# Building Web APIs with FastAPI

Web applications communicate through APIs—structured interfaces that allow different software systems to exchange data. When a mobile app displays weather information or a website shows user profiles, these interactions happen through API calls. FastAPI provides a straightforward path to building these communication bridges in Python.

## Understanding Web APIs

An API (Application Programming Interface) acts as a waiter in a restaurant. The waiter takes your order (request), communicates it to the kitchen (server), and brings back your food (response). Similarly, APIs receive requests from client applications, process them, and return the requested information or confirm that an action has been completed.

Consider a weather application on your phone. When you open it, the app sends a request to a weather service API asking for current conditions in your location. The API processes this request, retrieves the weather data, and sends it back to your app, which then displays it in a user-friendly format.

## Setting Up Your Development Environment

Before writing your first API, you need to install FastAPI and its supporting tools. Open your terminal and run these commands:

```bash
pip install "fastapi[standard]" 
pip install pydantic-ai
```

The first command installs FastAPI along with all standard dependencies needed for API development, including a development server that will run your code. The second command adds support for AI-powered features, which we'll explore later in this chapter.

## Your First FastAPI Application

Every FastAPI application starts with importing the framework and creating an application instance. Here's the simplest possible API:

```python
from fastapi import FastAPI

app = FastAPI()

@app.get("/")
def read_root():
    return {"message": "Hello World"}
```

This code creates a web service that responds to requests. Breaking it down:

The first line imports the FastAPI class from the fastapi package. This class contains all the functionality needed to build your API.

The second line creates an instance of FastAPI called `app`. This instance represents your entire web application and will handle all incoming requests.

The `@app.get("/")` line is a decorator—a special Python feature that modifies the function below it. This decorator tells FastAPI that when someone accesses the root URL of your API using a GET request, it should run the `read_root` function.

The function itself simply returns a Python dictionary. FastAPI automatically converts this dictionary into JSON format, the standard data format for web APIs.

### Running Your API

Save the code above in a file called `main.py`. To start your API server, run:

```bash
fastapi dev main.py
```

Your terminal will display several messages, ending with something like "Uvicorn running on http://127.0.0.1:8000". This means your API is now running and waiting for requests. Open a web browser and navigate to `http://127.0.0.1:8000`. You'll see:

```json
{"message": "Hello World"}
```

The development server watches your code for changes. When you modify and save `main.py`, the server automatically restarts with your updates—no need to stop and restart manually.

## Understanding HTTP Status Codes

When APIs respond to requests, they include status codes—three-digit numbers that indicate whether the request succeeded or failed, and why. These codes follow a standard pattern:

Codes starting with 2 indicate success. The most common is 200 (OK), which means the request was processed successfully. When creating new resources, APIs often return 201 (Created).

Codes starting with 4 indicate client errors—problems with the request itself. A 400 (Bad Request) means the data sent was invalid or malformed. A 404 (Not Found) means the requested resource doesn't exist.

Codes starting with 5 indicate server errors—the request was valid, but something went wrong on the server. The generic 500 (Internal Server Error) signals an unexpected problem during processing.

FastAPI automatically sets appropriate status codes for most situations, but you can also specify them explicitly when needed.

## Working with Different HTTP Methods

APIs use different HTTP methods to indicate what action should be performed:

GET retrieves information without modifying anything. Reading a user's profile uses GET.

POST creates new resources. Submitting a registration form uses POST.

PUT replaces an entire resource with new data. Updating all fields of a user profile uses PUT.

PATCH modifies specific parts of a resource. Changing just a user's email address uses PATCH.

DELETE removes resources. Deleting a user account uses DELETE.

## Building Multiple Endpoints

Real APIs have multiple endpoints, each handling different types of requests:

```python
from fastapi import FastAPI

app = FastAPI()

@app.get("/")
def read_root():
    return {"message": "API Root Endpoint"}

@app.get("/health")
def health_check():
    return {"status": "operational", "timestamp": "2024-01-01T00:00:00Z"}

@app.get("/users")
def get_users():
    return {"users": ["Alice", "Bob", "Charlie"], "count": 3}

@app.get("/about")
def about():
    return {
        "application": "FastAPI Service",
        "version": "1.0.0",
        "api_version": "v1"
    }
```

Each endpoint serves a specific purpose. The `/health` endpoint lets monitoring systems check if your API is running. The `/users` endpoint returns user data. The `/about` endpoint provides information about the API itself.

## Dynamic URLs with Path Parameters

Often, you need endpoints that can handle different values. Path parameters make URLs dynamic:

```python
from fastapi import FastAPI

app = FastAPI()

@app.get("/users/{user_id}")
def get_user(user_id: int):
    return {"user_id": user_id, "status": "active"}

@app.get("/items/{item_id}")
def get_item(item_id: str):
    return {"item_id": item_id, "category": "electronics"}
```

The curly braces `{}` in the path create a placeholder. When someone requests `/users/42`, FastAPI extracts `42` and passes it to your function as the `user_id` parameter.

Notice the type hint `user_id: int`. This tells FastAPI to convert the value to an integer. If someone requests `/users/abc`, FastAPI automatically returns an error because "abc" cannot be converted to an integer. This automatic validation saves you from writing error-checking code.

## Query Parameters for Optional Data

While path parameters are part of the URL structure, query parameters appear after a question mark and provide optional information:

```python
from fastapi import FastAPI, Query
from typing import Optional

app = FastAPI()

fake_items = [
    {"name": "Laptop", "price": 1000, "category": "electronics"},
    {"name": "Phone", "price": 500, "category": "electronics"},
    {"name": "Tablet", "price": 300, "category": "electronics"},
    {"name": "Watch", "price": 200, "category": "accessories"}
]

@app.get("/items")
def get_items(
    limit: int = Query(default=10, ge=1, le=100),
    min_price: int = Query(default=0, ge=0),
    search: Optional[str] = None
):
    # Apply price filtering
    filtered_items = [item for item in fake_items if item["price"] >= min_price]
    
    # Apply search filtering if search term provided
    if search:
        filtered_items = [
            item for item in filtered_items 
            if search.lower() in item["name"].lower()
        ]
    
    # Apply pagination limit
    return {
        "items": filtered_items[:limit],
        "total_count": len(filtered_items),
        "returned_count": min(limit, len(filtered_items))
    }
```

Users can now request `/items?limit=5&min_price=300&search=phone` to get filtered results. The Query function adds validation rules: `ge` means "greater than or equal to" and `le` means "less than or equal to". These constraints ensure the limit stays between 1 and 100, preventing users from requesting excessive amounts of data.

## Validating Request Data with Pydantic

When clients send data to your API (like when creating a new user), you need to validate that data. Pydantic models define the expected structure:

```python
from fastapi import FastAPI
from pydantic import BaseModel, Field, EmailStr
from typing import List

app = FastAPI()

class User(BaseModel):
    name: str = Field(..., min_length=1, max_length=100)
    email: EmailStr
    age: int = Field(..., ge=0, le=120)

# In-memory storage
users_database: List[User] = []

@app.post("/users", status_code=201)
def create_user(user: User):
    users_database.append(user)
    return {"message": "User created successfully", "user_id": len(users_database)}

@app.get("/users")
def list_users():
    return {"users": users_database, "total": len(users_database)}
```

The `User` class inherits from `BaseModel`, making it a Pydantic model. Each field has a type and optional validation rules. The `EmailStr` type automatically validates email addresses. The `Field` function adds constraints like minimum length for names and valid age ranges.

When someone sends a POST request to `/users` with JSON data, FastAPI automatically validates it against the User model. Invalid data triggers an automatic error response with details about what's wrong.

## Handling Errors Gracefully

Sometimes you need to return specific error messages. FastAPI's HTTPException makes this straightforward:

```python
from fastapi import FastAPI, HTTPException

app = FastAPI()

@app.get("/divide/{numerator}/{denominator}")
def divide_numbers(numerator: float, denominator: float):
    if denominator == 0:
        raise HTTPException(
            status_code=400,
            detail="Division by zero is undefined"
        )
    return {
        "numerator": numerator,
        "denominator": denominator,
        "result": numerator / denominator
    }
```

Raising an HTTPException immediately stops execution and returns an error response with your specified status code and message. This keeps your error handling clean and consistent.

## Managing Configuration with Environment Variables

Production applications shouldn't have sensitive information like API keys or database passwords in the code. Environment variables provide a secure alternative:

```bash
pip install pydantic-settings
```

Create a file named `.env` in your project directory:

```
APP_NAME=Production API Service
DEBUG=false
API_KEY=sk-prod-key-123456789
DATABASE_URL=postgresql://user:pass@localhost/db
```

Now create a settings module to load these values:

```python
from pydantic_settings import BaseSettings

class Settings(BaseSettings):
    app_name: str = "Default API Service"
    debug: bool = False
    api_key: str = ""
    database_url: str = ""

    class Config:
        env_file = ".env"
        env_file_encoding = "utf-8"

# Create a single settings instance
settings = Settings()
```

Use these settings throughout your application:

```python
from fastapi import FastAPI, Depends
from functools import lru_cache

@lru_cache()
def get_settings():
    return Settings()

app = FastAPI(title=settings.app_name, debug=settings.debug)

@app.get("/config")
def get_configuration(settings: Settings = Depends(get_settings)):
    return {
        "application_name": settings.app_name,
        "debug_mode": settings.debug,
        "api_configured": bool(settings.api_key)
    }
```

The `@lru_cache()` decorator ensures the settings file is read only once, improving performance. The `Depends` function injects the settings into your endpoint functions when needed.

## Building an AI-Powered Image Analysis API

Modern APIs often integrate AI capabilities. This example creates an API that analyzes images to determine if they contain receipts:

```python
from fastapi import FastAPI, File, UploadFile, HTTPException
from pydantic import BaseModel, Field
from pydantic_settings import BaseSettings
from pydantic_ai import Agent, BinaryContent
from pydantic_ai.models.openai import OpenAIChatModel
from pydantic_ai.providers.openai import OpenAIProvider
from typing import Optional, List
import logging

# Set up logging to track what happens
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)

class Settings(BaseSettings):
    openai_api_key: str
    model_name: str = "gpt-4o-mini"
    max_file_size: int = 10_485_760  # 10MB in bytes

    class Config:
        env_file = ".env"

class ReceiptAnalysis(BaseModel):
    is_receipt: bool = Field(
        ...,
        description="Boolean indicator of receipt classification"
    )
    reasoning: str = Field(
        ...,
        min_length=10,
        description="Detailed analysis justification"
    )
```

The settings load your OpenAI API key from environment variables, keeping it secure. The `ReceiptAnalysis` model defines the structure of the AI's response, ensuring consistent output format.

```python
# Initialize configuration
app = FastAPI(title="Receipt Detection API")

@app.post("/analyze-receipt", response_model=ReceiptAnalysis)
def analyze_receipt(file: UploadFile = File(...)):
    # VERY BASIC implementation wihtout guardrails!
    # ASK ME ABOUT THIS!!!
    content = await file.read()

    try:
        # Send the image to the AI for analysis
        result = await receipt_agent.run(
            [
                "Analyze this image and determine if it represents a receipt",
                BinaryContent(data=content, media_type=file.content_type)
            ],
            output_type=ReceiptAnalysis
        )
        
        logger.info(f"Successfully processed image: {file.filename}")
        return result.output
        
    
```

This endpoint accepts image uploads

## Testing Your API

FastAPI automatically generates interactive documentation for your API. Navigate to `http://127.0.0.1:8000/docs` while your server is running. This interface lets you test endpoints directly from your browser, upload files, and see responses—invaluable during development.

For the receipt detection API, you can test with a simple Python script:

# Your SAGE3 example should include a curl command instead.

```python
import requests

# Test the API with an image file
with open("receipt.jpg", "rb") as f:
    response = requests.post(
        "http://127.0.0.1:8000/analyze-receipt",
        files={"file": ("receipt.jpg", f, "image/jpeg")}
    )

print(response.json())
```

## Key Principles for API Development

**Validate Everything**: Use Pydantic models to validate both incoming requests and outgoing responses. This catches errors early and provides clear error messages to API users.

**Handle Errors Explicitly**: Return appropriate HTTP status codes and descriptive error messages. Users of your API need to understand what went wrong and how to fix it.

**Keep Secrets Secret**: Never hardcode passwords, API keys, or other sensitive data in your code. Use environment variables and configuration files that aren't tracked by version control.

**Log Important Events**: Record significant actions and errors. Logs help you understand what happened when something goes wrong in production.

**Set Reasonable Limits**: Validate file sizes, string lengths, and numeric ranges. This prevents abuse and ensures your API remains responsive.

**Use Async When Appropriate**: For operations that wait on external resources (like databases or AI services), use async functions to handle multiple requests efficiently.

**Document Automatically**: FastAPI generates OpenAPI documentation from your code. Add descriptions to your models and endpoints to make this documentation more helpful.

