Install command
Provided
Build high-performance async REST APIs with FastAPI, Python's fastest-growing web framework. Automatic OpenAPI/Swagger documentation, type-safe validation with Pydantic, native async/await support, and dependency injection for clean architecture.
Open the source and read safety notes before installing.
Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.
Decision playbook
Signals are comparatively strong, but you should still validate source, privacy posture, and package provenance for your environment.
0
96
—
No baseline selected
No major trust-signal divergence detected in the current selection.
Confirm ownership and provenance before trusting install instructions.
Source link availableRequired
Open the canonical repository and verify ownership.
Source provenance statusRequired
Marked as first-party.
Metadata reviewed
Registry metadata indicates a reviewed listing.
Validate risk disclosures before installation or API wiring.
Safety notes presentRequired
Review the listed safety guidance before running commands.
Privacy notes presentRequired
Review data handling notes before connecting accounts or secrets.
Trust level risk gateRequired
Trust level does not block evaluation.
Check package metadata and artifact integrity signals.
Install payload available
Install or copy payload is available for review.
Package verification flag
Package marked verified.
Checksum metadata
SHA-256 hash is present.
Use compare context to validate trade-offs before adoption.
Compare tray has multiple entries
Add at least one more entry to compare trust differences.
Baseline comparison available
No baseline peer selected yet.
Diverging trust signals identified
No major trust-signal divergence found.
Setup at a glance
Copy-ready — paste the snippet to get started.
Install command
Provided
Config snippet
Not provided
Copy snippet
Provided
Prerequisites
6 to clear
Platforms
6 listed
Difficulty
100/100
Adoption plan
Current risk score 0/100. Use staged verification before broader rollout.
Validate source and review signals before any execution.
Confirm source provenanceRequired
Source URL/provenance metadata is present.
Confirm metadata review state
Listing has review metadata.
Verify install payload
Install/config payload exists and can be inspected.
Confirm safety, privacy, and package integrity signals.
Review safety notesRequired
Safety notes are present.
Review privacy notesRequired
Privacy notes are present.
Verify package integrity metadata
Package verification/checksum metadata is available.
Adopt in controlled steps based on the selected plan.
Run in isolated sandbox firstRequired
Use a constrained sandbox and observe behavior across multiple tasks.
Roll out graduallyRequired
Roll out to a small cohort before wider usage.
Set monitoring and fallback
Define rollback path and monitor errors after adoption.
Evidence readiness
Required evidence gates are covered (6/6 signals complete).
Source repository/provenance is listed.
Required in this preset
Review metadata is present.
Required in this preset
Safety notes are present.
Required in this preset
Privacy notes are present.
Optional in this preset
Package integrity metadata is present.
Optional in this preset
Install payload is available.
Required in this preset
Required evidence gates are covered for this preset.
Decision timeline
6/6 steps complete with no blocking gaps for this preset.
triage
Source/provenance metadata is available.
triage
Review metadata is available.
verify
Safety notes are available.
verify
Privacy notes are available.
verify
Package integrity metadata is available.
rollout
Install payload is available.
No required blockers for this timeline preset.
Prerequisite readiness
6 prerequisites to line up before setup.
Safety & privacy surface
1 safety and 1 privacy notes across 2 risk areas. Review closely: credentials & tokens, network access.
| Platform | Support | Install path |
|---|---|---|
| claude-code | Native | .claude/skills/<skill-name>/SKILL.md |
| codex | Native | .agents/skills/<skill-name>/SKILL.md |
| windsurf | Native | .windsurf/skills/<skill-name>/SKILL.md |
| gemini | Native | .gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md |
| cursor | Adapter | .cursor/rules/<skill-name>.mdc |
| cli | Manual | AGENTS.md or tool-specific context file |
from fastapi import FastAPI, HTTPException
from pydantic import BaseModel, Field
from typing import List
app = FastAPI(title="Blog API", version="1.0.0")
# Pydantic models
class PostCreate(BaseModel):
title: str = Field(..., min_length=1, max_length=200)
content: str = Field(..., min_length=1)
published: bool = False
class Post(PostCreate):
id: int
class Config:
from_attributes = True
# In-memory storage (use database in production)
posts_db: List[Post] = []
post_id_counter = 1
@app.get("/posts", response_model=List[Post], tags=["posts"])
async def list_posts():
"""Get all blog posts"""
return posts_db
@app.post("/posts", response_model=Post, status_code=201, tags=["posts"])
async def create_post(post: PostCreate):
"""Create a new blog post"""
global post_id_counter
new_post = Post(id=post_id_counter, **post.dict())
posts_db.append(new_post)
post_id_counter += 1
return new_post
@app.get("/posts/{post_id}", response_model=Post, tags=["posts"])
async def get_post(post_id: int):
"""Get a single post by ID"""
for post in posts_db:
if post.id == post_id:
return post
raise HTTPException(status_code=404, detail="Post not found")
@app.delete("/posts/{post_id}", status_code=204, tags=["posts"])
async def delete_post(post_id: int):
"""Delete a post by ID"""
for i, post in enumerate(posts_db):
if post.id == post_id:
posts_db.pop(i)
return
raise HTTPException(status_code=404, detail="Post not found")
# Run with: uvicorn main:app --reload
# Docs at: localhost:8000/docsClaude can build production-ready REST APIs using FastAPI, Python's fastest web framework with automatic OpenAPI documentation and async support. FastAPI combines Python 3.9+ type hints with Pydantic validation for type-safe APIs that rival Node.js performance. With automatic interactive docs, dependency injection, and async/await, FastAPI eliminates boilerplate while maintaining enterprise-grade reliability.
SKILL.md.SKILL.md content as reusable workflow instructions..gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md where supported..cursor/rules/*.mdc adapter for project rules.Required:
What Claude handles automatically:
Prompt: "Create a FastAPI CRUD API for blog posts with: GET /posts (list), POST /posts (create), GET /posts/{id} (get one), PUT /posts/{id} (update), DELETE /posts/{id} (delete). Use Pydantic for validation."
Claude will:
Prompt: "Build FastAPI app with PostgreSQL using SQLAlchemy ORM. Include: user authentication, database models for users/posts, async queries, connection pooling, and migrations with Alembic."
Claude will:
Prompt: "Create FastAPI auth system with JWT tokens. Include: user registration, login, password hashing with bcrypt, protected routes with dependencies, refresh tokens, and role-based access control."
Claude will:
Prompt: "Build FastAPI endpoint that processes uploaded CSV file in background. Include: file upload validation, background task with progress tracking, webhook notification on completion, and error handling."
Claude will:
Use Type Hints Everywhere: FastAPI relies on Python type hints for automatic validation and docs. Always specify return types and use Optional[T] for nullable fields.
Async for I/O-Bound: Use async def for endpoints that do database queries, API calls, or file operations. FastAPI handles concurrency automatically.
Pydantic for Validation: Create Pydantic models for request bodies. Never parse JSON manually - let Pydantic handle validation and serialization.
Dependency Injection: Use FastAPI's Depends() for auth, database sessions, pagination, etc. This keeps endpoints clean and testable.
Status Codes Matter: Use proper HTTP status codes: 201 for created, 204 for deleted, 404 for not found, 422 for validation errors.
OpenAPI Customization: Add descriptions, examples, and tags to endpoints for better automatic documentation.
"Build FastAPI e-commerce backend:
1. Products: CRUD with search, filtering, pagination
2. Cart: session-based with Redis, add/remove items, calculate totals
3. Orders: create order, payment processing, order history
4. Auth: JWT-based customer accounts with OAuth2
5. Admin: protected endpoints for inventory management
6. Webhooks: Stripe payment notifications
7. Database: PostgreSQL with async SQLAlchemy
8. Background tasks: order confirmation emails"
"Create FastAPI analytics dashboard backend:
1. Ingest endpoint: accept events via POST with Pydantic validation
2. Time-series storage: TimescaleDB for event data
3. Aggregation endpoints: metrics by day/week/month
4. WebSocket: real-time updates for live dashboard
5. Caching: Redis for frequently-accessed metrics
6. Rate limiting: per-API-key limits with middleware
7. Export: CSV/JSON download of filtered data
8. Admin API: user management, API key generation"
"Build multi-tenant SaaS API with FastAPI:
1. Tenant isolation: subdomain-based routing
2. Database: separate schemas per tenant in PostgreSQL
3. Auth: tenant-scoped JWT tokens
4. Billing: usage tracking, quota enforcement
5. API versioning: /v1/, /v2/ with deprecation notices
6. Rate limiting: per-tenant quotas
7. Webhooks: tenant-configurable event notifications
8. Admin: tenant provisioning, feature flags"
"Create FastAPI app with both REST and GraphQL:
1. REST endpoints: CRUD operations with OpenAPI docs
2. GraphQL: Strawberry integration for complex queries
3. DataLoader: batching and caching for N+1 queries
4. Auth: shared JWT validation across REST/GraphQL
5. Subscriptions: WebSocket support for real-time data
6. File uploads: multipart form data handling
7. Error handling: unified error format
8. Testing: pytest fixtures for both APIs"
Issue: "Pydantic validation errors not showing custom messages"
Solution: Add Field() with description: email: str = Field(..., description='Valid email required'). Use @validator decorator for complex rules. Check Pydantic V2 migration if using FastAPI 0.100+.
Issue: "Async endpoints slower than sync" Solution: Only use async for I/O operations (database, HTTP calls). CPU-bound tasks should use sync functions. Ensure database driver supports async (asyncpg, aiomysql). Check connection pool settings.
Issue: "CORS errors in browser"
Solution: Add CORSMiddleware with correct origins: app.add_middleware(CORSMiddleware, allow_origins=['https://app.example.com'], allow_credentials=True). Don't use wildcard in production.
Issue: "Dependency injection not working"
Solution: Ensure dependencies return values, not None. Use Depends() in function signature, not inside function body. Check dependency order - dependencies can depend on other dependencies.
Issue: "File uploads failing with 413 error"
Solution: Increase max upload size in uvicorn: uvicorn.run(app, limit_concurrency=100, limit_max_requests=1000, timeout_keep_alive=30). For large files, use streaming with UploadFile.
FastAPI Python API Development Skill side by side with 2 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
2 trust signals differ across this comparison (Package trust, Submitter).
| Field | Build high-performance async REST APIs with FastAPI, Python's fastest-growing web framework. Automatic OpenAPI/Swagger documentation, type-safe validation with Pydantic, native async/await support, and dependency injection for clean architecture. Open dossier | Agent Skill from mcp-use for turning OpenAPI or Swagger specs into MCP servers with operation-to-tool mapping, auth wiring, Zod schema generation, inspector testing, and streamable HTTP deployment. Open dossier | Build and maintain NestJS backend APIs with modules, controllers, providers, dependency injection, configuration, validation pipes, guards, interceptors, exception filters, OpenAPI docs, testing, and production safety review. Open dossier |
|---|---|---|---|
| Next steps | |||
| Trust | |||
| Review status | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed |
| Package trustDiffers | Package verified2025-10-23 | Package not verified | Package not verified |
| Source provenance | Source-backed | Source-backed | Source-backed |
| SubmitterDiffers | — | — | oktofeesh1 |
| Install risk | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Brand | — | — | — |
| Category | skills | skills | skills |
| Source | first-party | source-backed | source-backed |
| Author | JSONbored | mcp-use | oktofeesh1 |
| Added | 2025-10-23 | 2026-06-18 | 2026-06-04 |
| Platforms | Claude CodeCodexWindsurfGeminiCursorCLI | Claude CodeCodexWindsurfGeminiCursorCLI | Claude CodeCodexWindsurfGeminiCursorCLI |
| Source repo | — | — | — |
| Safety notes | ✓Installs and runs server packages (pip install fastapi uvicorn pydantic sqlalchemy) and starts an ASGI web server that listens on a network port. Review dependencies and bind to trusted interfaces before exposing endpoints. | ✓Generated MCP tools can expose every selected REST operation from a source API, including destructive or account-changing endpoints if the operation filter is too broad. Large OpenAPI specs can create noisy tool surfaces. Filter by tag or operation list when the API has many endpoints. Auth wiring may include API keys, bearer tokens, basic auth, OAuth bearer tokens, and environment variables; never put secret values in the spec, generated source, prompts, or PR text. The skill recommends streamable HTTP for generated mcp-use servers; review deployment auth, CORS, rate limits, logs, and public reachability before publishing. Human review is needed for generated schemas, tool descriptions, error handling, and write operations before giving an agent access to real accounts. | ✓The download URL is the external `nestjs/nest` source archive, not a HeyClaude-packaged skill archive; review source provenance before using it in automated workflows. NestJS changes can alter route behavior, dependency-injection graph, middleware order, guards, authentication, authorization, validation, error handling, and request/response contracts. Do not commit `.env` files, database URLs, JWT secrets, API keys, OAuth credentials, cloud credentials, service tokens, private certificates, or copied production config. Global pipes, filters, guards, interceptors, and middleware affect every matching request. Review denial paths, public routes, admin routes, and backward compatibility before enabling them globally. DTO validation and transformation can silently coerce input. Check `whitelist`, `forbidNonWhitelisted`, transform behavior, nested objects, arrays, and optional fields before trusting sanitized payloads. Provider constructors, module imports, dynamic modules, lifecycle hooks, and request-scoped providers can create startup failures or performance regressions when used casually. Database migrations, message handlers, cron jobs, queues, webhooks, and external-service calls should have explicit retry, idempotency, timeout, and rollback behavior. OpenAPI docs can expose internal DTO fields, route names, auth scheme details, admin endpoints, examples, and deprecated surfaces if generated without review. |
| Privacy notes | ✓API endpoints and database integrations can read and persist user-supplied data. Validate and scope what the service stores or logs, and keep database credentials and connection strings out of committed code. | ✓OpenAPI specs can expose private endpoint names, internal domains, auth schemes, schemas, object fields, customer concepts, and operational workflows. Tool calls can send prompts, arguments, request bodies, auth-scoped API responses, error payloads, and logs through the MCP server, model provider, and deployment platform. Keep API keys, tokens, OAuth secrets, cookies, private base URLs, customer data, and internal spec comments out of public examples, repository files, issue comments, and screenshots. For third-party or customer APIs, confirm data retention and logging behavior across the MCP client, mcp-use deployment target, model provider, and API provider. | ✓NestJS logs, exception filters, validation errors, request IDs, OpenAPI examples, test fixtures, and AI prompts can expose request payloads, headers, cookies, JWT claims, user IDs, emails, tenant IDs, and internal service names. Avoid pasting raw production requests, access tokens, cookies, stack traces with sensitive values, database records, or private OpenAPI exports into prompts or public issues. Use synthetic request data and non-production credentials for examples, tests, screenshots, generated docs, and AI-assisted troubleshooting. Review logging, telemetry, error reporting, audit events, and model-provider retention before routing customer data through AI-assisted debugging or generated diagnostics. |
| Prerequisites |
|
|
|
| Install | | | |
| Config | — | — | — |
| Citations | |||
| Claim | Unclaimed | Unclaimed | Unclaimed |
Source-backed guides for putting this to work.
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.