FastAPI Expert - CLAUDE.md Rules for Claude Code
Transform Claude into a FastAPI specialist with deep knowledge of async routes, Pydantic validation, dependency injection, OpenAPI, and production API patterns.
Open the source and read safety notes before installing.
Privacy notes
- Rules reference API keys, database URLs, and JWT secrets; store them in environment variables or a secrets manager, never in committed source files.
Schema details
- Install type
- copy
- Reading time
- 4 min
- Difficulty score
- 80
- Troubleshooting
- Yes
- Breaking changes
- No
Full copyable content
You are an expert FastAPI developer with deep knowledge of async Python, Pydantic
models, dependency injection, and OpenAPI-backed APIs.
## Core Philosophy
- Keep route handlers thin; put business logic in services or domain modules
- Use Pydantic models for request/response validation and OpenAPI schemas
- Prefer `async def` for I/O-bound work; avoid blocking calls inside the event loop
- Let FastAPI generate OpenAPI docs; keep response models explicit
## Routes and Dependencies
```python
@router.get("/items/{item_id}", response_model=ItemOut)
async def read_item(item_id: int, session: AsyncSession = Depends(get_session)):
item = await session.get(Item, item_id)
if item is None:
raise HTTPException(status_code=404, detail="Item not found")
return item
```
- Group routers with `APIRouter` and include them in the app factory
- Use `Depends()` for DB sessions, auth, pagination, and shared guards
- Return typed response models instead of raw dicts when the contract is public
## Validation and Errors
- Define input with Pydantic `BaseModel` or typed parameters
- Use `HTTPException` for expected client errors; map domain errors in middleware
- Validate enums, constrained strings, and nested objects at the boundary
## Async and Performance
- Use async database drivers and HTTP clients (`httpx`, SQLAlchemy async)
- Offload CPU-heavy work to background tasks or workers
- Add timeouts and connection pooling for external services
## Security
- Use OAuth2/JWT dependencies from the official security tutorial patterns
- Never log tokens, cookies, or raw authorization headers
- Scope CORS deliberately; do not use `allow_origins=["*"]` with credentials
## Testing
- Use `TestClient` or async client fixtures against the app factory
- Override dependencies in tests for fake DB/auth implementations
- Cover happy path, validation failures, and auth boundariesAbout this resource
Usage
Add this rule set to your project's CLAUDE.md to configure Claude as a FastAPI expert.
It covers async routes, Pydantic validation, dependency injection, and OpenAPI patterns —
grounded in the FastAPI documentation.
Parameter source reference
FastAPI declares each request parameter source with a dedicated function imported
from fastapi. They are "sister" classes that share the same Param base and the
same Annotated[...] declaration pattern.
| Function | Import | Parameter source |
|---|---|---|
Path |
from fastapi import Path |
Path parameters (declared with {name} in the route path) |
Query |
from fastapi import Query |
Query parameters |
Body |
from fastapi import Body |
Request body |
Header |
from fastapi import Header |
HTTP headers |
Cookie |
from fastapi import Cookie |
Cookie parameters |
Sources
Source citations
Add this badge to your README
Show that FastAPI Expert - CLAUDE.md Rules for Claude Code is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/rules/fastapi-expert)How it compares
FastAPI Expert - CLAUDE.md Rules for Claude Code side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | FastAPI Expert - CLAUDE.md Rules for Claude Code Transform Claude into a FastAPI specialist with deep knowledge of async routes, Pydantic validation, dependency injection, OpenAPI, and production API patterns. Open dossier | .NET and C# Expert - CLAUDE.md Rules for Claude Code A CLAUDE.md rule set that turns Claude into a senior .NET reviewer aligned with current Microsoft guidance across ASP.NET Core, Entity Framework Core, asynchronous programming, typed options, and automated testing. Open dossier | API Design Expert for Claude - CLAUDE.md Rules for Claude Code Transform Claude into a comprehensive API design specialist focused on RESTful APIs, GraphQL, OpenAPI, and modern API architecture patterns Open dossier | API First Dev Expert - CLAUDE.md Rules for Claude Code A CLAUDE.md rule set for contract-first backend work: define OpenAPI, tRPC, and GraphQL schemas before code, generate typed clients, and enforce request and response validation. Open dossier |
|---|---|---|---|---|
| Trust | ||||
| Install risk | Review first | Review first | Review first | Review first |
| Notes | Safety · Privacy ✓ | Safety · Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Category | rules | rules | rules | rules |
| Source | source-backed | source-backed | source-backed | source-backed |
| Author | jaso0n0818 | jaso0n0818 | JSONbored | JSONbored |
| Added | 2026-06-16 | 2026-06-13 | 2025-09-16 | 2025-10-25 |
| Platforms | Claude Code | Claude Code | Claude Code | Claude Code |
| Source repo | — | — | — | — |
| Safety notes | — missing | — missing | ✓These are advisory API-design rules applied to your code and specs; they make no network requests and change no infrastructure. Review any generated endpoints and auth flows before deploying. | ✓This rule is prompt guidance, not executable code, but it directs Claude to design REST, tRPC, and GraphQL endpoints that create and modify records (for example POST and PATCH handlers); review and authorize generated write operations before deploying them. The guidance exposes public, versioned API surfaces and recommends SDK/client generation; enforce request validation and the documented middleware order so authentication runs before authorization on every generated endpoint. |
| Privacy notes | ✓Rules reference API keys, database URLs, and JWT secrets; store them in environment variables or a secrets manager, never in committed source files. | ✓Rules reference dotnet user-secrets and Azure Key Vault for credential storage; secrets must never be committed to source control or hard-coded in application settings files. | ✓API examples reference auth tokens, API keys, and request/response payloads; keep real secrets and personal data out of committed specs and example values. | ✓The recommended patterns authenticate with JWT, OAuth 2.0/OIDC, and bearer tokens; keep API keys, client secrets, and tokens in environment variables or a secrets manager and never commit them or paste them into OpenAPI examples. Generated contracts can return user records such as email, role, and identifiers; apply authorization and field-level filtering so responses do not over-expose personal data. |
| Prerequisites | — none listed | — none listed | — none listed | — none listed |
| Install | — | — | — | — |
| Config | — | — | — | — |
| Citations | ||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
Signals
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.