
---

# 📂 File & Streaming Responses

> **Intent** → Efficiently return **files** and **large data streams** without loading everything into memory.

---

## 📄 File Responses

* Use when returning **static files** (PDFs, images, CSVs, docs).
* Common for **download endpoints** (`/reports/{id}/download`).
* Supports setting **filename, MIME type, headers** (e.g., `Content-Disposition`).
* Secure: ensure only **authorized users** can download.

---

## 🌊 Streaming Responses

* Send **large or continuous data** in chunks:

  * Logs
  * Event streams
  * Large CSV/JSON exports
* Prevents memory blowups → data is written as it’s read.
* Useful for **real-time APIs** (progress updates, AI model outputs).

---

## ⚙️ When to Use

* **FileResponse** → static files, on-demand exports.
* **StreamingResponse** → dynamic or big content (don’t buffer in memory).
* Combine with **generators** or **async iterators** for scalable streaming.

---

## 🔐 Security Considerations

* Validate **paths** → never expose arbitrary file access.
* Apply **auth/permissions** before sending.
* Set correct **MIME type** (avoid accidental script execution in browsers).
* Add **rate limits** for large downloads/streams.

---

## ✅ Best Practices

* Use **ETags** / `If-None-Match` for caching heavy file endpoints.
* Compress (GZip/Brotli) for text streams.
* Prefer **temporary signed URLs** for large/bulk downloads.
* Document file/stream endpoints in OpenAPI with correct media type.

---

## 🏁 Outcome

Your API delivers **files and large data safely and efficiently**, without blocking memory, while remaining **secure, scalable, and client-friendly**.

---
