Security dependencies in FastAPI
To protect a REST API and, more generally, HTTP endpoints, lots of standards have been proposed. Here is a non-exhaustive list of the most common ones:
- Basic HTTP authentication: In this scheme, user credentials (usually, an identifier such as an email address and password) are put into an HTTP header called
Authorization
. The value consists of theBasic
keyword, followed by the user credentials encoded inBase64
. This is a very simple scheme to implement but not very secure since the password appears in every request. - Cookies: Cookies are a useful way to store static data on the client side, usually on web browsers, that is sent in each request to the server. Typically, a cookie can contain a session token that can be verified by the server and linked to a specific user.
- Tokens in the
Authorization
header: Probably the most used header in a REST API context, this simply consists of sending a token in an HTTPAuthorization
header. The...