5 Things we've learned building large APIs with FastAPI

Transcript

1. 5 Things we've learned building large APIs with FastAPI @

   InvestSuite Maarten Huijsmans

2. My last public presentation … in primary school

3. @lukin0110 Who am I? Maarten Huijsmans Python Developer @ InvestSuite

   twitter/lukin0110 github.com/lukin0110 linkedin.com/in/mhuijsmans

4. A suite of modern wealthtech solutions Built with Python and

   FastAPI Wealthtech as a service investsuite.com

5. @lukin0110 • Relatively new python web framework • Built on

   top of Starlette (ASGI) • 43.8k Github stars • Created by Sebastián Ramirez (@tiangolo) • Excellent documentation ❤ https://fastapi.tiangolo.com/

6. 5 Things we've learned building large APIs with FastAPI @lukin0110

   I assume that you’re familiar with: • The basics of FastAPI • Pydantic • Web / API development • Python 😎 Assumptions

7. 5 Things we've learned building large APIs with FastAPI @lukin0110

   1. 🥳 Minimizing the global state with dependency injection 2. 󰟜 Reducing the complexity of testing a FastAPI app 3. 😎 Pitfalls of async Python/FastAPI 4. 🔐 Supporting multiple authentication schemes 5. 💾 Modelling the relations between patch, response and database models Goal of the next 30 minutes

8. Minimizing the global state with dependency injection 🥳 5 Things

   we've learned building large APIs with FastAPI

9. 🥳 1. Minimizing the global state with dependency injection Global

   state, que?

10. 🥳 1. Minimizing the global state with dependency injection

11. 🥳 1. Minimizing the global state with dependency injection •

    Generally bad practice • You easily end up there because FastAPI itself lives in the global state • Hard to patch in unit tests Global state, que?

12. 🥳 1. Minimizing the global state with dependency injection Idea?

    Avoid global state

13. 🥳 1. Minimizing the global state with dependency injection Inject

    state with Depends

14. 🥳 1. Minimizing the global state with dependency injection Make

    injected state configurable & reusable

15. Reducing the complexity of testing a FastAPI app 󰟜 5

    Things we've learned building large APIs with FastAPI

16. 󰟜 2. Reducing the complexity of testing a FastAPI app

    See the previous learning 󰤇 Reduce/avoid the global state. It will make you happy 😎 Lesson learned

17. 󰟜 2. Reducing the complexity of testing a FastAPI app

    • Override configs • Mock/patch functions • Setup a TestClient Things to deal with when testing an API …

18. 󰟜 2. Reducing the complexity of testing a FastAPI app

19. 󰟜 2. Reducing the complexity of testing a FastAPI app

    Use BaseSettings to centralize app config

20. 󰟜 2. Reducing the complexity of testing a FastAPI app

    Override dependencies

21. 󰟜 2. Reducing the complexity of testing a FastAPI app

    Pure python classes / functions • Forces you to not rely directly on environment variables • Dependencies are cached • Endpoints can be lightweight wrappers around business logic

22. Pitfalls of async Python/FastAPI 😎 5 Things we've learned building

    large APIs with FastAPI

23. 😎 3. Pitfalls of async Python/FastAPI • asyncio is not

    as easy as it looks like • GIL: Global Interpreter Lock • “Sync” libraries Async python is an event loop. A single-thread in a single-process. The pitfalls

24. 😎 3. Pitfalls of async Python/FastAPI Blocking code Solution!

25. 😎 3. Pitfalls of async Python/FastAPI Global Interpreter Lock and

    CPU-Blocking

26. 😎 3. Pitfalls of async Python/FastAPI Async python Async python

27. 😎 3. Pitfalls of async Python/FastAPI • A lot of

    python libraries are not asyncio compatible. Or not battle tested. • You easily end up with a blocking application. Not always clear what is blocking it in a large codebase. Lessons learned

28. 😎 3. Pitfalls of async Python/FastAPI • Remove all `async`

    prefixes => application becomes multi-threaded • Offloading CPU-bound operations to: ◦ a ProcessPoolExecutor => moves GIL troubles to another process and FastAPI remains responsive ◦ AWS Lambda => multi-process by default ◦ Queuing systems (RabbitMQ, Redis, Kafka, etc) and process asynchronously on another server. What can you do …

29. 😎 3. Pitfalls of async Python/FastAPI https://fastapi.tiangolo.com/async/ Read the documentation

    carefully

30. Supporting multiple authentication schemes 🔐 5 Things we've learned building

    large APIs with FastAPI

31. 🔐 4. Supporting multiple authentication schemes Be able to support

    2 different auth schemes at the same time. • JWT • API Keys Want did we want

32. 🔐 4. Supporting multiple authentication schemes • Provides a lot

    of utilities ◦ For API Keys, Basic Auth, Oauth2, … • Utilities integrate very well with OpenAPI specs and Swagger/Redoc • Extensive documentation • Various code samples FastAPI & Security

33. 🔐 4. Supporting multiple authentication schemes • Not with batteries

    included • Actual implementation/integration of flows you need to do yourself • FastAPI auth is different from Starlette auth Things to keep in mind

34. 🔐 4. Supporting multiple authentication schemes Middleware based (Starlette) Dependency

    based (FastAPI)

35. 🔐 4. Supporting multiple authentication schemes

36. 🔐 4. Supporting multiple authentication schemes A simple solution auto_error=False

    However… • Need to repeat this on every endpoint. • If you specify it on router level you don’t have access to a user anymore.

37. 🔐 4. Supporting multiple authentication schemes Maybe a middleware approach

    is better suited for authentication. • Decouple auth schemes from routers/views. • User is available on the request object. • Flexibility at router level to decide which schemes to use. Lessons learned

38. Modelling the relations between patch, response and database models 💾

    5 Things we've learned building large APIs with FastAPI

39. 💾 5. Modelling the relations between patch, response and database

    models • Automatic type checking • Validation of input and output models out of the box • Generates beautiful documentation. OpenAPI, Swagger, & ReDoc FastAPI + Pydantic = Powerful 🚀

40. 💾 5. Modelling the relations between patch, response and database

    models http://localhost:8000/docs

41. 💾 5. Modelling the relations between patch, response and database

    models 1. Used inheritance to define patch, response and DB models 2. Fully documented our DB models 3. Exposed a subset of each DB model in the API How did we build CRUD APIs?

42. 💾 5. Modelling the relations between patch, response and database

    models Patch Model ⊆ Response Model ⊆ DB Model

43. 💾 5. Modelling the relations between patch, response and database

    models

44. 💾 5. Modelling the relations between patch, response and database

    models • DB models are hard to read in code • Hard to change an API contract without a DB migration 󰤇 • Hard to change a DB model without breaking the API contract However, some lessons learned here 🤯

45. 💾 5. Modelling the relations between patch, response and database

    models • Investigating decoupling DB models from API models 😎 • Investigating “Annotated” fields to reuse documentation Next steps

46. 💾 5. Modelling the relations between patch, response and database

    models Annotated Experimental 🤓

47. Thanks for your patience 🤓 Questions? twitter/lukin0110 github.com/lukin0110 linkedin.com/in/mhuijsmans [email protected]