4 Tips for Building a Production-Ready FastAPI Backend
Vložit
- čas přidán 27. 07. 2024
- In this video, I’ll talk about 4 things that you typically won’t find in most FastAPI tutorials online. These tips are really useful, especially if you want to create a backend that’s used in a production setting.
➡️ Get started with Pulumi: www.pulumi.com/?...
🐱💻 GitHub repository: git.arjan.codes/2023/fastapi-...
✍🏻 Take a quiz on this topic: www.learntail.com/quiz/evzgkb
💻 ArjanCodes Blog: www.arjancodes.com/blog
🎓 Courses:
The Software Designer Mindset: www.arjancodes.com/mindset
The Software Architect Mindset: Pre-register now! www.arjancodes.com/architect
Next Level Python: Become a Python Expert: www.arjancodes.com/next-level...
The 30-Day Design Challenge: www.arjancodes.com/30ddc
🛒 GEAR & RECOMMENDED BOOKS: kit.co/arjancodes.
👍 If you enjoyed this content, give this video a like. If you want to watch more of my upcoming videos, consider subscribing to my channel!
Social channels:
💬 Discord: discord.arjan.codes
🐦Twitter: / arjancodes
🌍LinkedIn: / arjancodes
🕵Facebook: / arjancodes
📱Instagram: / arjancodes
♪ Tiktok: / arjancodes
👀 Code reviewers:
- Yoriz
- Ryan Laursen
- Dale Hagglund
🎥 Video edited by Mark Bacskai: / bacskaimark
🔖 Chapters:
0:00 Intro
1:57 #1 Split into separate routers
5:22 #2 Move operations out of the endpoint functions
15:58 #3 Optimize the way you deploy your application
22:51 #4 Control access
26:00 Final thoughts
#arjancodes #softwaredesign #python
DISCLAIMER - The links in this description might be affiliate links. If you purchase a product or service through one of those links, I may receive a small commission. There is no additional charge to you. Thanks for supporting my channel so I can continue to provide you with free content each week!
Get started with Pulumi: www.pulumi.com/?
Hey, Arjan it's been a while now following your design guide videos. But the real problem is that, is it good to place more than one class in a single file, I have been coding in PHP where every class takes its own file, the code is simple to refactor in that way. What are thoughts i python?
Here's my vote for a oauth flow video, thanks for this one!
Yes please!
Oauth flow video it s a great idea
My vote, too!
Me 4. Also single sign'n. Please with a cherry on the top? 🍒
In the router, you can use response_model (which takes a pydantic model you define), and then when you return the database item, FastAPI does the JSON conversion for you.
Quick tip 💡Always declare functions used by Depends(...) as async. FastAPI runs synchronous dependencies in a separate thread with asyncio.to_thread, which considerably slows down your application when the request rate is high due to the overhead of spawning a new thread!
Nice! Thanks for the tip!
That's good to know!
Yeah but now, this is what we call premature optimization..
You should only use async if you understand async and know that it's right. If you put it on a CPU-blocking function, it'll block your event loop.
FastAPI has great docs on this to learn, but if you DON'T know what async is, it's safer to not use it
Not a good tip because you didn't explain when not to do it! Only declare dependencies as async if they don't make synchronous connections. If you have a synchronous call inside the dependency, you want it running in the thread pool! So don't declare it as async! In fact if you don't know what you're doing, you're better off making them all NOT async because then you're guaranteed to not break things.
Would love to see an authentication flow for FastAPI tutorial !
Yes, OAuth flow video please!
OAuth flow video will be great! Thanks for all your crème de la crème content.
Thanks Arjan. I like that you always set up more complete example projects and talk about the real-world use cases and considerations. Security is an important aspect that is not easily understood so an Oauth/JWT vid would be cool.
I'd love videos that address scalability, multi-tenant architecture and caching strategies for applications that work with larger amounts of data in the backend - like when there is a time series and maybe some complicated statistical computation retrieved from a database. I find that too many tutorials focus on the eCommerce bubble or - if they deal with more complicated data structures - they focus on the presentation layer. For example, I would love to see how you design a backend for the plotly/Dash dashboards that can handle large amounts of data.
Been working on a CLI to scaffold out my microservice architecture, defaulting to FastAPI-based services.
I’m glad to see I’m on the right track. There were definitely a few points I will start implementing from now on.
Good on pulumi to sponsor this video. Just recently stumbled on this channel and it’s really good. I’ll definitely be giving a pulumi a try very soon
The FastAPI videos are awesome! One thing I haven't found much at all about and I find myself frustrated with a lot is setting up FastAPI with SQLModel using more complex databases with many-to-many relationships and properly using TYPE_CHECKING and other things to avoid circular imports when breaking the application into separate components. A video covering this would be GREATLY appreciated! Thanks again for all the work you do!
7:32, one remark:
- instead of doing **db_item.__dict__, you can do model_validate(_json) to "cast" the (I surmise) SQLAlchemy object from the db to your Pydantic type. (Assuming you are using Pydantic >2, otherwise you can do .from_orm)
I also see patterns where you inject a db and pass it to the crud method quite often. Why not define a db interface, create a class that implements that IF and construct/use it here? e.g. db.read_item(item_id). You could still use dependency injection and also completely change the impelmentation, as long as you adhere to the interface. Curious to hear your thoughts on it.
@@superjcvd that’s a nice feature yes. However, I think it’s more readable when the conversion is explicit. It also creates clear separation, as I want nothing to do with sqlalchemy types outside of my crud
One small correction (if I dare say) to 4:22, fastAPI does care how you name your functions when you enable swagger coz your function sort of become the description of the API endpoint.
Love your videos btw
The video I have been waiting for!! Thanks Arjan
I'm glad you enjoyed the video!
Hi Arjan, thanks for the grest video. I also think that having a look at SQLModel makes sense. Both FastAPI and SQLModel where created by Sebastian Ramirez amd the purpose of SQLModel is exactly to not have to struggle with Pydantic models and sqlalchemy (database mmodels). An SQLModel class inherits bith from pydantic and sqlalchemy. So you would have only one Item object in the project.
Hi thanks for this excellent video. A video on the folder structure of a fastapi project would be great. Thank you for your Fastapi videos, they help me make progress.
Was looking for this yesterday! thank you
Enjoy! ;)
Love your content as always Arjan. Can you do a video about how to implement multi-tenancy in fast-api, especially regarding the difference in services each tenant wil use? So which folder stucture and which design patterns for difference in price calculation or language etc. Might be a nice challenge for an architect like you ;)
This was great! Thanks!
I really really want to see how you would approach this same example, but using SQLModel, which integrates FastAPI and sqlalchemy
I really appreciate the fastapi content. :)
Another great video Arjan!
Glad you enjoyed the video!
Great video, very helpful! Thank you Arjan!
Very interested in a video on setting up OAuth (specifically behind a corporate VPN) or asynchronous task queues (e.g., with Celery and Flower).
Very insightful video as always Arjan
I'm glad you enjoyed the content!
Great video!!! Loved all the tips on structuring a not-example project. I am really used to Django, which helps enforcing the structure; but it's absolutely true that no other FastAPI tutorial online tells where to put parts.
I'm glad you enjoyed the video!
Is there a specific reason you used __dict__ instead of, e.g. pydantic 2’s model_dump (to_dict in v1)? I see its a neat quick solution but for prod would probably do it more explicitly to not run knto issues when changing Item or DBItems properties.
PS: Another excellent video and nice demo of orm and iaas in action with good tips! Two very crucial things in SWE, which often have to be acquired on the job, so tutorials like these are much appreciated. My suggestion for pt2: authentication and semver/automatic version bumping
Tests are the best, ship with confidence.
less than 3 minutes into the video I've learned something new :)
Thanks!
I'm really glad you learned something new!
Wow what a nice tutorial. The automation part is definitely what I've been looking for. I have a webscraper built using selenium and it's meant to be used by multiple users at a time. I think I'll try this pulumi method. Looks similar to what apify does
Thanks a lot Arjan, what took me 1+ year to figure out at my work with trial and error, you summed up in sub 30 min hahahah
I'm glad the video was helpful!
thank you sir, it was very helpful.
I'm glad you found it helpful!
Thank you for the video. Since you are using deploy to the cloud, you can use a service mesh for rate limiting.
Slight remark, Update with PUT HTTP method should contain the full object in the request (Not optional). If you're want individual field update, you should opt for PATCH
Great video. My vote for the authentication follow-up!
@ArjanCodes Nice 😊 Video.
Question: How the limiter works to keep the persistence in a distributed environment like Cloud Run, just by pressing F5 we can swap from one instance to another…
This is very useful. I am trying to figure out how to use sqlmodel and fastapi together in the neatest possible way. One thing I find weird is creating multiple classes for what seems like the same thing. For example, a pydantic base model plus a sqlmodel. And then separate classes for the CRUD functionality. I see people do this in different way, and would like to know if there is a "correct" way of doing it.
4:30: wrt naming the functions, I’d just use “delete”, “add” and “update”. The context makes it clear what things we’re performing those operations on. And then you don’t have items.delete_items but the nicer items.delete.
Some time ago you did perfect video about 'routing testing' but in this video you add 'rate limitation'.
How should we test 'rate limitation'?
I also vote for video about OAuth.
Thank you for this video
Thank you for the support!
nit: there's a lot of unnecessary memory usage. Creating dictionaries solely for the sake of using kwargs doubles the memory per resource. Would recommend: a.) explicitly passing the arguments - more typing but better runtime performance b.) creating or using an existing factory method like from_orm - don't love the coupling here though, or c.) use transformer functions - a function that accepts, for example, a DBItem and returns an Item and this function's inverse. There's a small overhead to the call stack, but uses pass by reference so no doubling memory consumption per resource and now there's is a well defined, singular place to manage the relationship between the two objects.
Hi, awesome video. I would definitely like to see an in-depth video about an authentication flow, hierarchy management of permissions of more than one service, etc.
In addition, I would like to see some sort of an example of multiple services that use an auth service (I just hope this is not too much to ask :D)
Great video as usual ! I think how to build a production ready application is missing from the most tutorials of most tools.
What I've found particularly challenging with async programming and python (using Sanic not FastAPI), is that unfortunately not every library supports async ops. The common wisdom is to move those blocking libraries to a different event loop/ thread and then you can use it asynchronously. The challenge here is python threading doesn't play nice with that approach. I've seen that approach leading to serious memory leaks in production.
Do you have experience with such scenarios ?
Thanks for this
Glad you enjoyed it!
Thanks your videos are by far the most intelligently crafted to the point and love your teaching skills. I have a question for you what is tge thought process for tackling any problem how are softwares built. Is it from top to bottom are from bottom to top? Suppose building a website for school should i start from a student or from school to student.
From a separation of responsibility perspective, would it not be better to have the DB dependency injection in the function dealing with application logic rather than the router function?
Authentication/authorisation would be very nice
I would highly appreciate if you will make video about nice way to implement auth in Fast API.
They have so poor way to manage role based authorization, I was shocked after .Net.
Like forget about attributes or other handy stuff, use dependency injection instead! That's sick. I thought Python is kind of modern cool language and has all topics covered in a stylish manner 😁
Recently I heard of Litestar, which does some comparable things to FastAPI. Would you mind doing a comparison video between the two?
I second this
would love to see an authentication flow video, oauth2 can send junior devs into a cave lol
I vote for the options to call C++ code for performance critical sections from python
I've been using pybind11 for this recently. And used boost before. It's not quick and not easy to wrap your head around, particularly the building of the module when you pip install.
I would love to see the production setup for FastAPI project using Docker on Virtual Machine. I mean the production Dockerfile, docker-compose. The production FastAPI code no super example, but real good example. Listed things what to do on the docker side to secure, develop FastAPI project. Listed things to do on VM how to secure your app. From ground up. Does your course cover that ? ❤
I like having an Item and then in the endpoint I add resonse_model=ItemResponse or something like that, it does it automatically for you.
Related to point 3: what is your viewpoint on serverless? Instead of using FastAPI as a framework you would use serverless services like API gateway for routing and lambda functions as your business logic. All of this can then also be defined in IaC and moved between cloud vendors to reduce vendor lock-in. I see this way of working gaining more popularity as it drastically reduces the operational overhead and also often is more cost-efficient. Certainly for applications which don't have a continuous load. Would be very interesting to get your thoughts on this!
learning fastapi and this was very helpful. just curious what font style are you using for the file explorer and the editor?
slowapi is cool, I just wish they would create types for the units. Strings are sloppy and error-prone. Something like a RateLimit class w/ args like magnitude: int, per_unit: RateLimitUnit, where RateLimitUnit is an abc or protocol w/ impls like Second, Minute, etc. would be super simple, much cleaner and extensible. Granted, an enterprise application will be running multiple app instances and capabilities like rate limiting should be delegated to an API gateway or service mesh.
Thank you....
Glad you enjoyed the video!
Please do a video about Authentication specially about it being ready for actual production. is it enough to protect my routes with Supabase etc..
Thank you, Arjan, for this very informative video! I have a question. You have moved operations out of the endpoint functions and put them in model files, just below existing models as methods. In my case, I have created files containing utils classes containing static methods that can be called inside endpoint functions. Is that a bad practice?
very nice tutorial, may i as u something?
which one is better in term of performance? fastAPI or ExpressJS?
Another vote for an oauth flow tutorial!!
OAuth2 flow in fastapi >>>>>>>>>>>>>
I wonder, at 10:10 would it be possible to use a context manager instead? Something like "with session_local() as db: yield db
Just curious, I'm learning loads from your videos!
More FastAPI videos please
Please could you do a video on an OAuth 2.0 authentication flow for microservices :)
Please do a video on auth flow!
What type of keyboard do you use in your videos? Looks like a Keychron 65%?
In general: what sort of keyboards do you use for programming? Do you guys go for mechanical gaming keyboards, ergonomic ones or just the standard ANSI layout?
Please do a video for authentication flow.
I would love to see an authentication flow for FastAPI tutorial !
🙂 From a very old school programmer from the dark ages on IBM mainframe between web/all types of terminals, etc
If you want to use high speed volume computer background things like Rusk/etc. that deal with terminals/and/or HTML
then
Python is ok, but also consider Java running as the HTML and terminal handler relative to the internet to talk to things like RUST/etc.
Let Java talk to the background RUST/C/etc. The Java classes are good performers and allow the heavy lifters to focus on the
basic high performance data sources and databases, etc. to ignore all the web/etc. display/input nonsense, html, etc.
10:00 Same here. Shouldn't the `session_local()` call also be inside the try-finally block? Looks like `yield database` cannot throw an exception by its own.
10:15 what do you think about using with statement in get_db() instead generator?
What about using a decorator to transform a database item into an item?
I've been using fastapi for several months now on an embedded sensor, after seeing one of your videos.
The thing I don't like, which is a nightmare to find how-to's on is actually a python syntax issue relating to decorators.
Globals give me the ick, especially as an ex C++ guy. So having @app.get, which requires a globally scoped app (or router) makes me very uneasy, particularly when multiple processes import this file.
Therefore i don't use the fastapi decorators and have a factory function that returns an app or router instead.
Would be interested to hear your thoughts on this.
Add a new video for the OAuth with fastapi please
Yup, please cover authentication next.
Hey, Arjan it's been a while now following your design guide videos. But the real problem is that, is it good to place more than one class in a single file, I have been coding in PHP where every class takes its own file, the code is simple to refactor in that way. What are thoughts i python?
i use sqlalchemy should i use every code in try catch to handle error most of error i return responce like i get error like datebase is down or should i handle global error
Hi Arjan,
Regarding closing a connection for each request is this best practice? if yes doesnt this introduces latency? i.e each time there is a new request first need to connect to the database and then execute the query.
He's not closing the connection only the session
@@aflous thanks for the clarity
Hi Arjan, do you provide consulting services?
I am solo developer for a small company, and I use FastAPI for the backend. Some best practices to streamline development would come in very handy.
Thanks
let's go Oauth!
I commented similarly before, but why do you inject DB sessions instead of functions or service objects implementing operations into routers?
A problem with this approach is that the routers have hard references to actual implementations of operations.
Once operations are extracted from a router, the router's responsibility is only interaction between HTTP clients and the extracted operations.
But if the router is hard-linked to implementations of the operations, it is impossible to write "unit" tests of the router for testing this responsibility.
On the other hand, if you inject implementations of operations instead, you can write the unit tests testing interaction between HTTP clients and the operations by injecting mocks of the operations.
A classic approach is injecting a service object. Or you can define an operation as a function taking a DB session as an argument, then inject a partial function created from the function and a DB session. FastAPI's DI should work for both cases.
When testing you can use app.dependency to override them with mocks and fakes. Abstract as much as you need, but not more.
Do you use or recommend any kind of queue or scheduler to go along with FastAPI? I've been debating using Celery/RabbitMQ a back-end scheduler for a API I am building. If you don't have one already would be cool subject for another video. BTW Love your channel. Cheers.
For GCP there's fastapi cloud tasks package.
FastAPI has BackgroundTasks built-in (check the docs). Otherwise Celery + Redis is a good combo.
Would it be possible to create a video of how to make an API on top of MongoDB using pymongo?
11:53 Optional is a misnomer and should be called "Nullable", providing a default value makes it optional. If you actually look at Optional all it is is typing that includes a None, and it has nothing to do with the default.
He uses it correctly. It's Optional with a default value of None, and then he filters out the Nones for the update call. Or maybe you linked to the wrong timestamp?
I generally tend to manage all business logic in the routing files, and all crud functions have separate files. Is there a better way to do it?
Well this is the better way to do it
You could introduce another layer, let's call it services that would handle the business logic. The need for it depends on the complexity. One of the benefits could be ability to tests logic without the API or API without logic.
@@MagniPL this is an interesting thought, that would decouple the business logic from the routes and could be reused for let's say create and update separately. Will definitely give it a try!
How do use session in fastapi
I'm quite new to this, but is tip #2 basically MVC philosophy?
İt is not. He talked about clean architecture partially
Probably and a S.O.L.I.D thing, for single responsibility functions.
It's layered architecture
authentication flow pleaaaaaaaaaaaaaaaaaase :)
Do auth!
Again, no authorisation. I have criticized that in the comments of every video about web applications. There is no such thing as production-ready without it. However you do not need to present the OAuth part for that. A simple basicauth with roles in a file is good enough. Older application had moved that part to the frontend web server like Apache. However in Python and FastAPI we tend to run the http server directly on a port, so we are free to run it locally or in a cloud.
Why not terraform?
best decision I made was using their AI writing service.
Biggest weakness of fastAPI is lack of stateful sessions. This means using it for anything more complicated than crud is difficult.
What about Starlette's Session Middleware? Didn't use it yet, but isn't statefull?
@@vlntsolo that's the point, it should be part of fastAPI. Stateful API is a common API scenario, but lack of support means Dev needs to find other solutions and those may not be well maintained and supported.
Also, once done, documentation becomes more complicated as different API often use different documentation. Making maintenance difficult and complicated
FastAPI does support WebSockets which are long-lived, stateful sessions. See the docs for examples.
@mateusz.radzikowski to kot
painless writing!
havnt watched in a while because of those toxic ai hype videos. Feels like the quality degraded a lot and just made to pump out a sponsored video. tip 1 & 2 basically useless. Anyone who would write a single file complex api should probably not be allowed to do so in the first place. Tip 3 is sponsorship placement. Tip 4 also useless, auth is not a "tip", its a neccessity for a produciton api. How can this be a 27 minute video, like for real?