### **1.1 🌐 What is an API?**

Simple explanation:

An API (Application Programming Interface) lets two programs "talk" to each other.  
For example, when you use a weather app, it asks a weather API for today's temperature.  

### **1.2 🔥 HTTP Basics**

HTTP is the language of APIs.  
When two systems talk, they use HTTP methods like:  

HTTP Method     | Purpose                           | Example  
GET             | Retrieve data                     | Get list of users  
POST            | Send new data                     | Create a new user  
PUT             | Update existing data completely   | Replace a user's profile info  
PATCH           | Update partially                  | Change a user's email  
DELETE          | Remove data                       | Delete a user  



Status Codes: (very important)

Status Code	Meaning

200	    -   OK (Success)  
201	    -   Created (POST success)  
400	    -   Bad Request  
401	    -   Unauthorized (Login required)  
403	    -   Forbidden (You can't access)  
404	    -   Not Found  
500	    -   Internal Server Error  


### **1.3 🛤️ Request-Response Cycle**

Client sends a request → Server processes it → Server sends back a response.

- Request = URL + method + data (optional).
- Response = Status code + data (optional).

Example:  
- You (client) send a GET /products request to Amazon (server).
- Amazon replies with a list of products.

### **🎯 Simple Rules to Remember:**

You want to...-----------Use Method----------Send Data In  
Get information-------------GET--------------URL (query/path)  
Create new thing------------POST-------------Body (JSON)  
Update existing thing-----PUT/PATCH----------Body (JSON)  
Delete something------------DELETE-----------URL (path param)  

`GET` → use query parameters or path parameters.

`POST/PUT/PATCH` → use Request Body (with Pydantic models).

`DELETE` → use path parameters for specifying what to delete.

#### **🔥 Quick Memory Trick:**

Keyword----Meaning  
GET--------Give me something  
POST-------Push something new  
PUT--------Put new version  
PATCH------Patch (fix)  
DELETE-----Destroy!  


#### **✅ Summary:**

- GET: Small search/fetches → data in URL
- POST: New creation → data in body
- PUT/PATCH: Update existing → data in body
- DELETE: Remove resource → id in URL


Never send passwords or private data in URL → URLs are visible and logged!

Use POST whenever you need to send sensitive, large, or structured data.

#### **Check 'jsonplaceholder.typicode.com' URL**

- Open your browser and type:

- `https://jsonplaceholder.typicode.com/posts`

- It's a fake API for learning.

- You'll see JSON (data).

- This was a GET request.

In [4]:
import requests

response = requests.get('https://jsonplaceholder.typicode.com/posts')
print(response.status_code)  # should print 200
print(response.json()[0])    # prints first post


200
{'userId': 1, 'id': 1, 'title': 'sunt aut facere repellat provident occaecati excepturi optio reprehenderit', 'body': 'quia et suscipit\nsuscipit recusandae consequuntur expedita et cum\nreprehenderit molestiae ut ut quas totam\nnostrum rerum est autem sunt rem eveniet architecto'}


### **1.4.1 🌀 Async / Await Basics**

`async` makes a function asynchronous (non-blocking).  

`await` waits for an async function to finish.  

In [7]:
import asyncio

async def greet():
    print("Hello")
    await asyncio.sleep(2)  # wait 2 seconds
    print("World")

#  asyncio.run(greet()) # Getting runtime error: "RuntimeError: This event loop is already running" due to Jupyter Notebook's event loop

# In Jupyter, just await it
await greet()


Hello
World


In Normal Python Script	---- Use asyncio.run(myfunc())  
In Jupyter/IPython Notebook  ---Use await myfunc() directly

### **1.4.2 📜 Type Hints (Python 3.6+)**

Type hints make Python more predictable.  


In [8]:
def add_numbers(a: int, b: int) -> int:
    return a + b

print(add_numbers(5, 7))  # 12


12


`a: int` → a must be an integer.  

`-> int` → function will return an integer.

### **1.4.3 🎯 Pydantic Models (Data Validation)**

FastAPI uses Pydantic models to validate and serialize data.  

Pydantic will validate types automatically.

In [13]:
from pydantic import BaseModel

class User(BaseModel):
    name: str
    age: int

user = User(name="John", age=30)
# print(user.dict()) # This is deprecated in Pydantic v2.0
print(user.model_dump())  # {'name': 'John', 'age': 30}


{'name': 'John', 'age': 30}


In [15]:
# Wrong inputs
try:
    user = User(name="John", age="thirty")  # age should be an int
except ValueError as e:
    print(e)


1 validation error for User
age
  Input should be a valid integer, unable to parse string as an integer [type=int_parsing, input_value='thirty', input_type=str]
    For further information visit https://errors.pydantic.dev/2.10/v/int_parsing


#### **Small Excercise : 1**
1. Write a Python program that:
- Fetches a list of posts from https://jsonplaceholder.typicode.com/posts
- Validates each post with a Pydantic model:
- Fields = userId: int, id: int, title: str, body: str
- Prints the title of the first 5 posts.



In [17]:
from pydantic import BaseModel
import requests

class FetchData(BaseModel):
    userId: int
    id: int
    title: str
    body: str

url = 'https://jsonplaceholder.typicode.com/posts'
response = requests.get(url)
data = response.json()
posts = [FetchData(**item) for item in data] 
print([posts[i].title for i in range(5)])

['sunt aut facere repellat provident occaecati excepturi optio reprehenderit', 'qui est esse', 'ea molestias quasi exercitationem repellat qui ipsa sit aut', 'eum et est occaecati', 'nesciunt quas odio']


### **2.1 🛠️ Install FastAPI and Uvicorn**
- FastAPI needs an ASGI server to run.
- Uvicorn is the most common choice (very lightweight and fast).

- Run this in your terminal:  
    `pip install fastapi uvicorn`
    
- astapi: framework to build APIs  
- uvicorn: server to run the app

### **2.2 🚀First FastAPI Application**

In [18]:
# main.py

from fastapi import FastAPI

app = FastAPI()

@app.get("/")
def read_root():
    return {"message": "Hello, FastAPI!"}

@app.get("/hello/{name}")
def read_item(name: str):
    return {"message": f"Hello, {name}!"}


- `@app.get("/")`: Creates a GET endpoint at the root /.

- `/hello/{name}`: A dynamic route. {name} will be passed as a parameter.

### **2.3 ▶️ Running App**

In [None]:
# In the terminal, run the following command to start the FastAPI server:
uvicorn main:app --reload

- `main`: file name (without .py)

- `app`: FastAPI instance

- `--reload`: auto-restart server on code changes (great for development)

### **2.4 ✨ Built-in Documentation**  

FastAPI automatically gives you beautiful API docs:  

- Swagger UI → `http://127.0.0.1:8000/docs`
- Redoc → `http://127.0.0.1:8000/redoc`



#### **Small Excercise : 2**

Create 2 endpoints:

1. `GET` /greet/{name} → returns: {"greeting": "Hi {name}, welcome to FastAPI!"}

2. `POST` /sum : {"a": 5, "b": 10} -> It should return: {"result": 15}

Need to use Pydantic model for the POST body


In [None]:
from fastapi import FastAPI
from pydantic import BaseModel

class Sum(BaseModel):
    a: int
    b: int

app = FastAPI()

@app.get("/greet/{name}")
def greet(name: str):
    return {"greeting": f"Hi {name}, welcome to FastAPI!!"}

@app.post("/sum")
def calculate_sum(sum: Sum) -> int:
    result = sum.a + sum.b
    return {"result": result}


#CURL command to test the API
# curl -X GET "http://127.0.0.1:8080/greet/Kalyan" -H "accept: application/json"
# curl -X POST "http://127.0.0.1:8080/sum" -H "Content-Type: application/json" -d "{\"a\": 2, \"b\": 3}"




### **3. Learn how to build basic API endpoints**  
using path, query, and body parameters, and understand how FastAPI handles data serialization and validation.



#### **3.1✅ Standard Core Topics**  
`Path Parameters`
- Example: /items/{item_id}

`Query Parameters`
- Example: /search/?q=shoes&limit=10

`Request Bodies`
- Using Pydantic models to accept JSON payloads (e.g., POST requests)

`Response Models`
- Ensuring clean, structured output using Pydantic


---
`🔄 Response Customization`
- Use response_model_exclude, response_model_include, etc.
- Example: Hiding sensitive fields from API responses (password, internal_notes)

`🎨 OpenAPI Documentation Customization`
- Add summary, description, response_description, etc. to routes
- Add examples to query parameters and request bodies:

In [None]:
# response_model_include and response_model_exclude are optional parameters that allow you to customize
# which fields are included in the response when using a response_model.

from fastapi import FastAPI
from pydantic import BaseModel

app = FastAPI()

class User(BaseModel):
    id: int
    name: str
    email: str
    is_admin: bool

# response_model_include - Include only the specified fields in the response
@app.get("/user", response_model=User, response_model_include={"name", "email"})
def get_user():
    return User(id=1, name="Alice", email="alice@example.com", is_admin=True)

# response_model_exclude - Exclude the specified fields from the response
@app.get("/user-public", response_model=User, response_model_exclude={"is_admin"})
def get_public_user():
    return User(id=1, name="Alice", email="alice@example.com", is_admin=True)



FastAPI lets you customize OpenAPI documentation extensively using route-level metadata like:

- summary
- description
- response_description

Examples for query parameters and request bodies

This improves API docs (Swagger UI at /docs) for developers.

#### **Swagger/OpenAPI Customization Example**

In [None]:
from fastapi import FastAPI, Query
from pydantic import BaseModel, Field

app = FastAPI()

class Item(BaseModel):
    name: str = Field(..., example="Laptop")
    price: float = Field(..., example=999.99)
    description: str = Field(None, example="A high-performance laptop")

@app.post(
    "/items/",
    summary="Create a new item",
    description="This endpoint creates an item with a name, price, and optional description.",
    response_description="The created item"
)
def create_item(item: Item):
    return item

@app.get(
    "/search/",
    summary="Search items",
    description="Search for items using a keyword and optional price filter.",
    response_description="List of matching items"
)
def search_items(
    q: str = Query(..., description="Search term", example="laptop"),
    max_price: float = Query(None, description="Maximum price filter", example=1000.0)
):
    return {"query": q, "max_price": max_price}


##### **Explanation:**
`Item` is a schema for the request body (what the client sends).

`name`, `price`, `description` are the fields expected in the JSON body.  
`Field(...)`: Used to provide metadata like:  
`...`: required field (FastAPI uses Ellipsis for required).  
`example`: shows up in Swagger UI.  
`description` has None as the default, so it's optional. 

###### **@app.post("/items/")**  
`@app.post("/items/")`: Defines a POST endpoint at /items/.  
`summary`: Short, one-line explanation (shown in /docs).  
`description`: Full explanation of what the endpoint does.  
`response_description`: Shown in Swagger UI to describe what the endpoint returns.  

create_item(item: Item):   
- FastAPI auto-parses the JSON body into the Item model.  
- If the body is missing or invalid, it returns a validation error.  
- Returns the same item (just echoing it back in this case).

###### **@app.get("/search/")**  

`@app.get("/search/")`: Defines a GET endpoint at /search/.  
`summary, description, response_description`: Again used to improve the OpenAPI docs.  

Parameters:  
`q: str = Query(...)`
- A required query parameter (because of ...)  
- Describes the search keyword.  
- Example: /search?q=phone  

`max_price: float = Query(None)`  
- Optional query parameter with a description and example.  
- Example: /search?q=laptop&max_price=1000  

`Function Behavior:`
Returns both parameters in a JSON response to confirm what the user searched for.




`Key Features`  
- `Validation`: Pydantic ensures that the input data matches the defined structure and constraints.
- `Swagger UI`: FastAPI automatically generates interactive API documentation at /docs.
- `Example Values`: The example field in the Item model and query parameters helps users understand the expected input.

#### **FastAPI with Enum-constrained item_id + OpenAPI Customization**

In [None]:
from enum import Enum
from fastapi import FastAPI

app = FastAPI()

# Define an Enum to constrain the item_id
class ItemID(str, Enum):
    laptop = "laptop"
    phone = "phone"
    tablet = "tablet"

@app.get(
    "/items/{item_id}",
    summary="Get a specific item by ID",
    description="Returns details for a given item. Only predefined item IDs are accepted.",
    response_description="Details of the requested item"
)
def get_item(item_id: ItemID):
    items = {
        "laptop": {"name": "Laptop", "price": 1000},
        "phone": {"name": "Phone", "price": 500},
        "tablet": {"name": "Tablet", "price": 750}
    }
    return {"item_id": item_id, "details": items[item_id]}


### **Add a JSON-based MockDB to FastAPI App**

.
├── main.py  
├── db/  
│   └── users.json  

- Step 1: Create users.json in a db/ Folder
- Step 2: Utility Functions for File-based DB
- Step 3: Hash Password & Save User


In [None]:
# Step2 - Utility functions to read and write user data to a JSON file
import json
from pathlib import Path

DB_FILE = Path("db/users.json")

def read_users_from_file():
    if not DB_FILE.exists():
        return []
    with DB_FILE.open("r", encoding="utf-8") as f:
        return json.load(f)

def write_user_to_file(user_dict):
    users = read_users_from_file()
    users.append(user_dict)
    with DB_FILE.open("w", encoding="utf-8") as f:
        json.dump(users, f, indent=4)


In [None]:
# Step3 - FastAPI application

from fastapi import FastAPI, status
from enum import Enum
from pydantic import BaseModel, EmailStr

app = FastAPI()

# Models
class UserCreate(BaseModel):
    name: str
    age: int
    email: EmailStr
    password: str

class UserPublic(BaseModel):
    name: str
    age: int
    email: EmailStr

class ItemType(str, Enum):
    book = "book"
    electronics = "electronics"
    clothing = "clothing"
    food = "food"

# Fake hash function
def fake_hash_password(password: str):
    return "hashed_" + password

# File DB helpers
from pathlib import Path
import json

DB_FILE = Path("db/users.json")

def read_users_from_file():
    if not DB_FILE.exists():
        return []
    with DB_FILE.open("r", encoding="utf-8") as f:
        return json.load(f)

def write_user_to_file(user_dict):
    users = read_users_from_file()
    users.append(user_dict)
    with DB_FILE.open("w", encoding="utf-8") as f:
        json.dump(users, f, indent=4)

# Routes
@app.get("/items/{item}", summary="Get item details",
         description="Get details of a specific item by its type.",
         response_description="Details of the requested item")
def read_item(item: ItemType):
    items = {
        "book": {"name": "The Great Gatsby", "price": 10.99},
        "electronics": {"name": "Smartphone", "price": 699.99},
        "clothing": {"name": "T-shirt", "price": 19.99},
        "food": {"name": "Pizza", "price": 12.99}
    }
    return {"item_id": item, "item_details": items[item]}

@app.post("/users/", response_model=UserPublic, status_code=status.HTTP_201_CREATED,
          summary="Create a new user",
          description="Create a new user with the specified name, age, email, and password.",
          response_description="The created user's public details")
def create_user(user: UserCreate):
    hashed_password = fake_hash_password(user.password)
    user_data = user.dict()
    user_data["password"] = hashed_password
    write_user_to_file(user_data)
    return UserPublic(name=user.name, age=user.age, email=user.email)


### **4. CheckLists**

1. `✅ Input Validation with Pydantic ` 
- Use constraints like constr, conint, EmailStr, regex, etc.
- Example: Validate password length, age ranges.

2. `⏳ Dependency Injection with Depends()`  
- Reusable logic (auth checks, database access, etc.)
- Built-in DI system — no third-party container needed.

3. `⛓️ Background Tasks`  
- Tasks that run after a response is sent (e.g., sending emails)

4. `🧩 Middleware`  
- Logic that runs before/after requests (e.g., logging, auth)

5. `🚦 Event Handlers`   
- Startup/shutdown logic (e.g., DB connection, logging)

#### **Step 4.1: Advanced Input Validation with Pydantic**

FastAPI relies on Pydantic for input validation. Beyond simple types, we can add constraints like:

🛠 Common Pydantic Constraints

Type---------Constraint Example---------------------Meaning  

constr-------constr(min_length=3, max_length=20)----String length  
conint-------conint(gt=0, le=100)-------------------Integer between 1 and 100  
EmailStr-----Already used!--------------------------Validates email format  
Field(...)---Metadata, examples, regex, etc.---------Enhanced docs and validation

In [1]:
# ✏️ Example: Validating a User Model

from pydantic import BaseModel, EmailStr, Field, constr, conint

class UserCreate(BaseModel):
    name: constr(min_length=3, max_length=50)
    age: conint(ge=0, le=120)
    email: EmailStr
    password: constr(min_length=8)


In [3]:
#  Or with Field for more control

class UserCreate(BaseModel):
    name: str = Field(..., min_length=3, max_length=50, example="John Doe")
    age: int = Field(..., ge=0, le=120, example=30)
    email: EmailStr = Field(..., example="user@example.com")
    password: constr(min_length=8) = Field(..., example="password123")

#### **🔍 What Is a Pydantic Custom Validator?**

When built-in constraints (Field, constr, ...) aren't enough, we can write our own logic using @validator.  

This is helpful for:
- Matching passwords to a policy
- Ensuring a name doesn't contain numbers
- Validating cross-field logic (e.g., if role == "admin", email must be company domain)


In [None]:
from fastapi import FastAPI, status, HTTPException
from pydantic import BaseModel, EmailStr, Field, field_validator, constr
import re

app = FastAPI()

class UserCreate(BaseModel):
    name: str = Field(..., min_length=3, max_length=50)
    age: int = Field(..., ge=0, le=120)
    email: EmailStr
    password: str= Field(..., min_length=8)

    @field_validator("password")
    def validate_password(cls, value):
        if not re.search(r"[A-Z]", value):
            raise ValueError("Password must contain at least one uppercase letter")
        if not re.search(r"[a-z]", value):
            raise ValueError("Password must contain at least one lowercase letter")
        if not re.search(r"[0-9]", value):
            raise ValueError("Password must contain at least one digit")
        if not re.search(r"[!@#$%^&*(),.?\":{}|<>]", value):
            raise ValueError("Password must contain at least one special character")
        return value

    @field_validator("name")
    def validate_name(cls, value):
        if not re.match(r"^[A-Za-z\s]+$", value):
            raise ValueError("Name must contain only letters and spaces")
        return value
    
class UserPublic(BaseModel):
    name: str
    age: int
    email: EmailStr

@app.post("/users/", summary="Create a new user",
        description="Create a new user with the specified name, age, email, and password.",
        response_description="The created user's public details", response_model=UserPublic , status_code=status.HTTP_201_CREATED)
def create_user(user: UserCreate):
    return UserPublic(name=user.name, age=user.age, email=user.email)

# curl -X POST "http://127.0.0.1:8080/users/" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"name\":\"John Doe\",\"age\":30,\"email\":\"user@gmail.com\",\"password\":\"Password123!\"}"


#### **🔧 Step 4.2: Dependency Injection with Depends()**

What is Dependency Injection in FastAPI?

In FastAPI, Depends() is used to inject reusable logic like:  
- Auth checks
- DB sessions
- Configs
- Shared utilities

It promotes clean, modular code and separates concerns.

#### **📦 Example Use Case: Authorization Check**


In [None]:
from fastapi import FastAPI, Depends, HTTPException, status, Header

app = FastAPI()

# Fix: Use Header() to read token from headers
def fake_token_validator(authorization: str = Header(default="")):
    print("Token:", authorization)
    if authorization != "secrettoken123":
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid or missing token",
        )
    return authorization

@app.get("/protected/", dependencies=[Depends(fake_token_validator)])
def protected_data():
    return {"message": "You have access to protected data!"}


#### **🔄 Step 4.3: Background Tasks in FastAPI**

✅ What Are Background Tasks?  
FastAPI lets you run non-blocking tasks after sending the response to the client  
- Sending confirmation emails
- Logging user activity
- Cleanup jobs
- Triggering async events

##### **📦 Built-in Tool: BackgroundTasks**

In [None]:
from fastapi import FastAPI, BackgroundTasks, Query
from pydantic import EmailStr, BaseModel
app = FastAPI()

class User(BaseModel):
    email: EmailStr

def send_background_email(email: str, message: str):
    # Simulate sending an email
    print(f"Sending email to {email} with message: {message}")

@app.post("/register/", summary="Register a new user",
            description="Register a new user and send a welcome email in the background.",
            response_description="Registration successful message")
def register_user(user: User, background_tasks: BackgroundTasks):
    message = "Welcome to our service!"
    background_tasks.add_task(send_background_email, user.email, message)
    return {"message": "User registered successfully!"}
# For this Pydantic Model, we need to send the email in the request body as JSON.
# curl -X POST "http://127.0.0.1:8080/register/" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"email\":\"sample@example.com\"}"

@app.post("/registerq/", summary="Register a new user",
            description="Register a new user and send a welcome email in the background.",
            response_description="Registration successful message")
def register_user( background_tasks: BackgroundTasks, email: EmailStr = Query(..., title="User Email", description="Email address of the user to register", example="hello@gmail.com")):
    message = "Welcome to our service!"
    background_tasks.add_task(send_background_email, email, message)
    return {"message": "User registered successfully!"}

# curl -X POST "http://127.0.0.1:8080/registerq/?email=hello@gamil.com" 

`🧠 Key Notes:`  
- Background tasks run after the response is sent.  
- They don't block your API.
- You can pass arguments like in regular functions.
- Works with both sync and async functions.

#### **🧱 Step 4.4: Middleware in FastAPI**

✅ What is Middleware?  
Middelware is a function that runs before and after evry request  
- logging requests and responses  
- Authentication and Authorization  
- Session Management  
- CORS Handling  
- Timing request duration  
- Adding or modifying Headers    
- Global Auth, CORS, etc..,  

FastAPI Middleware Example:    
Let's create a middleware that logs the time it takes to handle the each request.  


In [None]:
from fastapi import FastAPI, Request
import time

app = FastAPI()

@app.middleware("http")
async def log_request_time(request: Request, call_next):
    start_time = time.time()
    response = await call_next(request)  # Pass control to the next layer
    duration = time.time() - start_time
    print(f"🔍 {request.method} {request.url.path} completed in {duration:.4f} sec")
    return response


`🧠 Key Notes:`  
- @app.middleware("http") runs on every HTTP request.  
- call_next(request) hands the request to the actual route handler.  
You can modify the request, response, or do side effects (like logging).

#### **🌐 CORS Middleware in FastAPI**

##### **✅ What is CORS?  **
CORS (Cross-Origin Resource Sharing) is a security feature implemented by browsers that blocks frontend apps (from one origin) from accessing backend APIs (on another origin) unless explicitly allowed.  

Example problem:

- Your frontend is running at: http://localhost:3000
- Your backend API is running at: http://localhost:8000
- Without proper CORS setup, your frontend will get blocked by the browser when making API calls to the backend.


**✅ How to Enable CORS in FastAPI**  
FastAPI makes it easy with `CORSMiddleware` from `starlette.middleware`.


In [None]:
from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware

app = FastAPI()

# 👇 Allowed origins - only these origins can access your API
origins = [
    "http://127.0.0.1:3000",  # React dev server
    "https://yourdomain.com",  # Production frontend
]

# 👇 Register the CORS middleware
app.add_middleware(
    CORSMiddleware,
    allow_origins=origins,              # Who is allowed
    allow_credentials=True,             # Allow cookies/auth headers
    allow_methods=["*"],                # Which HTTP methods
    allow_headers=["*"],                # Which headers
)

@app.get("/")
def read_root():
    return {"message": "Hello from API with CORS!"}

In [None]:
# Test the CORS setup with a simple HTML page
# Frontend 
# sample index.html

<!DOCTYPE html>
<html>
<body>
    <button onclick="callAPI()">Call API</button>
    <script>
        function callAPI() {
            fetch("http://127.0.0.1:8080/")
                .then(response => response.json())
                .then(data => alert(JSON.stringify(data)))
                .catch(err => console.error("CORS Error:", err));
        }
    </script>
</body>
</html>

# python -m http.server 3000
# Run this HTML file in a browser and click the button to call the API.


#### **Step 4.5: Event Handlers in FastAPI**

What are Event Handlers?   
Event listeners are special functions in FastAPI that run automatically when your app starts or shuts down.
  
UseCases:  
- Connect to Database or External services at startup.  (Set things up when your app starts)  
- Gracefully close connections or cleanup tasks while shutdown.  (Clean things up when your app shuts down)  


In [None]:
from fastapi import FastAPI

app = FastAPI()
fake_db = {}

@app.on_event("startup")
async def load_data():
    print("Startup: loading users...")
    fake_db["users"] = ["Alice", "Bob"]

@app.on_event("shutdown")
async def cleanup_data():
    print("Shutdown: cleaning up users...")
    fake_db.clear()

@app.get("/users/")
def get_users():
    return {"users": fake_db.get("users", [])}


#### **Step 5: Authentication & Authorization (Overview)**

Secure your API using token-based authentication.

1. OAuth2 with Password Flow
    (with token endpoint: /token)
2. JWT Tokens
3. Encode/decode using pyjwt
4. Store user info (email, id) in token
5. API Key-style security (Optional but useful)
6. Using Depends() for route protection
7. Security scopes (Optional advanced use)

In [None]:
# Sample Code using JWT

from fastapi import FastAPI, Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from jose import JWTError, jwt
from datetime import datetime, timedelta
from pydantic import BaseModel

# App setup
app = FastAPI()

# Secret key to encode the JWT
SECRET_KEY = "mysecretkey123"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30

# Dummy user database
fake_users_db = {
    "johndoe": {
        "username": "johndoe",
        "hashed_password": "secret123",  # In real app, store hashed!
    }
}

# OAuth2 scheme
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")

# Pydantic model for token
class Token(BaseModel):
    access_token: str
    token_type: str

# Authenticate user (fake logic)
def authenticate_user(username: str, password: str):
    user = fake_users_db.get(username)
    if not user or password != user["hashed_password"]:
        return None
    return user

# Create JWT token
def create_access_token(data: dict, expires_delta: timedelta | None = None):
    to_encode = data.copy()
    expire = datetime.utcnow() + (expires_delta or timedelta(minutes=15))
    to_encode.update({"exp": expire})
    return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)

# Login route
@app.post("/token", response_model=Token)
def login(form_data: OAuth2PasswordRequestForm = Depends()):
    user = authenticate_user(form_data.username, form_data.password)
    if not user:
        raise HTTPException(status_code=400, detail="Invalid credentials")
    access_token = create_access_token(data={"sub": user["username"]})
    return {"access_token": access_token, "token_type": "bearer"}

# Get current user from token
def get_current_user(token: str = Depends(oauth2_scheme)):
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        username: str = payload.get("sub")
        if username is None:
            raise HTTPException(status_code=401, detail="Invalid token")
    except JWTError:
        raise HTTPException(status_code=401, detail="Token decoding failed")
    return {"username": username}

# Protected route
@app.get("/protected/")
def protected_route(current_user: dict = Depends(get_current_user)):
    return {"message": f"Hello {current_user['username']}, you're authenticated!"}



In `FastAPI`, `Starlette` is the underlying web framework that `FastAPI` is built upon.

#### **🔧 What is Starlette?**

Starlette is a lightweight ASGI framework/toolkit for building high-performance async web services in Python. It provides the core web-handling features like:

- Routing
- Middleware support
- Request and response classes
- Background tasks
- WebSocket support
- Exception handling
- Dependency injection (at a basic level)

It was created by Tom Christie, the same developer who created Django REST Framework and is known for high-quality web tooling in Python.


#### **🧩 How does Starlette relate to FastAPI?**

FastAPI uses Starlette as its core framework for the actual web request/response handling. While FastAPI adds many features on top (like data validation, dependency injection, and OpenAPI generation), it delegates most low-level operations to Starlette.    

In fact:  
- You can use any Starlette middleware in FastAPI.
- FastAPI apps are subclassed from Starlette.
- FastAPI routes are built on top of Starlette’s routing.

#### **📦 FastAPI Stack Overview**

Here's how it looks conceptually:

FastAPI  
  --↑--  
Pydantic (for data validation and serialization)  
  --↑--  
Starlette (for web app core and ASGI support)  
  --↑--  
ASGI Server (like Uvicorn or Hypercorn)  

#### **✅ Summary** 

Starlette is the web framework FastAPI is built on.

It handles all the lower-level async web operations.

FastAPI extends it with automatic validation, documentation, and more.

#### **Step-6: Basic Unit Testing in FastAPI**  
##### **🔧 1. Setup**

`FastAPI` uses `Starlette` under the hood, and we can use its `TestClient` to simulate HTTP requests.

We'll use:
- `TestClient` from fastapi.testclient
- `pytest` as the test runner


In [None]:
# main.py
from fastapi import FastAPI

app = FastAPI()

@app.get("/")
def read_root():
    return {"message": "Hello, FastAPI!"}


In [None]:
# test_main.py
from fastapi.testclient import TestClient
from main import app

client = TestClient(app)

def test_read_root():
    response = client.get("/")
    assert response.status_code == 200
    assert response.json() == {"message": "Hello, FastAPI!"}

# Run test
# pytest test_main.py


##### **🔍 Explanation :**  

- TestClient(app) simulates an HTTP client to test your FastAPI app.
- client.get("/") sends a GET request to the / route.
- Assertions check both:
- the status code,
- and the JSON response content.

In [None]:
#  Testing POST Routes with Input Validation
# main.py
from fastapi import FastAPI
from pydantic import BaseModel, EmailStr

app = FastAPI()

class User(BaseModel):
    name: str
    email: EmailStr
    age: int

@app.post("/users/")
def create_user(user: User):
    return {"name": user.name, "email": user.email, "age": user.age}


In [None]:
# test_main.py
from fastapi.testclient import TestClient
from main import app

client = TestClient(app)

def test_create_user_success():
    response = client.post(
        "/users/",
        json={"name": "Alice", "email": "alice@example.com", "age": 25}
    )
    assert response.status_code == 200
    assert response.json() == {
        "name": "Alice",
        "email": "alice@example.com",
        "age": 25
    }

def test_create_user_invalid_email():
    response = client.post(
        "/users/",
        json={"name": "Bob", "email": "not-an-email", "age": 30}
    )
    assert response.status_code == 422  # Unprocessable Entity

def test_create_user_missing_field():
    response = client.post(
        "/users/",
        json={"name": "Charlie", "email": "charlie@example.com"}  # missing age
    )
    assert response.status_code == 422


#### **step-7 File Uploads and Static File Serving**

##### **7.1 FastAPI supports file uploads**
- `File(...):` Reads the whole file into memory (not recommended for large files).
- `UploadFile:` A file-like object that supports streaming, metadata access, and is memory efficient.

In [None]:
# Upload a Single File, save it in RAM
from fastapi import FastAPI, File, UploadFile
from fastapi.responses import JSONResponse

app = FastAPI()

@app.post("/uploadfile/")
async def upload_file(file: UploadFile = File(...)):
    contents = await file.read()  # ⚠️ Reads entire file into memory
    return {
        "filename": file.filename,
        "content_type": file.content_type,
        "size": len(contents)
    }

# curl -X POST http://127.0.0.1:8000/uploadfile/ -H "accept: application/json" -H "Content-Type: multipart/form-data" -F "file=@setup.txt"


In [None]:
# Upload Multiple Files, Save it in Disk
from fastapi import FastAPI, File, UploadFile
from fastapi.responses import JSONResponse

app = FastAPI()

@app.post("/uploadfile/save")
async def upload_file(file: UploadFile = File(...)):
    file_location = f"{file.filename}"
    with open(file_location, "wb") as f:
        content = await file.read()
        f.write(content)
    return {"info": f"File saved at {file_location}"}

# curl -X POST http://127.0.0.1:8000/uploadfile/save -H "accept: application/json" -H "Content-Type: multipart/form-data" -F "file=@setup.txt"


In [None]:
# Upload Multiple Files
from fastapi import FastAPI, File, UploadFile
from fastapi.responses import JSONResponse
from typing import List

app = FastAPI()

@app.post("/uploadfiles/")
async def upload_multiple_files(files: List[UploadFile] = File(...)):
    saved_files = []
    for file in files:
        file_location = file.filename
        with open(file_location, "wb") as f:
            content = await file.read()  # Read file content
            f.write(content)            # Save to disk
        saved_files.append(file.filename)

    return {"saved_files": saved_files}

# curl -X POST "http://127.0.0.1:8000/uploadfiles/" H "accept: application/json" -H "Content-Type: multipart/form-data" -F "files=@setupp.txt"


##### **7.2 File Serving**

File serving is the process of making file (Images, PDF's, Videos, Documents, static HTML..etc.) `available to be downloaded or accessed` vai HTTP endpoints.

It's different from file uploading (where a client sends a file to the server). `In file serving, the server sends a file to the client when they make a request`.

In [None]:
from fastapi import FastAPI
from fastapi.responses import FileResponse

app = FastAPI()

@app.get("/download/")
def download_file():
    return FileResponse("index.html", media_type="text/html", filename="report.html")

# curl -O http://127.0.0.1:8000/download/              --> This will download the file with the name "download.html"
# curl -OJ http://127.0.0.1:8000/download/             --> This will download the file with the name "report.html"
# curl -i -X GET http://127.0.0.1:8000/download/       --> This will show the headers and the response
# curl http://127.0.0.1:8000/download/ -o myfile.pdf   --> This will download the file with the name "myfile.pdf"(Custom Filename)

#### **Step-8 Streaming in FastAPI**

Streaming allows the server to send data to the client in chunks rather than waiting to build the entire response.  
- Large Files or Data sets
- Real-time data feeds (eg: logs, events)
- Avoiding memory overload for huge responses

In [None]:
from fastapi import FastAPI
from fastapi.responses import StreamingResponse
import time

app = FastAPI()

def generate_logs():
    for i in range(10):
        yield f"Log line {i}\n"
        time.sleep(1)  # Simulate a delay

@app.get("/stream-logs/")
def get_logs():
    return StreamingResponse(generate_logs(), media_type="text/plain")

# curl http://127.0.0.1:8000/stream-logs/

##### **Real-World Use Cases**
- Chat response generation (LLM tokens)
- Video/audio streaming
- File download in chunks
- Server-sent events (SSE)
- Long-running tasks with live feedback

##### **Web Socket Connection**

**What Is a WebSocket?**

Unlike HTTP (request-response), `WebSockets allow persistent, bidirectional communication`.

ideal for: 
- Real-time chat apps 💬
- Live notifications 🔔
- Dashboards 📊
- Multiplayer games 🎮
- Collaborative tools 🧑‍🤝‍🧑

In [None]:
from fastapi import FastAPI, WebSocket
from fastapi.responses import HTMLResponse

app = FastAPI()

@app.get("/")
async def get():
    return HTMLResponse("""
        <html>
            <body>
                <h2>WebSocket Test</h2>
                <button onclick="connectWS()">Connect</button>
                <input id="messageInput" />
                <button onclick="sendMessage()">Send</button>
                <ul id="messages"></ul>
                <script>
                    let ws;
                    function connectWS() {
                        ws = new WebSocket("ws://localhost:8000/ws");
                        ws.onmessage = function(event) {
                            const messages = document.getElementById("messages");
                            const li = document.createElement("li");
                            li.textContent = "Server: " + event.data;
                            messages.appendChild(li);
                        };
                    }
                    function sendMessage() {
                        const input = document.getElementById("messageInput");
                        ws.send(input.value);
                    }
                </script>
            </body>
        </html>
    """)

@app.websocket("/ws")
async def websocket_endpoint(websoc: WebSocket):
    await websoc.accept()
    while True:
        data = await websoc.receive_text()
        await websoc.send_text(f"Message text was: {data}")

# curl -X GET http://127.0.0.1:8000/
# Open the browser and click on the Connect button to establish a WebSocket connection.


- File uploads & Static file serving
• WebSockets support
• Rate-limiting & throttling
• Caching & pagination
• Dependency scopes & sub-applications
• Security scopes (OAuth2 scopes)
• Database integrations (SQLAlchemy, Tortoise, etc.)
• Advanced error handling & custom exception handlers
• API versioning strategies
• Dockerizing & deployment pipelines
• Monitoring, logging & metrics (Prometheus, OpenTelemetry)
• GraphQL & gRPC integrations
• CI/CD with pytest, coverage, linting