` | Password security |
| **Scopes** | Permission granularity | `scopes={"read": "Read access"}` | Fine-grained permissions |
| **Dependencies** | Reusable auth logic | `Depends(get_current_user)` | Auth injection |
| **Security Schemes** | OpenAPI security docs | Various security definitions | API documentation |
| **API Keys** | Simple authentication | `APIKeyHeader`, `APIKeyQuery` | Basic auth |
| **HTTP Basic Auth** | Username/password auth | `HTTPBasic` | Simple auth |

### PERFORMANCE & OPTIMIZATION



| Concept | Description | Implementation | Benefit |
|---------|-------------|----------------|---------|
| **Async/Await** | Asynchronous programming | `async def` functions | Concurrent request handling |
| **Database Connection Pooling** | Reuse database connections | SQLAlchemy pools | Reduced connection overhead |
| **Caching** | Store computed results | Redis, in-memory | Faster responses |
| **Response Compression** | Compress HTTP responses | GZip middleware | Reduced bandwidth |
| **Pagination** | Limit response size | Query parameters | Manageable data sets |
| **Response Models** | Optimize serialization | Exclude unnecessary fields | Smaller payloads |

### SECURITY



| Concept | Description | Implementation | Protection Against |
|---------|-------------|----------------|-------------------|
| **HTTPS Enforcement** | Force encrypted connections | HTTPS redirect middleware | Man-in-the-middle attacks |
| **CORS Configuration** | Cross-origin request control | CORS middleware | XSS attacks |
| **Input Validation** | Validate all inputs | Pydantic models | Injection attacks |
| **Authentication** | Verify user identity | OAuth2, JWT | Unauthorized access |
| **Authorization** | Control resource access | Scopes, permissions | Privilege escalation |
| **Rate Limiting** | Limit request rates | Custom middleware | DoS attacks |
| **SQL Injection Prevention** | Safe database queries | ORM usage | SQL injection |

### ADVANCED ROUTING



| Concept | Description | Example | Use Case |
|---------|-------------|---------|----------|
| **APIRouter** | Modular routing | `router = APIRouter()` | Code organization |
| **Route Inclusion** | Include routers | `app.include_router(router)` | Modular apps |
| **Route Prefixes** | Common path prefixes | `prefix="/api/v1"` | API versioning |
| **Route Tags** | Group operations | `tags=["items"]` | Documentation |
| **Route Dependencies** | Router-level dependencies | `dependencies=[Depends(auth)]` | Shared logic |
| **Sub-applications** | Mount sub-apps | `app.mount("/sub", sub_app)` | App composition |

### BACKGROUND TASKS



| Concept | Description | Example | Use Case |
|---------|-------------|---------|----------|
| **Background Tasks** | Non-blocking task execution | `BackgroundTasks.add_task()` | Email sending |
| **Task Functions** | Functions run in background | `def send_notification():` | Async operations |
| **Task Parameters** | Pass data to background tasks | `add_task(func, param1, param2)` | Parameterized tasks |
| **Multiple Tasks** | Queue multiple tasks | Multiple `add_task()` calls | Batch operations |

###  WEBSOCKETS



| Concept | Description | Implementation | Use Case |
|---------|-------------|----------------|----------|
| **WebSocket Endpoints** | Real-time communication | `@app.websocket("/ws")` | Live updates |
| **WebSocket Accept** | Accept connections | `await websocket.accept()` | Connection establishment |
| **Send/Receive Data** | Bidirectional communication | `send_text()`, `receive_text()` | Real-time data |
| **Connection Management** | Handle connections/disconnections | Connection lifecycle | Resource cleanup |
| **WebSocket Dependencies** | Inject dependencies | `Depends()` in WebSocket | Shared logic

### TESTING



| Concept | Description | Tool/Library | Purpose |
|---------|-------------|--------------|---------|
| **Test Client** | Testing FastAPI apps | `TestClient` | Integration testing |
| **Async Testing** | Test async endpoints | `pytest-asyncio` | Async test support |
| **Database Testing** | Test with databases | Test database setup | Data layer testing |
| **Dependency Override** | Mock dependencies | `app.dependency_overrides` | Isolated testing |
| **Fixture Management** | Test data setup | `pytest` fixtures | Test data |