Chapter 7: Managing Authentication and Security in FastAPI
Most of the time, you don't want everyone on the internet to have access to your API, without any restrictions on the data they can create or read. That's why you'll need to at least protect your application with a private token or have a proper authentication system to manage rights per user. In this chapter, we'll see that FastAPI provides security dependencies to help us retrieve credentials following different standards that are directly integrated into the automatic documentation. We'll also build a basic user registration and authentication system to secure our API endpoints.
Finally, we'll cover security challenges you must tackle when you want to call your API from a web application in a browser – in particular, CORS and CSRF attacks.
In this chapter, we're going to cover the following main topics:
- Security dependencies in FastAPI
- Retrieving a user and generating...