Spaces:
Paused
Paused
| <html lang="en" class="no-js"> | |
| <head> | |
| <meta charset="utf-8"> | |
| <meta name="viewport" content="width=device-width,initial-scale=1"> | |
| <meta name="description" content="FastAPI framework, high performance, easy to learn, fast to code, ready for production"> | |
| <link rel="canonical" href="https://fastapi.tiangolo.com/advanced/security/http-basic-auth/"> | |
| <link rel="prev" href="../oauth2-scopes/"> | |
| <link rel="next" href="../../using-request-directly/"> | |
| <link rel="alternate" href="/" hreflang="en"> | |
| <link rel="alternate" href="/de/" hreflang="en"> | |
| <link rel="alternate" href="/es/" hreflang="en"> | |
| <link rel="alternate" href="/fr/" hreflang="en"> | |
| <link rel="alternate" href="/ja/" hreflang="en"> | |
| <link rel="alternate" href="/ko/" hreflang="en"> | |
| <link rel="alternate" href="/pt/" hreflang="en"> | |
| <link rel="alternate" href="/ru/" hreflang="en"> | |
| <link rel="alternate" href="/tr/" hreflang="en"> | |
| <link rel="alternate" href="/uk/" hreflang="en"> | |
| <link rel="alternate" href="/zh/" hreflang="en"> | |
| <link rel="alternate" href="/zh-hant/" hreflang="en"> | |
| <link rel="icon" href="../../../img/favicon.png"> | |
| <meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.7.1"> | |
| <title>HTTP Basic Auth - FastAPI</title> | |
| <link rel="stylesheet" href="../../../assets/stylesheets/main.484c7ddc.min.css"> | |
| <link rel="stylesheet" href="../../../assets/stylesheets/palette.ab4e12ef.min.css"> | |
| <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> | |
| <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback"> | |
| <style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style> | |
| <link rel="stylesheet" href="../../../assets/_mkdocstrings.css"> | |
| <link rel="stylesheet" href="../../../css/termynal.css"> | |
| <link rel="stylesheet" href="../../../css/custom.css"> | |
| <script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script> | |
| <meta property="og:type" content="website" /> | |
| <meta property="og:title" content="HTTP Basic Auth - FastAPI" /> | |
| <meta property="og:description" content="FastAPI framework, high performance, easy to learn, fast to code, ready for production" /> | |
| <meta property="og:image" content="https://fastapi.tiangolo.com/assets/images/social/advanced/security/http-basic-auth.png" /> | |
| <meta property="og:image:type" content="image/png" /> | |
| <meta property="og:image:width" content="1200" /> | |
| <meta property="og:image:height" content="630" /> | |
| <meta property="og:url" content="https://fastapi.tiangolo.com/advanced/security/http-basic-auth/" /> | |
| <meta property="twitter:card" content="summary_large_image" /> | |
| <meta property="twitter:title" content="HTTP Basic Auth - FastAPI" /> | |
| <meta property="twitter:description" content="FastAPI framework, high performance, easy to learn, fast to code, ready for production" /> | |
| <meta property="twitter:image" content="https://fastapi.tiangolo.com/assets/images/social/advanced/security/http-basic-auth.png" /> | |
| </head> | |
| <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo"> | |
| <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off"> | |
| <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off"> | |
| <label class="md-overlay" for="__drawer"></label> | |
| <div data-md-component="skip"> | |
| <a href="#http-basic-auth" class="md-skip"> | |
| Skip to content | |
| </a> | |
| </div> | |
| <div data-md-component="announce"> | |
| <aside class="md-banner"> | |
| <div class="md-banner__inner md-grid md-typeset"> | |
| <div class="announce-wrapper"> | |
| <div id="announce-left"> | |
| <div class="item"> | |
| <a class="announce-link" href="https://fastapicloud.com" target="_blank"> | |
| <span class="twemoji"> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 19c0 .34.04.67.09 1H6.5c-1.5 0-2.81-.5-3.89-1.57C1.54 17.38 1 16.09 1 14.58q0-1.95 1.17-3.48C3.34 9.57 4 9.43 5.25 9.15c.42-1.53 1.25-2.77 2.5-3.72S10.42 4 12 4c1.95 0 3.6.68 4.96 2.04S19 9.05 19 11c1.15.13 2.1.63 2.86 1.5.51.57.84 1.21 1 1.92A5.9 5.9 0 0 0 19 13c-3.31 0-6 2.69-6 6m3-1h2v4h2v-4h2l-3-3z"/></svg> | |
| </span> Join the <strong>FastAPI Cloud</strong> waiting list 🚀 | |
| </a> | |
| </div> | |
| <div class="item"> | |
| <a class="announce-link" href="https://x.com/fastapi" target="_blank"> | |
| <span class="twemoji"> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M357.2 48h70.6L273.6 224.2 455 464H313L201.7 318.6 74.5 464H3.8l164.9-188.5L-5.2 48h145.6l100.5 132.9zm-24.8 373.8h39.1L119.1 88h-42z"/></svg> | |
| </span> Follow <strong>@fastapi</strong> on <strong>X (Twitter)</strong> to stay updated | |
| </a> | |
| </div> | |
| <div class="item"> | |
| <a class="announce-link" href="https://www.linkedin.com/company/fastapi" target="_blank"> | |
| <span class="twemoji linkedin"> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M416 32H31.9C14.3 32 0 46.5 0 64.3v383.4C0 465.5 14.3 480 31.9 480H416c17.6 0 32-14.5 32-32.3V64.3c0-17.8-14.4-32.3-32-32.3M135.4 416H69V202.2h66.5V416zM102.2 96a38.5 38.5 0 1 1 0 77 38.5 38.5 0 1 1 0-77m282.1 320h-66.4V312c0-24.8-.5-56.7-34.5-56.7-34.6 0-39.9 27-39.9 54.9V416h-66.4V202.2h63.7v29.2h.9c8.9-16.8 30.6-34.5 62.9-34.5 67.2 0 79.7 44.3 79.7 101.9z"/></svg> | |
| </span> Follow <strong>FastAPI</strong> on <strong>LinkedIn</strong> to stay updated | |
| </a> | |
| </div> | |
| <div class="item"> | |
| <a class="announce-link" href="https://fastapi.tiangolo.com/newsletter/"> | |
| <span class="twemoji"> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="m20 8-8 5-8-5V6l8 5 8-5m0-2H4c-1.11 0-2 .89-2 2v12a2 2 0 0 0 2 2h16a2 2 0 0 0 2-2V6a2 2 0 0 0-2-2"/></svg> | |
| </span> Subscribe to the <strong>FastAPI and friends</strong> newsletter 🎉 | |
| </a> | |
| </div> | |
| </div> | |
| <div id="announce-right" style="position: relative;"> | |
| <div class="item"> | |
| <a title="BlockBee Cryptocurrency Payment Gateway" style="display: block; position: relative;" href="https://blockbee.io?ref=fastapi" target="_blank"> | |
| <span class="sponsor-badge">sponsor</span> | |
| <img class="sponsor-image" src="/img/sponsors/blockbee-banner.png" /> | |
| </a> | |
| </div> | |
| <div class="item"> | |
| <a title="Scalar: Beautiful Open-Source API References from Swagger/OpenAPI files" style="display: block; position: relative;" href="https://github.com/scalar/scalar/?utm_source=fastapi&utm_medium=website&utm_campaign=top-banner" target="_blank"> | |
| <span class="sponsor-badge">sponsor</span> | |
| <img class="sponsor-image" src="/img/sponsors/scalar-banner.svg" /> | |
| </a> | |
| </div> | |
| <div class="item"> | |
| <a title="Auth, user management and more for your B2B product" style="display: block; position: relative;" href="https://www.propelauth.com/?utm_source=fastapi&utm_campaign=1223&utm_medium=topbanner" target="_blank"> | |
| <span class="sponsor-badge">sponsor</span> | |
| <img class="sponsor-image" src="/img/sponsors/propelauth-banner.png" /> | |
| </a> | |
| </div> | |
| <div class="item"> | |
| <a title="liblab - Generate SDKs from FastAPI" style="display: block; position: relative;" href="https://liblab.com?utm_source=fastapi" target="_blank"> | |
| <span class="sponsor-badge">sponsor</span> | |
| <img class="sponsor-image" src="/img/sponsors/liblab-banner.png" /> | |
| </a> | |
| </div> | |
| <div class="item"> | |
| <a title="Deploy & scale any full-stack web app on Render. Focus on building apps, not infra." style="display: block; position: relative;" href="https://docs.render.com/deploy-fastapi?utm_source=deploydoc&utm_medium=referral&utm_campaign=fastapi" target="_blank"> | |
| <span class="sponsor-badge">sponsor</span> | |
| <img class="sponsor-image" src="/img/sponsors/render-banner.svg" /> | |
| </a> | |
| </div> | |
| <div class="item"> | |
| <a title="Cut Code Review Time & Bugs in Half with CodeRabbit" style="display: block; position: relative;" href="https://www.coderabbit.ai/?utm_source=fastapi&utm_medium=banner&utm_campaign=fastapi" target="_blank"> | |
| <span class="sponsor-badge">sponsor</span> | |
| <img class="sponsor-image" src="/img/sponsors/coderabbit-banner.png" /> | |
| </a> | |
| </div> | |
| <div class="item"> | |
| <a title="Making Retail Purchases Actionable for Brands and Developers" style="display: block; position: relative;" href="https://subtotal.com/?utm_source=fastapi&utm_medium=sponsorship&utm_campaign=open-source" target="_blank"> | |
| <span class="sponsor-badge">sponsor</span> | |
| <img class="sponsor-image" src="/img/sponsors/subtotal-banner.svg" /> | |
| </a> | |
| </div> | |
| <div class="item"> | |
| <a title="Deploy enterprise applications at startup speed" style="display: block; position: relative;" href="https://docs.railway.com/guides/fastapi?utm_medium=integration&utm_source=docs&utm_campaign=fastapi" target="_blank"> | |
| <span class="sponsor-badge">sponsor</span> | |
| <img class="sponsor-image" src="/img/sponsors/railway-banner.png" /> | |
| </a> | |
| </div> | |
| <div class="item"> | |
| <a title="SerpApi: Web Search API" style="display: block; position: relative;" href="https://serpapi.com/?utm_source=fastapi_website" target="_blank"> | |
| <span class="sponsor-badge">sponsor</span> | |
| <img class="sponsor-image" src="/img/sponsors/serpapi-banner.png" /> | |
| </a> | |
| </div> | |
| <div class="item"> | |
| <a title="Greptile: The AI Code Reviewer" style="display: block; position: relative;" href="https://www.greptile.com/?utm_source=fastapi&utm_medium=sponsorship&utm_campaign=fastapi_sponsor_page" target="_blank"> | |
| <span class="sponsor-badge">sponsor</span> | |
| <img class="sponsor-image" src="/img/sponsors/greptile-banner.png" /> | |
| </a> | |
| </div> | |
| </div> | |
| </div> | |
| </div> | |
| </aside> | |
| </div> | |
| <header class="md-header md-header--shadow md-header--lifted" data-md-component="header"> | |
| <nav class="md-header__inner md-grid" aria-label="Header"> | |
| <a href="../../.." title="FastAPI" class="md-header__button md-logo" aria-label="FastAPI" data-md-component="logo"> | |
| <img src="../../../img/icon-white.svg" alt="logo"> | |
| </a> | |
| <label class="md-header__button md-icon" for="__drawer"> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg> | |
| </label> | |
| <div class="md-header__title" data-md-component="header-title"> | |
| <div class="md-header__ellipsis"> | |
| <div class="md-header__topic"> | |
| <span class="md-ellipsis"> | |
| FastAPI | |
| </span> | |
| </div> | |
| <div class="md-header__topic" data-md-component="header-topic"> | |
| <span class="md-ellipsis"> | |
| HTTP Basic Auth | |
| </span> | |
| </div> | |
| </div> | |
| </div> | |
| <form class="md-header__option" data-md-component="palette"> | |
| <input class="md-option" data-md-color-media="(prefers-color-scheme)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_0"> | |
| <label class="md-header__button md-icon" title="Switch to light mode" for="__palette_1" hidden> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9 2C5.13 2 2 5.13 2 9c0 2.38 1.19 4.47 3 5.74V17c0 .55.45 1 1 1h6c.55 0 1-.45 1-1v-2.26c1.81-1.27 3-3.36 3-5.74 0-3.87-3.13-7-7-7M6 21c0 .55.45 1 1 1h4c.55 0 1-.45 1-1v-1H6zm13-8h-2l-3.2 9h1.9l.7-2h3.2l.7 2h1.9zm-2.15 5.65L18 15l1.15 3.65z"/></svg> | |
| </label> | |
| <input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="teal" data-md-color-accent="amber" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_1"> | |
| <label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_2" hidden> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 2a7 7 0 0 0-7 7c0 2.38 1.19 4.47 3 5.74V17a1 1 0 0 0 1 1h6a1 1 0 0 0 1-1v-2.26c1.81-1.27 3-3.36 3-5.74a7 7 0 0 0-7-7M9 21a1 1 0 0 0 1 1h4a1 1 0 0 0 1-1v-1H9z"/></svg> | |
| </label> | |
| <input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="teal" data-md-color-accent="amber" aria-label="Switch to system preference" type="radio" name="__palette" id="__palette_2"> | |
| <label class="md-header__button md-icon" title="Switch to system preference" for="__palette_0" hidden> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 2a7 7 0 0 1 7 7c0 2.38-1.19 4.47-3 5.74V17a1 1 0 0 1-1 1H9a1 1 0 0 1-1-1v-2.26C6.19 13.47 5 11.38 5 9a7 7 0 0 1 7-7M9 21v-1h6v1a1 1 0 0 1-1 1h-4a1 1 0 0 1-1-1m3-17a5 5 0 0 0-5 5c0 2.05 1.23 3.81 3 4.58V16h4v-2.42c1.77-.77 3-2.53 3-4.58a5 5 0 0 0-5-5"/></svg> | |
| </label> | |
| </form> | |
| <script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script> | |
| <div class="md-header__option"> | |
| <div class="md-select"> | |
| <button class="md-header__button md-icon" aria-label="Select language"> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="m12.87 15.07-2.54-2.51.03-.03A17.5 17.5 0 0 0 14.07 6H17V4h-7V2H8v2H1v2h11.17C11.5 7.92 10.44 9.75 9 11.35 8.07 10.32 7.3 9.19 6.69 8h-2c.73 1.63 1.73 3.17 2.98 4.56l-5.09 5.02L4 19l5-5 3.11 3.11zM18.5 10h-2L12 22h2l1.12-3h4.75L21 22h2zm-2.62 7 1.62-4.33L19.12 17z"/></svg> | |
| </button> | |
| <div class="md-select__inner"> | |
| <ul class="md-select__list"> | |
| <li class="md-select__item"> | |
| <a href="/" hreflang="" class="md-select__link"> | |
| en - English | |
| </a> | |
| </li> | |
| <li class="md-select__item"> | |
| <a href="/de/" hreflang="" class="md-select__link"> | |
| de - Deutsch | |
| </a> | |
| </li> | |
| <li class="md-select__item"> | |
| <a href="/es/" hreflang="" class="md-select__link"> | |
| es - español | |
| </a> | |
| </li> | |
| <li class="md-select__item"> | |
| <a href="/fr/" hreflang="" class="md-select__link"> | |
| fr - français | |
| </a> | |
| </li> | |
| <li class="md-select__item"> | |
| <a href="/ja/" hreflang="" class="md-select__link"> | |
| ja - 日本語 | |
| </a> | |
| </li> | |
| <li class="md-select__item"> | |
| <a href="/ko/" hreflang="" class="md-select__link"> | |
| ko - 한국어 | |
| </a> | |
| </li> | |
| <li class="md-select__item"> | |
| <a href="/pt/" hreflang="" class="md-select__link"> | |
| pt - português | |
| </a> | |
| </li> | |
| <li class="md-select__item"> | |
| <a href="/ru/" hreflang="" class="md-select__link"> | |
| ru - русский язык | |
| </a> | |
| </li> | |
| <li class="md-select__item"> | |
| <a href="/tr/" hreflang="" class="md-select__link"> | |
| tr - Türkçe | |
| </a> | |
| </li> | |
| <li class="md-select__item"> | |
| <a href="/uk/" hreflang="" class="md-select__link"> | |
| uk - українська мова | |
| </a> | |
| </li> | |
| <li class="md-select__item"> | |
| <a href="/zh/" hreflang="" class="md-select__link"> | |
| zh - 简体中文 | |
| </a> | |
| </li> | |
| <li class="md-select__item"> | |
| <a href="/zh-hant/" hreflang="" class="md-select__link"> | |
| zh-hant - 繁體中文 | |
| </a> | |
| </li> | |
| </ul> | |
| </div> | |
| </div> | |
| </div> | |
| <label class="md-header__button md-icon" for="__search"> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg> | |
| </label> | |
| <div class="md-search" data-md-component="search" role="dialog"> | |
| <label class="md-search__overlay" for="__search"></label> | |
| <div class="md-search__inner" role="search"> | |
| <form class="md-search__form" name="search"> | |
| <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required> | |
| <label class="md-search__icon md-icon" for="__search"> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg> | |
| </label> | |
| <nav class="md-search__options" aria-label="Search"> | |
| <a href="javascript:void(0)" class="md-search__icon md-icon" title="Share" aria-label="Share" data-clipboard data-clipboard-text="" data-md-component="search-share" tabindex="-1"> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M18 16.08c-.76 0-1.44.3-1.96.77L8.91 12.7c.05-.23.09-.46.09-.7s-.04-.47-.09-.7l7.05-4.11c.54.5 1.25.81 2.04.81a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3c0 .24.04.47.09.7L8.04 9.81C7.5 9.31 6.79 9 6 9a3 3 0 0 0-3 3 3 3 0 0 0 3 3c.79 0 1.5-.31 2.04-.81l7.12 4.15c-.05.21-.08.43-.08.66 0 1.61 1.31 2.91 2.92 2.91s2.92-1.3 2.92-2.91A2.92 2.92 0 0 0 18 16.08"/></svg> | |
| </a> | |
| <button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1"> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg> | |
| </button> | |
| </nav> | |
| <div class="md-search__suggest" data-md-component="search-suggest"></div> | |
| </form> | |
| <div class="md-search__output"> | |
| <div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix> | |
| <div class="md-search-result" data-md-component="search-result"> | |
| <div class="md-search-result__meta"> | |
| Initializing search | |
| </div> | |
| <ol class="md-search-result__list" role="presentation"></ol> | |
| </div> | |
| </div> | |
| </div> | |
| </div> | |
| </div> | |
| <div class="md-header__source"> | |
| <a href="https://github.com/fastapi/fastapi" title="Go to repository" class="md-source" data-md-component="source"> | |
| <div class="md-source__icon md-icon"> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M202.1 328.7c0 20.9-10.9 55.1-36.7 55.1s-36.7-34.2-36.7-55.1 10.9-55.1 36.7-55.1 36.7 34.2 36.7 55.1M496 278.2c0 31.9-3.2 65.7-17.5 95-37.9 76.6-142.1 74.8-216.7 74.8-75.8 0-186.2 2.7-225.6-74.8-14.6-29-20.2-63.1-20.2-95 0-41.9 13.9-81.5 41.5-113.6-5.2-15.8-7.7-32.4-7.7-48.8 0-21.5 4.9-32.3 14.6-51.8 45.3 0 74.3 9 108.8 36 29-6.9 58.8-10 88.7-10 27 0 54.2 2.9 80.4 9.2 34-26.7 63-35.2 107.8-35.2 9.8 19.5 14.6 30.3 14.6 51.8 0 16.4-2.6 32.7-7.7 48.2 27.5 32.4 39 72.3 39 114.2m-64.3 50.5c0-43.9-26.7-82.6-73.5-82.6-18.9 0-37 3.4-56 6-14.9 2.3-29.8 3.2-45.1 3.2-15.2 0-30.1-.9-45.1-3.2-18.7-2.6-37-6-56-6-46.8 0-73.5 38.7-73.5 82.6 0 87.8 80.4 101.3 150.4 101.3h48.2c70.3 0 150.6-13.4 150.6-101.3m-82.6-55.1c-25.8 0-36.7 34.2-36.7 55.1s10.9 55.1 36.7 55.1 36.7-34.2 36.7-55.1-10.9-55.1-36.7-55.1"/></svg> | |
| </div> | |
| <div class="md-source__repository"> | |
| fastapi/fastapi | |
| </div> | |
| </a> | |
| </div> | |
| </nav> | |
| <nav class="md-tabs" aria-label="Tabs" data-md-component="tabs"> | |
| <div class="md-grid"> | |
| <ul class="md-tabs__list"> | |
| <li class="md-tabs__item"> | |
| <a href="../../.." class="md-tabs__link"> | |
| FastAPI | |
| </a> | |
| </li> | |
| <li class="md-tabs__item"> | |
| <a href="../../../features/" class="md-tabs__link"> | |
| Features | |
| </a> | |
| </li> | |
| <li class="md-tabs__item md-tabs__item--active"> | |
| <a href="../../../learn/" class="md-tabs__link"> | |
| Learn | |
| </a> | |
| </li> | |
| <li class="md-tabs__item"> | |
| <a href="../../../reference/" class="md-tabs__link"> | |
| Reference | |
| </a> | |
| </li> | |
| <li class="md-tabs__item"> | |
| <a href="../../../fastapi-people/" class="md-tabs__link"> | |
| FastAPI People | |
| </a> | |
| </li> | |
| <li class="md-tabs__item"> | |
| <a href="../../../resources/" class="md-tabs__link"> | |
| Resources | |
| </a> | |
| </li> | |
| <li class="md-tabs__item"> | |
| <a href="../../../about/" class="md-tabs__link"> | |
| About | |
| </a> | |
| </li> | |
| <li class="md-tabs__item"> | |
| <a href="../../../release-notes/" class="md-tabs__link"> | |
| Release Notes | |
| </a> | |
| </li> | |
| </ul> | |
| </div> | |
| </nav> | |
| </header> | |
| <div class="md-container" data-md-component="container"> | |
| <main class="md-main" data-md-component="main"> | |
| <div class="md-main__inner md-grid"> | |
| <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" > | |
| <div class="md-sidebar__scrollwrap"> | |
| <div class="md-sidebar__inner"> | |
| <nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0"> | |
| <label class="md-nav__title" for="__drawer"> | |
| <a href="../../.." title="FastAPI" class="md-nav__button md-logo" aria-label="FastAPI" data-md-component="logo"> | |
| <img src="../../../img/icon-white.svg" alt="logo"> | |
| </a> | |
| FastAPI | |
| </label> | |
| <div class="md-nav__source"> | |
| <a href="https://github.com/fastapi/fastapi" title="Go to repository" class="md-source" data-md-component="source"> | |
| <div class="md-source__icon md-icon"> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M202.1 328.7c0 20.9-10.9 55.1-36.7 55.1s-36.7-34.2-36.7-55.1 10.9-55.1 36.7-55.1 36.7 34.2 36.7 55.1M496 278.2c0 31.9-3.2 65.7-17.5 95-37.9 76.6-142.1 74.8-216.7 74.8-75.8 0-186.2 2.7-225.6-74.8-14.6-29-20.2-63.1-20.2-95 0-41.9 13.9-81.5 41.5-113.6-5.2-15.8-7.7-32.4-7.7-48.8 0-21.5 4.9-32.3 14.6-51.8 45.3 0 74.3 9 108.8 36 29-6.9 58.8-10 88.7-10 27 0 54.2 2.9 80.4 9.2 34-26.7 63-35.2 107.8-35.2 9.8 19.5 14.6 30.3 14.6 51.8 0 16.4-2.6 32.7-7.7 48.2 27.5 32.4 39 72.3 39 114.2m-64.3 50.5c0-43.9-26.7-82.6-73.5-82.6-18.9 0-37 3.4-56 6-14.9 2.3-29.8 3.2-45.1 3.2-15.2 0-30.1-.9-45.1-3.2-18.7-2.6-37-6-56-6-46.8 0-73.5 38.7-73.5 82.6 0 87.8 80.4 101.3 150.4 101.3h48.2c70.3 0 150.6-13.4 150.6-101.3m-82.6-55.1c-25.8 0-36.7 34.2-36.7 55.1s10.9 55.1 36.7 55.1 36.7-34.2 36.7-55.1-10.9-55.1-36.7-55.1"/></svg> | |
| </div> | |
| <div class="md-source__repository"> | |
| fastapi/fastapi | |
| </div> | |
| </a> | |
| </div> | |
| <ul class="md-nav__list" data-md-scrollfix> | |
| <li class="md-nav__item"> | |
| <a href="../../.." class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| FastAPI | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../features/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Features | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested"> | |
| <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" checked> | |
| <div class="md-nav__link md-nav__container"> | |
| <a href="../../../learn/" class="md-nav__link "> | |
| <span class="md-ellipsis"> | |
| Learn | |
| </span> | |
| </a> | |
| <label class="md-nav__link " for="__nav_3" id="__nav_3_label" tabindex=""> | |
| <span class="md-nav__icon md-icon"></span> | |
| </label> | |
| </div> | |
| <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="true"> | |
| <label class="md-nav__title" for="__nav_3"> | |
| <span class="md-nav__icon md-icon"></span> | |
| Learn | |
| </label> | |
| <ul class="md-nav__list" data-md-scrollfix> | |
| <li class="md-nav__item"> | |
| <a href="../../../python-types/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Python Types Intro | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../async/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Concurrency and async / await | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../environment-variables/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Environment Variables | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../virtual-environments/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Virtual Environments | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item md-nav__item--nested"> | |
| <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_6" > | |
| <div class="md-nav__link md-nav__container"> | |
| <a href="../../../tutorial/" class="md-nav__link "> | |
| <span class="md-ellipsis"> | |
| Tutorial - User Guide | |
| </span> | |
| </a> | |
| <label class="md-nav__link " for="__nav_3_6" id="__nav_3_6_label" tabindex="0"> | |
| <span class="md-nav__icon md-icon"></span> | |
| </label> | |
| </div> | |
| <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_6_label" aria-expanded="false"> | |
| <label class="md-nav__title" for="__nav_3_6"> | |
| <span class="md-nav__icon md-icon"></span> | |
| Tutorial - User Guide | |
| </label> | |
| <ul class="md-nav__list" data-md-scrollfix> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/first-steps/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| First Steps | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/path-params/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Path Parameters | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/query-params/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Query Parameters | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/body/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Request Body | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/query-params-str-validations/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Query Parameters and String Validations | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/path-params-numeric-validations/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Path Parameters and Numeric Validations | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/query-param-models/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Query Parameter Models | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/body-multiple-params/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Body - Multiple Parameters | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/body-fields/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Body - Fields | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/body-nested-models/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Body - Nested Models | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/schema-extra-example/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Declare Request Example Data | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/extra-data-types/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Extra Data Types | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/cookie-params/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Cookie Parameters | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/header-params/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Header Parameters | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/cookie-param-models/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Cookie Parameter Models | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/header-param-models/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Header Parameter Models | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/response-model/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Response Model - Return Type | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/extra-models/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Extra Models | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/response-status-code/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Response Status Code | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/request-forms/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Form Data | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/request-form-models/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Form Models | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/request-files/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Request Files | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/request-forms-and-files/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Request Forms and Files | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/handling-errors/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Handling Errors | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/path-operation-configuration/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Path Operation Configuration | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/encoder/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| JSON Compatible Encoder | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/body-updates/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Body - Updates | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item md-nav__item--nested"> | |
| <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_6_29" > | |
| <div class="md-nav__link md-nav__container"> | |
| <a href="../../../tutorial/dependencies/" class="md-nav__link "> | |
| <span class="md-ellipsis"> | |
| Dependencies | |
| </span> | |
| </a> | |
| <label class="md-nav__link " for="__nav_3_6_29" id="__nav_3_6_29_label" tabindex="0"> | |
| <span class="md-nav__icon md-icon"></span> | |
| </label> | |
| </div> | |
| <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_3_6_29_label" aria-expanded="false"> | |
| <label class="md-nav__title" for="__nav_3_6_29"> | |
| <span class="md-nav__icon md-icon"></span> | |
| Dependencies | |
| </label> | |
| <ul class="md-nav__list" data-md-scrollfix> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/dependencies/classes-as-dependencies/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Classes as Dependencies | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/dependencies/sub-dependencies/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Sub-dependencies | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/dependencies/dependencies-in-path-operation-decorators/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Dependencies in path operation decorators | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/dependencies/global-dependencies/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Global Dependencies | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/dependencies/dependencies-with-yield/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Dependencies with yield | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| </ul> | |
| </nav> | |
| </li> | |
| <li class="md-nav__item md-nav__item--nested"> | |
| <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_6_30" > | |
| <div class="md-nav__link md-nav__container"> | |
| <a href="../../../tutorial/security/" class="md-nav__link "> | |
| <span class="md-ellipsis"> | |
| Security | |
| </span> | |
| </a> | |
| <label class="md-nav__link " for="__nav_3_6_30" id="__nav_3_6_30_label" tabindex="0"> | |
| <span class="md-nav__icon md-icon"></span> | |
| </label> | |
| </div> | |
| <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_3_6_30_label" aria-expanded="false"> | |
| <label class="md-nav__title" for="__nav_3_6_30"> | |
| <span class="md-nav__icon md-icon"></span> | |
| Security | |
| </label> | |
| <ul class="md-nav__list" data-md-scrollfix> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/security/first-steps/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Security - First Steps | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/security/get-current-user/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Get Current User | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/security/simple-oauth2/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Simple OAuth2 with Password and Bearer | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/security/oauth2-jwt/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| OAuth2 with Password (and hashing), Bearer with JWT tokens | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| </ul> | |
| </nav> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/middleware/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Middleware | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/cors/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| CORS (Cross-Origin Resource Sharing) | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/sql-databases/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| SQL (Relational) Databases | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/bigger-applications/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Bigger Applications - Multiple Files | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/stream-json-lines/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Stream JSON Lines | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/server-sent-events/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Server-Sent Events (SSE) | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/background-tasks/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Background Tasks | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/metadata/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Metadata and Docs URLs | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/static-files/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Static Files | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/testing/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Testing | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../tutorial/debugging/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Debugging | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| </ul> | |
| </nav> | |
| </li> | |
| <li class="md-nav__item md-nav__item--active md-nav__item--nested"> | |
| <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_7" checked> | |
| <div class="md-nav__link md-nav__container"> | |
| <a href="../../" class="md-nav__link "> | |
| <span class="md-ellipsis"> | |
| Advanced User Guide | |
| </span> | |
| </a> | |
| <label class="md-nav__link " for="__nav_3_7" id="__nav_3_7_label" tabindex="0"> | |
| <span class="md-nav__icon md-icon"></span> | |
| </label> | |
| </div> | |
| <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_7_label" aria-expanded="true"> | |
| <label class="md-nav__title" for="__nav_3_7"> | |
| <span class="md-nav__icon md-icon"></span> | |
| Advanced User Guide | |
| </label> | |
| <ul class="md-nav__list" data-md-scrollfix> | |
| <li class="md-nav__item"> | |
| <a href="../../stream-data/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Stream Data | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../path-operation-advanced-configuration/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Path Operation Advanced Configuration | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../additional-status-codes/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Additional Status Codes | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../response-directly/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Return a Response Directly | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../custom-response/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Custom Response - HTML, Stream, File, others | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../additional-responses/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Additional Responses in OpenAPI | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../response-cookies/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Response Cookies | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../response-headers/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Response Headers | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../response-change-status-code/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Response - Change Status Code | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../advanced-dependencies/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Advanced Dependencies | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item md-nav__item--active md-nav__item--nested"> | |
| <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_7_12" checked> | |
| <div class="md-nav__link md-nav__container"> | |
| <a href="../" class="md-nav__link "> | |
| <span class="md-ellipsis"> | |
| Advanced Security | |
| </span> | |
| </a> | |
| <label class="md-nav__link " for="__nav_3_7_12" id="__nav_3_7_12_label" tabindex="0"> | |
| <span class="md-nav__icon md-icon"></span> | |
| </label> | |
| </div> | |
| <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_3_7_12_label" aria-expanded="true"> | |
| <label class="md-nav__title" for="__nav_3_7_12"> | |
| <span class="md-nav__icon md-icon"></span> | |
| Advanced Security | |
| </label> | |
| <ul class="md-nav__list" data-md-scrollfix> | |
| <li class="md-nav__item"> | |
| <a href="../oauth2-scopes/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| OAuth2 scopes | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item md-nav__item--active"> | |
| <input class="md-nav__toggle md-toggle" type="checkbox" id="__toc"> | |
| <label class="md-nav__link md-nav__link--active" for="__toc"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| HTTP Basic Auth | |
| </span> | |
| </span> | |
| <span class="md-nav__icon md-icon"></span> | |
| </label> | |
| <a href="./" class="md-nav__link md-nav__link--active"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| HTTP Basic Auth | |
| </span> | |
| </span> | |
| </a> | |
| <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> | |
| <label class="md-nav__title" for="__toc"> | |
| <span class="md-nav__icon md-icon"></span> | |
| Table of contents | |
| </label> | |
| <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix> | |
| <li class="md-nav__item"> | |
| <a href="#simple-http-basic-auth" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Simple HTTP Basic Auth | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="#check-the-username" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Check the username | |
| </span> | |
| </span> | |
| </a> | |
| <nav class="md-nav" aria-label="Check the username"> | |
| <ul class="md-nav__list"> | |
| <li class="md-nav__item"> | |
| <a href="#timing-attacks" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Timing Attacks | |
| </span> | |
| </span> | |
| </a> | |
| <nav class="md-nav" aria-label="Timing Attacks"> | |
| <ul class="md-nav__list"> | |
| <li class="md-nav__item"> | |
| <a href="#the-time-to-answer-helps-the-attackers" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| The time to answer helps the attackers | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="#a-professional-attack" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| A "professional" attack | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="#fix-it-with-secrets-compare-digest" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Fix it with <code>secrets.compare_digest()</code> | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| </ul> | |
| </nav> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="#return-the-error" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Return the error | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| </ul> | |
| </nav> | |
| </li> | |
| </ul> | |
| </nav> | |
| </li> | |
| </ul> | |
| </nav> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../using-request-directly/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Using the Request Directly | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../dataclasses/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Using Dataclasses | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../middleware/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Advanced Middleware | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../sub-applications/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Sub Applications - Mounts | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../behind-a-proxy/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Behind a Proxy | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../templates/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Templates | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../websockets/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| WebSockets | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../events/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Lifespan Events | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../testing-websockets/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Testing WebSockets | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../testing-events/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Testing Events: lifespan and startup - shutdown | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../testing-dependencies/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Testing Dependencies with Overrides | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../async-tests/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Async Tests | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../settings/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Settings and Environment Variables | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../openapi-callbacks/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| OpenAPI Callbacks | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../openapi-webhooks/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| OpenAPI Webhooks | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../wsgi/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Including WSGI - Flask, Django, others | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../generate-clients/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Generating SDKs | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../advanced-python-types/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Advanced Python Types | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../json-base64-bytes/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| JSON with Bytes as Base64 | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../strict-content-type/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Strict Content-Type Checking | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| </ul> | |
| </nav> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../fastapi-cli/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| FastAPI CLI | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../editor-support/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Editor Support | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item md-nav__item--nested"> | |
| <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_10" > | |
| <div class="md-nav__link md-nav__container"> | |
| <a href="../../../deployment/" class="md-nav__link "> | |
| <span class="md-ellipsis"> | |
| Deployment | |
| </span> | |
| </a> | |
| <label class="md-nav__link " for="__nav_3_10" id="__nav_3_10_label" tabindex="0"> | |
| <span class="md-nav__icon md-icon"></span> | |
| </label> | |
| </div> | |
| <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_10_label" aria-expanded="false"> | |
| <label class="md-nav__title" for="__nav_3_10"> | |
| <span class="md-nav__icon md-icon"></span> | |
| Deployment | |
| </label> | |
| <ul class="md-nav__list" data-md-scrollfix> | |
| <li class="md-nav__item"> | |
| <a href="../../../deployment/versions/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| About FastAPI versions | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../deployment/fastapicloud/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| FastAPI Cloud | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../deployment/https/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| About HTTPS | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../deployment/manually/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Run a Server Manually | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../deployment/concepts/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Deployments Concepts | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../deployment/cloud/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Deploy FastAPI on Cloud Providers | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../deployment/server-workers/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Server Workers - Uvicorn with Workers | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../deployment/docker/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| FastAPI in Containers - Docker | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| </ul> | |
| </nav> | |
| </li> | |
| <li class="md-nav__item md-nav__item--nested"> | |
| <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_11" > | |
| <div class="md-nav__link md-nav__container"> | |
| <a href="../../../how-to/" class="md-nav__link "> | |
| <span class="md-ellipsis"> | |
| How To - Recipes | |
| </span> | |
| </a> | |
| <label class="md-nav__link " for="__nav_3_11" id="__nav_3_11_label" tabindex="0"> | |
| <span class="md-nav__icon md-icon"></span> | |
| </label> | |
| </div> | |
| <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_11_label" aria-expanded="false"> | |
| <label class="md-nav__title" for="__nav_3_11"> | |
| <span class="md-nav__icon md-icon"></span> | |
| How To - Recipes | |
| </label> | |
| <ul class="md-nav__list" data-md-scrollfix> | |
| <li class="md-nav__item"> | |
| <a href="../../../how-to/general/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| General - How To - Recipes | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../how-to/migrate-from-pydantic-v1-to-pydantic-v2/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Migrate from Pydantic v1 to Pydantic v2 | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../how-to/graphql/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| GraphQL | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../how-to/custom-request-and-route/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Custom Request and APIRoute class | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../how-to/conditional-openapi/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Conditional OpenAPI | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../how-to/extending-openapi/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Extending OpenAPI | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../how-to/separate-openapi-schemas/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Separate OpenAPI Schemas for Input and Output or Not | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../how-to/custom-docs-ui-assets/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Custom Docs UI Static Assets (Self-Hosting) | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../how-to/configure-swagger-ui/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Configure Swagger UI | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../how-to/testing-database/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Testing a Database | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../how-to/authentication-error-status-code/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Use Old 403 Authentication Error Status Codes | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| </ul> | |
| </nav> | |
| </li> | |
| </ul> | |
| </nav> | |
| </li> | |
| <li class="md-nav__item md-nav__item--nested"> | |
| <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" > | |
| <div class="md-nav__link md-nav__container"> | |
| <a href="../../../reference/" class="md-nav__link "> | |
| <span class="md-ellipsis"> | |
| Reference | |
| </span> | |
| </a> | |
| <label class="md-nav__link " for="__nav_4" id="__nav_4_label" tabindex="0"> | |
| <span class="md-nav__icon md-icon"></span> | |
| </label> | |
| </div> | |
| <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false"> | |
| <label class="md-nav__title" for="__nav_4"> | |
| <span class="md-nav__icon md-icon"></span> | |
| Reference | |
| </label> | |
| <ul class="md-nav__list" data-md-scrollfix> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/fastapi/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| <code>FastAPI</code> class | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/parameters/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Request Parameters | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/status/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Status Codes | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/uploadfile/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| <code>UploadFile</code> class | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/exceptions/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Exceptions - <code>HTTPException</code> and <code>WebSocketException</code> | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/dependencies/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Dependencies - <code>Depends()</code> and <code>Security()</code> | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/apirouter/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| <code>APIRouter</code> class | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/background/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Background Tasks - <code>BackgroundTasks</code> | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/request/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| <code>Request</code> class | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/websockets/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| WebSockets | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/httpconnection/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| <code>HTTPConnection</code> class | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/response/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| <code>Response</code> class | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/responses/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Custom Response Classes - File, HTML, Redirect, Streaming, etc. | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/middleware/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Middleware | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item md-nav__item--nested"> | |
| <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_16" > | |
| <div class="md-nav__link md-nav__container"> | |
| <a href="../../../reference/openapi/" class="md-nav__link "> | |
| <span class="md-ellipsis"> | |
| OpenAPI | |
| </span> | |
| </a> | |
| <label class="md-nav__link " for="__nav_4_16" id="__nav_4_16_label" tabindex="0"> | |
| <span class="md-nav__icon md-icon"></span> | |
| </label> | |
| </div> | |
| <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_16_label" aria-expanded="false"> | |
| <label class="md-nav__title" for="__nav_4_16"> | |
| <span class="md-nav__icon md-icon"></span> | |
| OpenAPI | |
| </label> | |
| <ul class="md-nav__list" data-md-scrollfix> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/openapi/docs/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| OpenAPI <code>docs</code> | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/openapi/models/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| OpenAPI <code>models</code> | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| </ul> | |
| </nav> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/security/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Security Tools | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/encoders/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Encoders - <code>jsonable_encoder</code> | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/staticfiles/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Static Files - <code>StaticFiles</code> | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/templating/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Templating - <code>Jinja2Templates</code> | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../reference/testclient/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Test Client - <code>TestClient</code> | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| </ul> | |
| </nav> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../fastapi-people/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| FastAPI People | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item md-nav__item--nested"> | |
| <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6" > | |
| <div class="md-nav__link md-nav__container"> | |
| <a href="../../../resources/" class="md-nav__link "> | |
| <span class="md-ellipsis"> | |
| Resources | |
| </span> | |
| </a> | |
| <label class="md-nav__link " for="__nav_6" id="__nav_6_label" tabindex="0"> | |
| <span class="md-nav__icon md-icon"></span> | |
| </label> | |
| </div> | |
| <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false"> | |
| <label class="md-nav__title" for="__nav_6"> | |
| <span class="md-nav__icon md-icon"></span> | |
| Resources | |
| </label> | |
| <ul class="md-nav__list" data-md-scrollfix> | |
| <li class="md-nav__item"> | |
| <a href="../../../help-fastapi/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Help FastAPI - Get Help | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../contributing/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Development - Contributing | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../project-generation/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Full Stack FastAPI Template | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../external-links/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| External Links | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../newsletter/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| FastAPI and friends newsletter | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../management-tasks/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Repository Management Tasks | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| </ul> | |
| </nav> | |
| </li> | |
| <li class="md-nav__item md-nav__item--nested"> | |
| <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_7" > | |
| <div class="md-nav__link md-nav__container"> | |
| <a href="../../../about/" class="md-nav__link "> | |
| <span class="md-ellipsis"> | |
| About | |
| </span> | |
| </a> | |
| <label class="md-nav__link " for="__nav_7" id="__nav_7_label" tabindex="0"> | |
| <span class="md-nav__icon md-icon"></span> | |
| </label> | |
| </div> | |
| <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_7_label" aria-expanded="false"> | |
| <label class="md-nav__title" for="__nav_7"> | |
| <span class="md-nav__icon md-icon"></span> | |
| About | |
| </label> | |
| <ul class="md-nav__list" data-md-scrollfix> | |
| <li class="md-nav__item"> | |
| <a href="../../../alternatives/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Alternatives, Inspiration and Comparisons | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../history-design-future/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| History, Design and Future | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../benchmarks/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Benchmarks | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../management/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Repository Management | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| </ul> | |
| </nav> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="../../../release-notes/" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Release Notes | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| </ul> | |
| </nav> | |
| </div> | |
| </div> | |
| </div> | |
| <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" > | |
| <div class="md-sidebar__scrollwrap"> | |
| <div class="md-sidebar__inner"> | |
| <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> | |
| <label class="md-nav__title" for="__toc"> | |
| <span class="md-nav__icon md-icon"></span> | |
| Table of contents | |
| </label> | |
| <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix> | |
| <li class="md-nav__item"> | |
| <a href="#simple-http-basic-auth" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Simple HTTP Basic Auth | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="#check-the-username" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Check the username | |
| </span> | |
| </span> | |
| </a> | |
| <nav class="md-nav" aria-label="Check the username"> | |
| <ul class="md-nav__list"> | |
| <li class="md-nav__item"> | |
| <a href="#timing-attacks" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Timing Attacks | |
| </span> | |
| </span> | |
| </a> | |
| <nav class="md-nav" aria-label="Timing Attacks"> | |
| <ul class="md-nav__list"> | |
| <li class="md-nav__item"> | |
| <a href="#the-time-to-answer-helps-the-attackers" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| The time to answer helps the attackers | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="#a-professional-attack" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| A "professional" attack | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="#fix-it-with-secrets-compare-digest" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Fix it with <code>secrets.compare_digest()</code> | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| </ul> | |
| </nav> | |
| </li> | |
| <li class="md-nav__item"> | |
| <a href="#return-the-error" class="md-nav__link"> | |
| <span class="md-ellipsis"> | |
| <span class="md-typeset"> | |
| Return the error | |
| </span> | |
| </span> | |
| </a> | |
| </li> | |
| </ul> | |
| </nav> | |
| </li> | |
| </ul> | |
| </nav> | |
| </div> | |
| </div> | |
| </div> | |
| <div class="md-content" data-md-component="content"> | |
| <nav class="md-path" aria-label="Navigation" > | |
| <ol class="md-path__list"> | |
| <li class="md-path__item"> | |
| <a href="../../.." class="md-path__link"> | |
| <span class="md-ellipsis"> | |
| FastAPI | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-path__item"> | |
| <a href="../../../learn/" class="md-path__link"> | |
| <span class="md-ellipsis"> | |
| Learn | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-path__item"> | |
| <a href="../../" class="md-path__link"> | |
| <span class="md-ellipsis"> | |
| Advanced User Guide | |
| </span> | |
| </a> | |
| </li> | |
| <li class="md-path__item"> | |
| <a href="../" class="md-path__link"> | |
| <span class="md-ellipsis"> | |
| Advanced Security | |
| </span> | |
| </a> | |
| </li> | |
| </ol> | |
| </nav> | |
| <article class="md-content__inner md-typeset"> | |
| <h1 id="http-basic-auth">HTTP Basic Auth<a class="headerlink" data-preview="" href="#http-basic-auth" title="Permanent link">¶</a></h1> | |
| <p>For the simplest cases, you can use HTTP Basic Auth.</p> | |
| <p>In HTTP Basic Auth, the application expects a header that contains a username and a password.</p> | |
| <p>If it doesn't receive it, it returns an HTTP 401 "Unauthorized" error.</p> | |
| <p>And returns a header <code>WWW-Authenticate</code> with a value of <code>Basic</code>, and an optional <code>realm</code> parameter.</p> | |
| <p>That tells the browser to show the integrated prompt for a username and password.</p> | |
| <p>Then, when you type that username and password, the browser sends them in the header automatically.</p> | |
| <h2 id="simple-http-basic-auth">Simple HTTP Basic Auth<a class="headerlink" data-preview="" href="#simple-http-basic-auth" title="Permanent link">¶</a></h2> | |
| <ul> | |
| <li>Import <code>HTTPBasic</code> and <code>HTTPBasicCredentials</code>.</li> | |
| <li>Create a "<code>security</code> scheme" using <code>HTTPBasic</code>.</li> | |
| <li>Use that <code>security</code> with a dependency in your <em>path operation</em>.</li> | |
| <li>It returns an object of type <code>HTTPBasicCredentials</code>:<ul> | |
| <li>It contains the <code>username</code> and <code>password</code> sent.</li> | |
| </ul> | |
| </li> | |
| </ul> | |
| <div class="tabbed-set tabbed-alternate" data-tabs="1:1"><input checked="checked" id="__tabbed_1_1" name="__tabbed_1" type="radio" /><div class="tabbed-labels"><label for="__tabbed_1_1">Python 3.10+</label></div> | |
| <div class="tabbed-content"> | |
| <div class="tabbed-block"> | |
| <div class="highlight"><pre><span></span><code><span id="__span-0-1"><span class="kn">from</span><span class="w"> </span><span class="nn">typing</span><span class="w"> </span><span class="kn">import</span> <span class="n">Annotated</span> | |
| </span><span id="__span-0-2"> | |
| </span><span id="__span-0-3"><span class="kn">from</span><span class="w"> </span><span class="nn">fastapi</span><span class="w"> </span><span class="kn">import</span> <span class="n">Depends</span><span class="p">,</span> <span class="n">FastAPI</span> | |
| </span><span id="__span-0-4"><span class="hll"><span class="kn">from</span><span class="w"> </span><span class="nn">fastapi.security</span><span class="w"> </span><span class="kn">import</span> <span class="n">HTTPBasic</span><span class="p">,</span> <span class="n">HTTPBasicCredentials</span> | |
| </span></span><span id="__span-0-5"> | |
| </span><span id="__span-0-6"><span class="n">app</span> <span class="o">=</span> <span class="n">FastAPI</span><span class="p">()</span> | |
| </span><span id="__span-0-7"> | |
| </span><span id="__span-0-8"><span class="hll"><span class="n">security</span> <span class="o">=</span> <span class="n">HTTPBasic</span><span class="p">()</span> | |
| </span></span><span id="__span-0-9"> | |
| </span><span id="__span-0-10"> | |
| </span><span id="__span-0-11"><span class="nd">@app</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">"/users/me"</span><span class="p">)</span> | |
| </span><span id="__span-0-12"><span class="hll"><span class="k">def</span><span class="w"> </span><span class="nf">read_current_user</span><span class="p">(</span><span class="n">credentials</span><span class="p">:</span> <span class="n">Annotated</span><span class="p">[</span><span class="n">HTTPBasicCredentials</span><span class="p">,</span> <span class="n">Depends</span><span class="p">(</span><span class="n">security</span><span class="p">)]):</span> | |
| </span></span><span id="__span-0-13"> <span class="k">return</span> <span class="p">{</span><span class="s2">"username"</span><span class="p">:</span> <span class="n">credentials</span><span class="o">.</span><span class="n">username</span><span class="p">,</span> <span class="s2">"password"</span><span class="p">:</span> <span class="n">credentials</span><span class="o">.</span><span class="n">password</span><span class="p">}</span> | |
| </span></code></pre></div> | |
| </div> | |
| </div> | |
| </div> | |
| <details> | |
| <summary>🤓 Other versions and variants</summary> | |
| <div class="tabbed-set tabbed-alternate" data-tabs="2:1"><input checked="checked" id="__tabbed_2_1" name="__tabbed_2" type="radio" /><div class="tabbed-labels"><label for="__tabbed_2_1">Python 3.10+ - non-Annotated</label></div> | |
| <div class="tabbed-content"> | |
| <div class="tabbed-block"> | |
| <div class="admonition tip"> | |
| <p class="admonition-title">Tip</p> | |
| <p>Prefer to use the <code>Annotated</code> version if possible.</p> | |
| </div> | |
| <div class="highlight"><pre><span></span><code><span id="__span-1-1"><span class="kn">from</span><span class="w"> </span><span class="nn">fastapi</span><span class="w"> </span><span class="kn">import</span> <span class="n">Depends</span><span class="p">,</span> <span class="n">FastAPI</span> | |
| </span><span id="__span-1-2"><span class="kn">from</span><span class="w"> </span><span class="nn">fastapi.security</span><span class="w"> </span><span class="kn">import</span> <span class="n">HTTPBasic</span><span class="p">,</span> <span class="n">HTTPBasicCredentials</span> | |
| </span><span id="__span-1-3"> | |
| </span><span id="__span-1-4"><span class="n">app</span> <span class="o">=</span> <span class="n">FastAPI</span><span class="p">()</span> | |
| </span><span id="__span-1-5"> | |
| </span><span id="__span-1-6"><span class="n">security</span> <span class="o">=</span> <span class="n">HTTPBasic</span><span class="p">()</span> | |
| </span><span id="__span-1-7"> | |
| </span><span id="__span-1-8"> | |
| </span><span id="__span-1-9"><span class="nd">@app</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">"/users/me"</span><span class="p">)</span> | |
| </span><span id="__span-1-10"><span class="k">def</span><span class="w"> </span><span class="nf">read_current_user</span><span class="p">(</span><span class="n">credentials</span><span class="p">:</span> <span class="n">HTTPBasicCredentials</span> <span class="o">=</span> <span class="n">Depends</span><span class="p">(</span><span class="n">security</span><span class="p">)):</span> | |
| </span><span id="__span-1-11"> <span class="k">return</span> <span class="p">{</span><span class="s2">"username"</span><span class="p">:</span> <span class="n">credentials</span><span class="o">.</span><span class="n">username</span><span class="p">,</span> <span class="s2">"password"</span><span class="p">:</span> <span class="n">credentials</span><span class="o">.</span><span class="n">password</span><span class="p">}</span> | |
| </span></code></pre></div> | |
| </div> | |
| </div> | |
| </div> | |
| </details> | |
| <p>When you try to open the URL for the first time (or click the "Execute" button in the docs) the browser will ask you for your username and password:</p> | |
| <p><img src="/img/tutorial/security/image12.png"></p> | |
| <h2 id="check-the-username">Check the username<a class="headerlink" data-preview="" href="#check-the-username" title="Permanent link">¶</a></h2> | |
| <p>Here's a more complete example.</p> | |
| <p>Use a dependency to check if the username and password are correct.</p> | |
| <p>For this, use the Python standard module <a href="https://docs.python.org/3/library/secrets.html"><code>secrets</code></a> to check the username and password.</p> | |
| <p><code>secrets.compare_digest()</code> needs to take <code>bytes</code> or a <code>str</code> that only contains ASCII characters (the ones in English), this means it wouldn't work with characters like <code>á</code>, as in <code>Sebastián</code>.</p> | |
| <p>To handle that, we first convert the <code>username</code> and <code>password</code> to <code>bytes</code> encoding them with UTF-8.</p> | |
| <p>Then we can use <code>secrets.compare_digest()</code> to ensure that <code>credentials.username</code> is <code>"stanleyjobson"</code>, and that <code>credentials.password</code> is <code>"swordfish"</code>.</p> | |
| <div class="tabbed-set tabbed-alternate" data-tabs="3:1"><input checked="checked" id="__tabbed_3_1" name="__tabbed_3" type="radio" /><div class="tabbed-labels"><label for="__tabbed_3_1">Python 3.10+</label></div> | |
| <div class="tabbed-content"> | |
| <div class="tabbed-block"> | |
| <div class="highlight"><pre><span></span><code><span id="__span-2-1"><span class="hll"><span class="kn">import</span><span class="w"> </span><span class="nn">secrets</span> | |
| </span></span><span id="__span-2-2"><span class="kn">from</span><span class="w"> </span><span class="nn">typing</span><span class="w"> </span><span class="kn">import</span> <span class="n">Annotated</span> | |
| </span><span id="__span-2-3"> | |
| </span><span id="__span-2-4"><span class="kn">from</span><span class="w"> </span><span class="nn">fastapi</span><span class="w"> </span><span class="kn">import</span> <span class="n">Depends</span><span class="p">,</span> <span class="n">FastAPI</span><span class="p">,</span> <span class="n">HTTPException</span><span class="p">,</span> <span class="n">status</span> | |
| </span><span id="__span-2-5"><span class="kn">from</span><span class="w"> </span><span class="nn">fastapi.security</span><span class="w"> </span><span class="kn">import</span> <span class="n">HTTPBasic</span><span class="p">,</span> <span class="n">HTTPBasicCredentials</span> | |
| </span><span id="__span-2-6"> | |
| </span><span id="__span-2-7"><span class="n">app</span> <span class="o">=</span> <span class="n">FastAPI</span><span class="p">()</span> | |
| </span><span id="__span-2-8"> | |
| </span><span id="__span-2-9"><span class="n">security</span> <span class="o">=</span> <span class="n">HTTPBasic</span><span class="p">()</span> | |
| </span><span id="__span-2-10"> | |
| </span><span id="__span-2-11"> | |
| </span><span id="__span-2-12"><span class="hll"><span class="k">def</span><span class="w"> </span><span class="nf">get_current_username</span><span class="p">(</span> | |
| </span></span><span id="__span-2-13"><span class="hll"> <span class="n">credentials</span><span class="p">:</span> <span class="n">Annotated</span><span class="p">[</span><span class="n">HTTPBasicCredentials</span><span class="p">,</span> <span class="n">Depends</span><span class="p">(</span><span class="n">security</span><span class="p">)],</span> | |
| </span></span><span id="__span-2-14"><span class="hll"><span class="p">):</span> | |
| </span></span><span id="__span-2-15"><span class="hll"> <span class="n">current_username_bytes</span> <span class="o">=</span> <span class="n">credentials</span><span class="o">.</span><span class="n">username</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s2">"utf8"</span><span class="p">)</span> | |
| </span></span><span id="__span-2-16"><span class="hll"> <span class="n">correct_username_bytes</span> <span class="o">=</span> <span class="sa">b</span><span class="s2">"stanleyjobson"</span> | |
| </span></span><span id="__span-2-17"><span class="hll"> <span class="n">is_correct_username</span> <span class="o">=</span> <span class="n">secrets</span><span class="o">.</span><span class="n">compare_digest</span><span class="p">(</span> | |
| </span></span><span id="__span-2-18"><span class="hll"> <span class="n">current_username_bytes</span><span class="p">,</span> <span class="n">correct_username_bytes</span> | |
| </span></span><span id="__span-2-19"><span class="hll"> <span class="p">)</span> | |
| </span></span><span id="__span-2-20"><span class="hll"> <span class="n">current_password_bytes</span> <span class="o">=</span> <span class="n">credentials</span><span class="o">.</span><span class="n">password</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s2">"utf8"</span><span class="p">)</span> | |
| </span></span><span id="__span-2-21"><span class="hll"> <span class="n">correct_password_bytes</span> <span class="o">=</span> <span class="sa">b</span><span class="s2">"swordfish"</span> | |
| </span></span><span id="__span-2-22"><span class="hll"> <span class="n">is_correct_password</span> <span class="o">=</span> <span class="n">secrets</span><span class="o">.</span><span class="n">compare_digest</span><span class="p">(</span> | |
| </span></span><span id="__span-2-23"><span class="hll"> <span class="n">current_password_bytes</span><span class="p">,</span> <span class="n">correct_password_bytes</span> | |
| </span></span><span id="__span-2-24"><span class="hll"> <span class="p">)</span> | |
| </span></span><span id="__span-2-25"> <span class="k">if</span> <span class="ow">not</span> <span class="p">(</span><span class="n">is_correct_username</span> <span class="ow">and</span> <span class="n">is_correct_password</span><span class="p">):</span> | |
| </span><span id="__span-2-26"> <span class="k">raise</span> <span class="n">HTTPException</span><span class="p">(</span> | |
| </span><span id="__span-2-27"> <span class="n">status_code</span><span class="o">=</span><span class="n">status</span><span class="o">.</span><span class="n">HTTP_401_UNAUTHORIZED</span><span class="p">,</span> | |
| </span><span id="__span-2-28"> <span class="n">detail</span><span class="o">=</span><span class="s2">"Incorrect username or password"</span><span class="p">,</span> | |
| </span><span id="__span-2-29"> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="s2">"WWW-Authenticate"</span><span class="p">:</span> <span class="s2">"Basic"</span><span class="p">},</span> | |
| </span><span id="__span-2-30"> <span class="p">)</span> | |
| </span><span id="__span-2-31"> <span class="k">return</span> <span class="n">credentials</span><span class="o">.</span><span class="n">username</span> | |
| </span><span id="__span-2-32"> | |
| </span><span id="__span-2-33"> | |
| </span><span id="__span-2-34"><span class="nd">@app</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">"/users/me"</span><span class="p">)</span> | |
| </span><span id="__span-2-35"><span class="k">def</span><span class="w"> </span><span class="nf">read_current_user</span><span class="p">(</span><span class="n">username</span><span class="p">:</span> <span class="n">Annotated</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Depends</span><span class="p">(</span><span class="n">get_current_username</span><span class="p">)]):</span> | |
| </span><span id="__span-2-36"> <span class="k">return</span> <span class="p">{</span><span class="s2">"username"</span><span class="p">:</span> <span class="n">username</span><span class="p">}</span> | |
| </span></code></pre></div> | |
| </div> | |
| </div> | |
| </div> | |
| <details> | |
| <summary>🤓 Other versions and variants</summary> | |
| <div class="tabbed-set tabbed-alternate" data-tabs="4:1"><input checked="checked" id="__tabbed_4_1" name="__tabbed_4" type="radio" /><div class="tabbed-labels"><label for="__tabbed_4_1">Python 3.10+ - non-Annotated</label></div> | |
| <div class="tabbed-content"> | |
| <div class="tabbed-block"> | |
| <div class="admonition tip"> | |
| <p class="admonition-title">Tip</p> | |
| <p>Prefer to use the <code>Annotated</code> version if possible.</p> | |
| </div> | |
| <div class="highlight"><pre><span></span><code><span id="__span-3-1"><span class="kn">import</span><span class="w"> </span><span class="nn">secrets</span> | |
| </span><span id="__span-3-2"> | |
| </span><span id="__span-3-3"><span class="kn">from</span><span class="w"> </span><span class="nn">fastapi</span><span class="w"> </span><span class="kn">import</span> <span class="n">Depends</span><span class="p">,</span> <span class="n">FastAPI</span><span class="p">,</span> <span class="n">HTTPException</span><span class="p">,</span> <span class="n">status</span> | |
| </span><span id="__span-3-4"><span class="kn">from</span><span class="w"> </span><span class="nn">fastapi.security</span><span class="w"> </span><span class="kn">import</span> <span class="n">HTTPBasic</span><span class="p">,</span> <span class="n">HTTPBasicCredentials</span> | |
| </span><span id="__span-3-5"> | |
| </span><span id="__span-3-6"><span class="n">app</span> <span class="o">=</span> <span class="n">FastAPI</span><span class="p">()</span> | |
| </span><span id="__span-3-7"> | |
| </span><span id="__span-3-8"><span class="n">security</span> <span class="o">=</span> <span class="n">HTTPBasic</span><span class="p">()</span> | |
| </span><span id="__span-3-9"> | |
| </span><span id="__span-3-10"> | |
| </span><span id="__span-3-11"><span class="k">def</span><span class="w"> </span><span class="nf">get_current_username</span><span class="p">(</span><span class="n">credentials</span><span class="p">:</span> <span class="n">HTTPBasicCredentials</span> <span class="o">=</span> <span class="n">Depends</span><span class="p">(</span><span class="n">security</span><span class="p">)):</span> | |
| </span><span id="__span-3-12"> <span class="n">current_username_bytes</span> <span class="o">=</span> <span class="n">credentials</span><span class="o">.</span><span class="n">username</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s2">"utf8"</span><span class="p">)</span> | |
| </span><span id="__span-3-13"> <span class="n">correct_username_bytes</span> <span class="o">=</span> <span class="sa">b</span><span class="s2">"stanleyjobson"</span> | |
| </span><span id="__span-3-14"> <span class="n">is_correct_username</span> <span class="o">=</span> <span class="n">secrets</span><span class="o">.</span><span class="n">compare_digest</span><span class="p">(</span> | |
| </span><span id="__span-3-15"> <span class="n">current_username_bytes</span><span class="p">,</span> <span class="n">correct_username_bytes</span> | |
| </span><span id="__span-3-16"> <span class="p">)</span> | |
| </span><span id="__span-3-17"> <span class="n">current_password_bytes</span> <span class="o">=</span> <span class="n">credentials</span><span class="o">.</span><span class="n">password</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s2">"utf8"</span><span class="p">)</span> | |
| </span><span id="__span-3-18"> <span class="n">correct_password_bytes</span> <span class="o">=</span> <span class="sa">b</span><span class="s2">"swordfish"</span> | |
| </span><span id="__span-3-19"> <span class="n">is_correct_password</span> <span class="o">=</span> <span class="n">secrets</span><span class="o">.</span><span class="n">compare_digest</span><span class="p">(</span> | |
| </span><span id="__span-3-20"> <span class="n">current_password_bytes</span><span class="p">,</span> <span class="n">correct_password_bytes</span> | |
| </span><span id="__span-3-21"> <span class="p">)</span> | |
| </span><span id="__span-3-22"> <span class="k">if</span> <span class="ow">not</span> <span class="p">(</span><span class="n">is_correct_username</span> <span class="ow">and</span> <span class="n">is_correct_password</span><span class="p">):</span> | |
| </span><span id="__span-3-23"> <span class="k">raise</span> <span class="n">HTTPException</span><span class="p">(</span> | |
| </span><span id="__span-3-24"> <span class="n">status_code</span><span class="o">=</span><span class="n">status</span><span class="o">.</span><span class="n">HTTP_401_UNAUTHORIZED</span><span class="p">,</span> | |
| </span><span id="__span-3-25"> <span class="n">detail</span><span class="o">=</span><span class="s2">"Incorrect username or password"</span><span class="p">,</span> | |
| </span><span id="__span-3-26"> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="s2">"WWW-Authenticate"</span><span class="p">:</span> <span class="s2">"Basic"</span><span class="p">},</span> | |
| </span><span id="__span-3-27"> <span class="p">)</span> | |
| </span><span id="__span-3-28"> <span class="k">return</span> <span class="n">credentials</span><span class="o">.</span><span class="n">username</span> | |
| </span><span id="__span-3-29"> | |
| </span><span id="__span-3-30"> | |
| </span><span id="__span-3-31"><span class="nd">@app</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">"/users/me"</span><span class="p">)</span> | |
| </span><span id="__span-3-32"><span class="k">def</span><span class="w"> </span><span class="nf">read_current_user</span><span class="p">(</span><span class="n">username</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="n">Depends</span><span class="p">(</span><span class="n">get_current_username</span><span class="p">)):</span> | |
| </span><span id="__span-3-33"> <span class="k">return</span> <span class="p">{</span><span class="s2">"username"</span><span class="p">:</span> <span class="n">username</span><span class="p">}</span> | |
| </span></code></pre></div> | |
| </div> | |
| </div> | |
| </div> | |
| </details> | |
| <p>This would be similar to:</p> | |
| <div class="highlight"><pre><span></span><code><span id="__span-4-1"><span class="k">if</span> <span class="ow">not</span> <span class="p">(</span><span class="n">credentials</span><span class="o">.</span><span class="n">username</span> <span class="o">==</span> <span class="s2">"stanleyjobson"</span><span class="p">)</span> <span class="ow">or</span> <span class="ow">not</span> <span class="p">(</span><span class="n">credentials</span><span class="o">.</span><span class="n">password</span> <span class="o">==</span> <span class="s2">"swordfish"</span><span class="p">):</span> | |
| </span><span id="__span-4-2"> <span class="c1"># Return some error</span> | |
| </span><span id="__span-4-3"> <span class="o">...</span> | |
| </span></code></pre></div> | |
| <p>But by using the <code>secrets.compare_digest()</code> it will be secure against a type of attacks called "timing attacks".</p> | |
| <h3 id="timing-attacks">Timing Attacks<a class="headerlink" data-preview="" href="#timing-attacks" title="Permanent link">¶</a></h3> | |
| <p>But what's a "timing attack"?</p> | |
| <p>Let's imagine some attackers are trying to guess the username and password.</p> | |
| <p>And they send a request with a username <code>johndoe</code> and a password <code>love123</code>.</p> | |
| <p>Then the Python code in your application would be equivalent to something like:</p> | |
| <div class="highlight"><pre><span></span><code><span id="__span-5-1"><span class="k">if</span> <span class="s2">"johndoe"</span> <span class="o">==</span> <span class="s2">"stanleyjobson"</span> <span class="ow">and</span> <span class="s2">"love123"</span> <span class="o">==</span> <span class="s2">"swordfish"</span><span class="p">:</span> | |
| </span><span id="__span-5-2"> <span class="o">...</span> | |
| </span></code></pre></div> | |
| <p>But right at the moment Python compares the first <code>j</code> in <code>johndoe</code> to the first <code>s</code> in <code>stanleyjobson</code>, it will return <code>False</code>, because it already knows that those two strings are not the same, thinking that "there's no need to waste more computation comparing the rest of the letters". And your application will say "Incorrect username or password".</p> | |
| <p>But then the attackers try with username <code>stanleyjobsox</code> and password <code>love123</code>.</p> | |
| <p>And your application code does something like:</p> | |
| <div class="highlight"><pre><span></span><code><span id="__span-6-1"><span class="k">if</span> <span class="s2">"stanleyjobsox"</span> <span class="o">==</span> <span class="s2">"stanleyjobson"</span> <span class="ow">and</span> <span class="s2">"love123"</span> <span class="o">==</span> <span class="s2">"swordfish"</span><span class="p">:</span> | |
| </span><span id="__span-6-2"> <span class="o">...</span> | |
| </span></code></pre></div> | |
| <p>Python will have to compare the whole <code>stanleyjobso</code> in both <code>stanleyjobsox</code> and <code>stanleyjobson</code> before realizing that both strings are not the same. So it will take some extra microseconds to reply back "Incorrect username or password".</p> | |
| <h4 id="the-time-to-answer-helps-the-attackers">The time to answer helps the attackers<a class="headerlink" data-preview="" href="#the-time-to-answer-helps-the-attackers" title="Permanent link">¶</a></h4> | |
| <p>At that point, by noticing that the server took some microseconds longer to send the "Incorrect username or password" response, the attackers will know that they got <em>something</em> right, some of the initial letters were right.</p> | |
| <p>And then they can try again knowing that it's probably something more similar to <code>stanleyjobsox</code> than to <code>johndoe</code>.</p> | |
| <h4 id="a-professional-attack">A "professional" attack<a class="headerlink" data-preview="" href="#a-professional-attack" title="Permanent link">¶</a></h4> | |
| <p>Of course, the attackers would not try all this by hand, they would write a program to do it, possibly with thousands or millions of tests per second. And they would get just one extra correct letter at a time.</p> | |
| <p>But doing that, in some minutes or hours the attackers would have guessed the correct username and password, with the "help" of our application, just using the time taken to answer.</p> | |
| <h4 id="fix-it-with-secrets-compare-digest">Fix it with <code>secrets.compare_digest()</code><a class="headerlink" data-preview="" href="#fix-it-with-secrets-compare-digest" title="Permanent link">¶</a></h4> | |
| <p>But in our code we are actually using <code>secrets.compare_digest()</code>.</p> | |
| <p>In short, it will take the same time to compare <code>stanleyjobsox</code> to <code>stanleyjobson</code> than it takes to compare <code>johndoe</code> to <code>stanleyjobson</code>. And the same for the password.</p> | |
| <p>That way, using <code>secrets.compare_digest()</code> in your application code, it will be safe against this whole range of security attacks.</p> | |
| <h3 id="return-the-error">Return the error<a class="headerlink" data-preview="" href="#return-the-error" title="Permanent link">¶</a></h3> | |
| <p>After detecting that the credentials are incorrect, return an <code>HTTPException</code> with a status code 401 (the same returned when no credentials are provided) and add the header <code>WWW-Authenticate</code> to make the browser show the login prompt again:</p> | |
| <div class="tabbed-set tabbed-alternate" data-tabs="5:1"><input checked="checked" id="__tabbed_5_1" name="__tabbed_5" type="radio" /><div class="tabbed-labels"><label for="__tabbed_5_1">Python 3.10+</label></div> | |
| <div class="tabbed-content"> | |
| <div class="tabbed-block"> | |
| <div class="highlight"><pre><span></span><code><span id="__span-7-1"><span class="kn">import</span><span class="w"> </span><span class="nn">secrets</span> | |
| </span><span id="__span-7-2"><span class="kn">from</span><span class="w"> </span><span class="nn">typing</span><span class="w"> </span><span class="kn">import</span> <span class="n">Annotated</span> | |
| </span><span id="__span-7-3"> | |
| </span><span id="__span-7-4"><span class="kn">from</span><span class="w"> </span><span class="nn">fastapi</span><span class="w"> </span><span class="kn">import</span> <span class="n">Depends</span><span class="p">,</span> <span class="n">FastAPI</span><span class="p">,</span> <span class="n">HTTPException</span><span class="p">,</span> <span class="n">status</span> | |
| </span><span id="__span-7-5"><span class="kn">from</span><span class="w"> </span><span class="nn">fastapi.security</span><span class="w"> </span><span class="kn">import</span> <span class="n">HTTPBasic</span><span class="p">,</span> <span class="n">HTTPBasicCredentials</span> | |
| </span><span id="__span-7-6"> | |
| </span><span id="__span-7-7"><span class="n">app</span> <span class="o">=</span> <span class="n">FastAPI</span><span class="p">()</span> | |
| </span><span id="__span-7-8"> | |
| </span><span id="__span-7-9"><span class="n">security</span> <span class="o">=</span> <span class="n">HTTPBasic</span><span class="p">()</span> | |
| </span><span id="__span-7-10"> | |
| </span><span id="__span-7-11"> | |
| </span><span id="__span-7-12"><span class="k">def</span><span class="w"> </span><span class="nf">get_current_username</span><span class="p">(</span> | |
| </span><span id="__span-7-13"> <span class="n">credentials</span><span class="p">:</span> <span class="n">Annotated</span><span class="p">[</span><span class="n">HTTPBasicCredentials</span><span class="p">,</span> <span class="n">Depends</span><span class="p">(</span><span class="n">security</span><span class="p">)],</span> | |
| </span><span id="__span-7-14"><span class="p">):</span> | |
| </span><span id="__span-7-15"> <span class="n">current_username_bytes</span> <span class="o">=</span> <span class="n">credentials</span><span class="o">.</span><span class="n">username</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s2">"utf8"</span><span class="p">)</span> | |
| </span><span id="__span-7-16"> <span class="n">correct_username_bytes</span> <span class="o">=</span> <span class="sa">b</span><span class="s2">"stanleyjobson"</span> | |
| </span><span id="__span-7-17"> <span class="n">is_correct_username</span> <span class="o">=</span> <span class="n">secrets</span><span class="o">.</span><span class="n">compare_digest</span><span class="p">(</span> | |
| </span><span id="__span-7-18"> <span class="n">current_username_bytes</span><span class="p">,</span> <span class="n">correct_username_bytes</span> | |
| </span><span id="__span-7-19"> <span class="p">)</span> | |
| </span><span id="__span-7-20"> <span class="n">current_password_bytes</span> <span class="o">=</span> <span class="n">credentials</span><span class="o">.</span><span class="n">password</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s2">"utf8"</span><span class="p">)</span> | |
| </span><span id="__span-7-21"> <span class="n">correct_password_bytes</span> <span class="o">=</span> <span class="sa">b</span><span class="s2">"swordfish"</span> | |
| </span><span id="__span-7-22"> <span class="n">is_correct_password</span> <span class="o">=</span> <span class="n">secrets</span><span class="o">.</span><span class="n">compare_digest</span><span class="p">(</span> | |
| </span><span id="__span-7-23"> <span class="n">current_password_bytes</span><span class="p">,</span> <span class="n">correct_password_bytes</span> | |
| </span><span id="__span-7-24"> <span class="p">)</span> | |
| </span><span id="__span-7-25"> <span class="k">if</span> <span class="ow">not</span> <span class="p">(</span><span class="n">is_correct_username</span> <span class="ow">and</span> <span class="n">is_correct_password</span><span class="p">):</span> | |
| </span><span id="__span-7-26"><span class="hll"> <span class="k">raise</span> <span class="n">HTTPException</span><span class="p">(</span> | |
| </span></span><span id="__span-7-27"><span class="hll"> <span class="n">status_code</span><span class="o">=</span><span class="n">status</span><span class="o">.</span><span class="n">HTTP_401_UNAUTHORIZED</span><span class="p">,</span> | |
| </span></span><span id="__span-7-28"><span class="hll"> <span class="n">detail</span><span class="o">=</span><span class="s2">"Incorrect username or password"</span><span class="p">,</span> | |
| </span></span><span id="__span-7-29"><span class="hll"> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="s2">"WWW-Authenticate"</span><span class="p">:</span> <span class="s2">"Basic"</span><span class="p">},</span> | |
| </span></span><span id="__span-7-30"><span class="hll"> <span class="p">)</span> | |
| </span></span><span id="__span-7-31"> <span class="k">return</span> <span class="n">credentials</span><span class="o">.</span><span class="n">username</span> | |
| </span><span id="__span-7-32"> | |
| </span><span id="__span-7-33"> | |
| </span><span id="__span-7-34"><span class="nd">@app</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">"/users/me"</span><span class="p">)</span> | |
| </span><span id="__span-7-35"><span class="k">def</span><span class="w"> </span><span class="nf">read_current_user</span><span class="p">(</span><span class="n">username</span><span class="p">:</span> <span class="n">Annotated</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Depends</span><span class="p">(</span><span class="n">get_current_username</span><span class="p">)]):</span> | |
| </span><span id="__span-7-36"> <span class="k">return</span> <span class="p">{</span><span class="s2">"username"</span><span class="p">:</span> <span class="n">username</span><span class="p">}</span> | |
| </span></code></pre></div> | |
| </div> | |
| </div> | |
| </div> | |
| <details> | |
| <summary>🤓 Other versions and variants</summary> | |
| <div class="tabbed-set tabbed-alternate" data-tabs="6:1"><input checked="checked" id="__tabbed_6_1" name="__tabbed_6" type="radio" /><div class="tabbed-labels"><label for="__tabbed_6_1">Python 3.10+ - non-Annotated</label></div> | |
| <div class="tabbed-content"> | |
| <div class="tabbed-block"> | |
| <div class="admonition tip"> | |
| <p class="admonition-title">Tip</p> | |
| <p>Prefer to use the <code>Annotated</code> version if possible.</p> | |
| </div> | |
| <div class="highlight"><pre><span></span><code><span id="__span-8-1"><span class="kn">import</span><span class="w"> </span><span class="nn">secrets</span> | |
| </span><span id="__span-8-2"> | |
| </span><span id="__span-8-3"><span class="kn">from</span><span class="w"> </span><span class="nn">fastapi</span><span class="w"> </span><span class="kn">import</span> <span class="n">Depends</span><span class="p">,</span> <span class="n">FastAPI</span><span class="p">,</span> <span class="n">HTTPException</span><span class="p">,</span> <span class="n">status</span> | |
| </span><span id="__span-8-4"><span class="kn">from</span><span class="w"> </span><span class="nn">fastapi.security</span><span class="w"> </span><span class="kn">import</span> <span class="n">HTTPBasic</span><span class="p">,</span> <span class="n">HTTPBasicCredentials</span> | |
| </span><span id="__span-8-5"> | |
| </span><span id="__span-8-6"><span class="n">app</span> <span class="o">=</span> <span class="n">FastAPI</span><span class="p">()</span> | |
| </span><span id="__span-8-7"> | |
| </span><span id="__span-8-8"><span class="n">security</span> <span class="o">=</span> <span class="n">HTTPBasic</span><span class="p">()</span> | |
| </span><span id="__span-8-9"> | |
| </span><span id="__span-8-10"> | |
| </span><span id="__span-8-11"><span class="k">def</span><span class="w"> </span><span class="nf">get_current_username</span><span class="p">(</span><span class="n">credentials</span><span class="p">:</span> <span class="n">HTTPBasicCredentials</span> <span class="o">=</span> <span class="n">Depends</span><span class="p">(</span><span class="n">security</span><span class="p">)):</span> | |
| </span><span id="__span-8-12"> <span class="n">current_username_bytes</span> <span class="o">=</span> <span class="n">credentials</span><span class="o">.</span><span class="n">username</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s2">"utf8"</span><span class="p">)</span> | |
| </span><span id="__span-8-13"> <span class="n">correct_username_bytes</span> <span class="o">=</span> <span class="sa">b</span><span class="s2">"stanleyjobson"</span> | |
| </span><span id="__span-8-14"> <span class="n">is_correct_username</span> <span class="o">=</span> <span class="n">secrets</span><span class="o">.</span><span class="n">compare_digest</span><span class="p">(</span> | |
| </span><span id="__span-8-15"> <span class="n">current_username_bytes</span><span class="p">,</span> <span class="n">correct_username_bytes</span> | |
| </span><span id="__span-8-16"> <span class="p">)</span> | |
| </span><span id="__span-8-17"> <span class="n">current_password_bytes</span> <span class="o">=</span> <span class="n">credentials</span><span class="o">.</span><span class="n">password</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s2">"utf8"</span><span class="p">)</span> | |
| </span><span id="__span-8-18"> <span class="n">correct_password_bytes</span> <span class="o">=</span> <span class="sa">b</span><span class="s2">"swordfish"</span> | |
| </span><span id="__span-8-19"> <span class="n">is_correct_password</span> <span class="o">=</span> <span class="n">secrets</span><span class="o">.</span><span class="n">compare_digest</span><span class="p">(</span> | |
| </span><span id="__span-8-20"> <span class="n">current_password_bytes</span><span class="p">,</span> <span class="n">correct_password_bytes</span> | |
| </span><span id="__span-8-21"> <span class="p">)</span> | |
| </span><span id="__span-8-22"> <span class="k">if</span> <span class="ow">not</span> <span class="p">(</span><span class="n">is_correct_username</span> <span class="ow">and</span> <span class="n">is_correct_password</span><span class="p">):</span> | |
| </span><span id="__span-8-23"> <span class="k">raise</span> <span class="n">HTTPException</span><span class="p">(</span> | |
| </span><span id="__span-8-24"> <span class="n">status_code</span><span class="o">=</span><span class="n">status</span><span class="o">.</span><span class="n">HTTP_401_UNAUTHORIZED</span><span class="p">,</span> | |
| </span><span id="__span-8-25"> <span class="n">detail</span><span class="o">=</span><span class="s2">"Incorrect username or password"</span><span class="p">,</span> | |
| </span><span id="__span-8-26"> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="s2">"WWW-Authenticate"</span><span class="p">:</span> <span class="s2">"Basic"</span><span class="p">},</span> | |
| </span><span id="__span-8-27"> <span class="p">)</span> | |
| </span><span id="__span-8-28"> <span class="k">return</span> <span class="n">credentials</span><span class="o">.</span><span class="n">username</span> | |
| </span><span id="__span-8-29"> | |
| </span><span id="__span-8-30"> | |
| </span><span id="__span-8-31"><span class="nd">@app</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">"/users/me"</span><span class="p">)</span> | |
| </span><span id="__span-8-32"><span class="k">def</span><span class="w"> </span><span class="nf">read_current_user</span><span class="p">(</span><span class="n">username</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="n">Depends</span><span class="p">(</span><span class="n">get_current_username</span><span class="p">)):</span> | |
| </span><span id="__span-8-33"> <span class="k">return</span> <span class="p">{</span><span class="s2">"username"</span><span class="p">:</span> <span class="n">username</span><span class="p">}</span> | |
| </span></code></pre></div> | |
| </div> | |
| </div> | |
| </div> | |
| </details> | |
| </article> | |
| </div> | |
| <script>var tabs=__md_get("__tabs");if(Array.isArray(tabs))e:for(var set of document.querySelectorAll(".tabbed-set")){var labels=set.querySelector(".tabbed-labels");for(var tab of tabs)for(var label of labels.getElementsByTagName("label"))if(label.innerText.trim()===tab){var input=document.getElementById(label.htmlFor);input.checked=!0;continue e}}</script> | |
| <script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script> | |
| </div> | |
| <button type="button" class="md-top md-icon" data-md-component="top" hidden> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg> | |
| Back to top | |
| </button> | |
| </main> | |
| <footer class="md-footer"> | |
| <nav class="md-footer__inner md-grid" aria-label="Footer" > | |
| <a href="../oauth2-scopes/" class="md-footer__link md-footer__link--prev" aria-label="Previous: OAuth2 scopes"> | |
| <div class="md-footer__button md-icon"> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg> | |
| </div> | |
| <div class="md-footer__title"> | |
| <span class="md-footer__direction"> | |
| Previous | |
| </span> | |
| <div class="md-ellipsis"> | |
| OAuth2 scopes | |
| </div> | |
| </div> | |
| </a> | |
| <a href="../../using-request-directly/" class="md-footer__link md-footer__link--next" aria-label="Next: Using the Request Directly"> | |
| <div class="md-footer__title"> | |
| <span class="md-footer__direction"> | |
| Next | |
| </span> | |
| <div class="md-ellipsis"> | |
| Using the Request Directly | |
| </div> | |
| </div> | |
| <div class="md-footer__button md-icon"> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11z"/></svg> | |
| </div> | |
| </a> | |
| </nav> | |
| <div class="md-footer-meta md-typeset"> | |
| <div class="md-footer-meta__inner md-grid"> | |
| <div class="md-copyright"> | |
| <div class="md-copyright__highlight"> | |
| The FastAPI trademark is owned by <a href="https://tiangolo.com" target="_blank">@tiangolo</a> and is registered in the US and across other regions | |
| </div> | |
| Made with | |
| <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener"> | |
| Material for MkDocs | |
| </a> | |
| </div> | |
| <div class="md-social"> | |
| <a href="https://github.com/fastapi/fastapi" target="_blank" rel="noopener" title="github.com" class="md-social__link"> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M202.1 328.7c0 20.9-10.9 55.1-36.7 55.1s-36.7-34.2-36.7-55.1 10.9-55.1 36.7-55.1 36.7 34.2 36.7 55.1M496 278.2c0 31.9-3.2 65.7-17.5 95-37.9 76.6-142.1 74.8-216.7 74.8-75.8 0-186.2 2.7-225.6-74.8-14.6-29-20.2-63.1-20.2-95 0-41.9 13.9-81.5 41.5-113.6-5.2-15.8-7.7-32.4-7.7-48.8 0-21.5 4.9-32.3 14.6-51.8 45.3 0 74.3 9 108.8 36 29-6.9 58.8-10 88.7-10 27 0 54.2 2.9 80.4 9.2 34-26.7 63-35.2 107.8-35.2 9.8 19.5 14.6 30.3 14.6 51.8 0 16.4-2.6 32.7-7.7 48.2 27.5 32.4 39 72.3 39 114.2m-64.3 50.5c0-43.9-26.7-82.6-73.5-82.6-18.9 0-37 3.4-56 6-14.9 2.3-29.8 3.2-45.1 3.2-15.2 0-30.1-.9-45.1-3.2-18.7-2.6-37-6-56-6-46.8 0-73.5 38.7-73.5 82.6 0 87.8 80.4 101.3 150.4 101.3h48.2c70.3 0 150.6-13.4 150.6-101.3m-82.6-55.1c-25.8 0-36.7 34.2-36.7 55.1s10.9 55.1 36.7 55.1 36.7-34.2 36.7-55.1-10.9-55.1-36.7-55.1"/></svg> | |
| </a> | |
| <a href="https://discord.gg/VQjSZaeJmf" target="_blank" rel="noopener" title="discord.gg" class="md-social__link"> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 576 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M492.5 69.8c-.2-.3-.4-.6-.8-.7-38.1-17.5-78.4-30-119.7-37.1-.4-.1-.8 0-1.1.1s-.6.4-.8.8c-5.5 9.9-10.5 20.2-14.9 30.6-44.6-6.8-89.9-6.8-134.4 0-4.5-10.5-9.5-20.7-15.1-30.6-.2-.3-.5-.6-.8-.8s-.7-.2-1.1-.2C162.5 39 122.2 51.5 84.1 69c-.3.1-.6.4-.8.7C7.1 183.5-13.8 294.6-3.6 404.2c0 .3.1.5.2.8s.3.4.5.6c44.4 32.9 94 58 146.8 74.2.4.1.8.1 1.1 0s.7-.4.9-.7c11.3-15.4 21.4-31.8 30-48.8.1-.2.2-.5.2-.8s0-.5-.1-.8-.2-.5-.4-.6-.4-.3-.7-.4c-15.8-6.1-31.2-13.4-45.9-21.9-.3-.2-.5-.4-.7-.6s-.3-.6-.3-.9 0-.6.2-.9.3-.5.6-.7c3.1-2.3 6.2-4.7 9.1-7.1.3-.2.6-.4.9-.4s.7 0 1 .1c96.2 43.9 200.4 43.9 295.5 0 .3-.1.7-.2 1-.2s.7.2.9.4c2.9 2.4 6 4.9 9.1 7.2.2.2.4.4.6.7s.2.6.2.9-.1.6-.3.9-.4.5-.6.6c-14.7 8.6-30 15.9-45.9 21.8-.2.1-.5.2-.7.4s-.3.4-.4.7-.1.5-.1.8.1.5.2.8c8.8 17 18.8 33.3 30 48.8.2.3.6.6.9.7s.8.1 1.1 0c52.9-16.2 102.6-41.3 147.1-74.2.2-.2.4-.4.5-.6s.2-.5.2-.8c12.3-126.8-20.5-236.9-86.9-334.5zm-302 267.7c-29 0-52.8-26.6-52.8-59.2s23.4-59.2 52.8-59.2c29.7 0 53.3 26.8 52.8 59.2 0 32.7-23.4 59.2-52.8 59.2m195.4 0c-29 0-52.8-26.6-52.8-59.2s23.4-59.2 52.8-59.2c29.7 0 53.3 26.8 52.8 59.2 0 32.7-23.2 59.2-52.8 59.2"/></svg> | |
| </a> | |
| <a href="https://x.com/fastapi" target="_blank" rel="noopener" title="x.com" class="md-social__link"> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M459.4 151.7c.3 4.5.3 9.1.3 13.6 0 138.7-105.6 298.6-298.6 298.6-59.5 0-114.7-17.2-161.1-47.1 8.4 1 16.6 1.3 25.3 1.3 49.1 0 94.2-16.6 130.3-44.8-46.1-1-84.8-31.2-98.1-72.8 6.5 1 13 1.6 19.8 1.6 9.4 0 18.8-1.3 27.6-3.6-48.1-9.7-84.1-52-84.1-103v-1.3c14 7.8 30.2 12.7 47.4 13.3-28.3-18.8-46.8-51-46.8-87.4 0-19.5 5.2-37.4 14.3-53C87.4 130.8 165 172.4 252.1 176.9c-1.6-7.8-2.6-15.9-2.6-24C249.5 95.1 296.3 48 354.4 48c30.2 0 57.5 12.7 76.7 33.1 23.7-4.5 46.5-13.3 66.6-25.3-7.8 24.4-24.4 44.8-46.1 57.8 21.1-2.3 41.6-8.1 60.4-16.2-14.3 20.8-32.2 39.3-52.6 54.3"/></svg> | |
| </a> | |
| <a href="https://www.linkedin.com/company/fastapi" target="_blank" rel="noopener" title="www.linkedin.com" class="md-social__link"> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M416 32H31.9C14.3 32 0 46.5 0 64.3v383.4C0 465.5 14.3 480 31.9 480H416c17.6 0 32-14.5 32-32.3V64.3c0-17.8-14.4-32.3-32-32.3M135.4 416H69V202.2h66.5V416zM102.2 96a38.5 38.5 0 1 1 0 77 38.5 38.5 0 1 1 0-77m282.1 320h-66.4V312c0-24.8-.5-56.7-34.5-56.7-34.6 0-39.9 27-39.9 54.9V416h-66.4V202.2h63.7v29.2h.9c8.9-16.8 30.6-34.5 62.9-34.5 67.2 0 79.7 44.3 79.7 101.9z"/></svg> | |
| </a> | |
| <a href="https://tiangolo.com" target="_blank" rel="noopener" title="tiangolo.com" class="md-social__link"> | |
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M351.9 280H161c2.9 64.5 17.2 123.9 37.5 167.4 11.4 24.5 23.7 41.8 35.1 52.4 11.2 10.5 18.9 12.2 22.9 12.2s11.7-1.7 22.9-12.2c11.4-10.6 23.7-28 35.1-52.4 20.3-43.5 34.6-102.9 37.5-167.4zm-191-48h190.9c-2.8-64.5-17.1-123.9-37.4-167.4-11.4-24.4-23.7-41.8-35.1-52.4C268.1 1.7 260.4 0 256.4 0s-11.7 1.7-22.9 12.2c-11.4 10.6-23.7 28-35.1 52.4-20.3 43.5-34.6 102.9-37.5 167.4m-48 0c3.5-85.6 25.6-165.1 57.9-217.3C78.7 47.3 10.9 131.2 1.5 232zM1.5 280c9.4 100.8 77.2 184.7 169.3 217.3-32.3-52.2-54.4-131.7-57.9-217.3zm398.4 0c-3.5 85.6-25.6 165.1-57.9 217.3 92.1-32.7 159.9-116.5 169.3-217.3zm111.4-48C501.9 131.2 434.1 47.3 342 14.7c32.3 52.2 54.4 131.7 57.9 217.3z"/></svg> | |
| </a> | |
| </div> | |
| </div> | |
| </div> | |
| </footer> | |
| </div> | |
| <div class="md-dialog" data-md-component="dialog"> | |
| <div class="md-dialog__inner md-typeset"></div> | |
| </div> | |
| <div class="md-progress" data-md-component="progress" role="progressbar"></div> | |
| <script id="__config" type="application/json">{"annotate": null, "base": "../../..", "features": ["content.code.annotate", "content.code.copy", "content.footnote.tooltips", "content.tabs.link", "content.tooltips", "navigation.footer", "navigation.indexes", "navigation.instant", "navigation.instant.prefetch", "navigation.instant.progress", "navigation.path", "navigation.tabs", "navigation.tabs.sticky", "navigation.top", "navigation.tracking", "search.highlight", "search.share", "search.suggest", "toc.follow"], "search": "../../../assets/javascripts/workers/search.2c215733.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": null}</script> | |
| <script src="../../../assets/javascripts/bundle.79ae519e.min.js"></script> | |
| <script src="../../../js/termynal.js"></script> | |
| <script src="../../../js/custom.js"></script> | |
| <script src="../../../js/init_kapa_widget.js"></script> | |
| <!-- Cloudflare Pages Analytics --><script defer src='https://static.cloudflareinsights.com/beacon.min.js' data-cf-beacon='{"token": "83c63961621f43319d43d493c35d7611"}'></script><!-- Cloudflare Pages Analytics --></body> | |
| </html> |