Skip to main content
skillsFirst-partyReview first Safety Privacy

FastAPI Python API Development Skill

Build high-performance async REST APIs with FastAPI, Python's fastest-growing web framework. Automatic OpenAPI/Swagger documentation, type-safe validation with Pydantic, native async/await support, and dependency injection for clean architecture.

HarnessClaude CodeCodexWindsurfGeminiCursorCLI
Level:advancedType:generalVerified:draft
Review first review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://fastapi.tiangolo.com/, https://github.com/JSONbored/awesome-claude/blob/main/content/skills/fastapi-python-backend.mdx
Package URL
/downloads/skills/fastapi-python-backend.zip
Package SHA256
a62b1a1e1fcee8faa7b1fb5cd68fa3c5112a74337fea3729a6bc5738c24f36d9
Safety notes
Installs and runs server packages (pip install fastapi uvicorn pydantic sqlalchemy) and starts an ASGI web server that listens on a network port. Review dependencies and bind to trusted interfaces before exposing endpoints.
Privacy notes
API endpoints and database integrations can read and persist user-supplied data. Validate and scope what the service stores or logs, and keep database credentials and connection strings out of committed code.
Platform compatibility
claude-code (native-skill), codex (native-skill), windsurf (native-skill), gemini (native-skill), cursor (adapter), cli (manual-context)
Author
JSONbored
Claim status
unclaimed
Last verified
2025-10-23

Decision playbook

Ready to evaluate for your workflow

Signals are comparatively strong, but you should still validate source, privacy posture, and package provenance for your environment.

Compare context
Selected

0

Current score

96

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as first-party.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Complete

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    Package marked verified.

    Done
  • Checksum metadata

    SHA-256 hash is present.

    Done

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

Package install

Copy-ready — paste the snippet to get started.

Install command

Provided

Config snippet

Not provided

Copy snippet

Provided

Prerequisites

6 to clear

Platforms

6 listed

Difficulty

100/100

Adoption plan

Balanced adoption plan

Current risk score 0/100. Use staged verification before broader rollout.

Risk 0

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    Package verification/checksum metadata is available.

    Done

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (6/6 signals complete).

Risk 0

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Present

Package integrity metadata is present.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

6/6 steps complete with no blocking gaps for this preset.

Risk 0

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is available.

Done

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

6 prerequisites to line up before setup.

0/6 ready
Install & runtime1Configuration1General4

Safety & privacy surface

Safety & privacy surface

1 safety and 1 privacy notes across 2 risk areas. Review closely: credentials & tokens, network access.

2 areas
  • SafetyNetwork accessInstalls and runs server packages (pip install fastapi uvicorn pydantic sqlalchemy) and starts an ASGI web server that listens on a network port. Review dependencies and bind to trusted interfaces before exposing endpoints.
  • PrivacyCredentials & tokensAPI endpoints and database integrations can read and persist user-supplied data. Validate and scope what the service stores or logs, and keep database credentials and connection strings out of committed code.

Safety notes

  • Installs and runs server packages (pip install fastapi uvicorn pydantic sqlalchemy) and starts an ASGI web server that listens on a network port. Review dependencies and bind to trusted interfaces before exposing endpoints.

Privacy notes

  • API endpoints and database integrations can read and persist user-supplied data. Validate and scope what the service stores or logs, and keep database credentials and connection strings out of committed code.

Prerequisites

  • Python 3.9+
  • fastapi ^0.104.0
  • uvicorn[standard] ^0.24.0
  • pydantic ^2.0.0
  • ASGI server (uvicorn, hypercorn, or daphne) for running FastAPI applications in production
  • Database driver for async operations (asyncpg for PostgreSQL, aiomysql for MySQL, or motor for MongoDB) when using database integration

Schema details

Install type
package
Reading time
6 min
Difficulty score
100
Troubleshooting
Yes
Breaking changes
No
Package metadata
Package verified
Yes
SHA-256
a62b1a1e1fcee8faa7b1fb5cd68fa3c5112a74337fea3729a6bc5738c24f36d9
Skill and platform metadata
Skill type
general
Skill level
advanced
Verification
draft
Verified at
2025-10-23
Retrieval sources
https://fastapi.tiangolo.com/
Tested platforms
ClaudeCodexOpenClawCursorWindsurfGemini
PlatformSupportInstall path
claude-codeNative.claude/skills/<skill-name>/SKILL.md
codexNative.agents/skills/<skill-name>/SKILL.md
windsurfNative.windsurf/skills/<skill-name>/SKILL.md
geminiNative.gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md
cursorAdapter.cursor/rules/<skill-name>.mdc
cliManualAGENTS.md or tool-specific context file
Full copyable content
from fastapi import FastAPI, HTTPException
from pydantic import BaseModel, Field
from typing import List

app = FastAPI(title="Blog API", version="1.0.0")

# Pydantic models
class PostCreate(BaseModel):
    title: str = Field(..., min_length=1, max_length=200)
    content: str = Field(..., min_length=1)
    published: bool = False

class Post(PostCreate):
    id: int
    
    class Config:
        from_attributes = True

# In-memory storage (use database in production)
posts_db: List[Post] = []
post_id_counter = 1

@app.get("/posts", response_model=List[Post], tags=["posts"])
async def list_posts():
    """Get all blog posts"""
    return posts_db

@app.post("/posts", response_model=Post, status_code=201, tags=["posts"])
async def create_post(post: PostCreate):
    """Create a new blog post"""
    global post_id_counter
    new_post = Post(id=post_id_counter, **post.dict())
    posts_db.append(new_post)
    post_id_counter += 1
    return new_post

@app.get("/posts/{post_id}", response_model=Post, tags=["posts"])
async def get_post(post_id: int):
    """Get a single post by ID"""
    for post in posts_db:
        if post.id == post_id:
            return post
    raise HTTPException(status_code=404, detail="Post not found")

@app.delete("/posts/{post_id}", status_code=204, tags=["posts"])
async def delete_post(post_id: int):
    """Delete a post by ID"""
    for i, post in enumerate(posts_db):
        if post.id == post_id:
            posts_db.pop(i)
            return
    raise HTTPException(status_code=404, detail="Post not found")

# Run with: uvicorn main:app --reload
# Docs at: localhost:8000/docs

About this resource

What This Skill Enables

Claude can build production-ready REST APIs using FastAPI, Python's fastest web framework with automatic OpenAPI documentation and async support. FastAPI combines Python 3.9+ type hints with Pydantic validation for type-safe APIs that rival Node.js performance. With automatic interactive docs, dependency injection, and async/await, FastAPI eliminates boilerplate while maintaining enterprise-grade reliability.

Compatibility

Native

  • Claude Code / Claude: native skill usage via SKILL.md.
  • Codex/OpenAI workflows: compatible with Agent Skills-style SKILL.md content as reusable workflow instructions.

Manual Adaptation

  • Gemini CLI: native skill usage via .gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md where supported.
  • Cursor: use the generated .cursor/rules/*.mdc adapter for project rules.
  • OpenClaw and similar agents: use the same skill content as a reusable prompt/workflow file when native skill import is unavailable.

Prerequisites

Required:

  • Claude Pro subscription or Claude Code CLI
  • Python 3.9+ (3.11+ recommended for best performance)
  • pip or poetry package manager
  • Basic Python knowledge

What Claude handles automatically:

  • Writing FastAPI route handlers with type hints
  • Creating Pydantic models for request/response validation
  • Adding automatic OpenAPI/Swagger documentation
  • Implementing async endpoints for I/O-bound operations
  • Setting up dependency injection for auth/database
  • Handling errors with custom exception handlers
  • Adding middleware for CORS, logging, rate limiting
  • Structuring large applications with routers

How to Use This Skill

Basic CRUD API

Prompt: "Create a FastAPI CRUD API for blog posts with: GET /posts (list), POST /posts (create), GET /posts/{id} (get one), PUT /posts/{id} (update), DELETE /posts/{id} (delete). Use Pydantic for validation."

Claude will:

  1. Create FastAPI app with routers
  2. Define Pydantic models for Post
  3. Implement all 5 CRUD endpoints
  4. Add automatic validation
  5. Include OpenAPI docs at /docs
  6. Add error handling for 404s
  7. Return proper HTTP status codes

Database Integration with SQLAlchemy

Prompt: "Build FastAPI app with PostgreSQL using SQLAlchemy ORM. Include: user authentication, database models for users/posts, async queries, connection pooling, and migrations with Alembic."

Claude will:

  1. Set up async SQLAlchemy engine
  2. Create database models with relationships
  3. Implement dependency injection for sessions
  4. Add async CRUD operations
  5. Include connection pooling config
  6. Set up Alembic for migrations
  7. Add authentication dependencies

Authentication & Authorization

Prompt: "Create FastAPI auth system with JWT tokens. Include: user registration, login, password hashing with bcrypt, protected routes with dependencies, refresh tokens, and role-based access control."

Claude will:

  1. Implement password hashing with passlib
  2. Create JWT token generation/validation
  3. Add OAuth2 password bearer scheme
  4. Build auth dependencies for routes
  5. Implement refresh token rotation
  6. Add role-based access decorators
  7. Include user registration/login endpoints

Async Background Tasks

Prompt: "Build FastAPI endpoint that processes uploaded CSV file in background. Include: file upload validation, background task with progress tracking, webhook notification on completion, and error handling."

Claude will:

  1. Create file upload endpoint
  2. Validate CSV format with Pydantic
  3. Launch background task
  4. Add progress tracking with Redis
  5. Implement webhook callback
  6. Handle errors gracefully
  7. Return task ID for status checks

Tips for Best Results

  1. Use Type Hints Everywhere: FastAPI relies on Python type hints for automatic validation and docs. Always specify return types and use Optional[T] for nullable fields.

  2. Async for I/O-Bound: Use async def for endpoints that do database queries, API calls, or file operations. FastAPI handles concurrency automatically.

  3. Pydantic for Validation: Create Pydantic models for request bodies. Never parse JSON manually - let Pydantic handle validation and serialization.

  4. Dependency Injection: Use FastAPI's Depends() for auth, database sessions, pagination, etc. This keeps endpoints clean and testable.

  5. Status Codes Matter: Use proper HTTP status codes: 201 for created, 204 for deleted, 404 for not found, 422 for validation errors.

  6. OpenAPI Customization: Add descriptions, examples, and tags to endpoints for better automatic documentation.

Common Workflows

E-Commerce API

"Build FastAPI e-commerce backend:
1. Products: CRUD with search, filtering, pagination
2. Cart: session-based with Redis, add/remove items, calculate totals
3. Orders: create order, payment processing, order history
4. Auth: JWT-based customer accounts with OAuth2
5. Admin: protected endpoints for inventory management
6. Webhooks: Stripe payment notifications
7. Database: PostgreSQL with async SQLAlchemy
8. Background tasks: order confirmation emails"

Real-Time Analytics API

"Create FastAPI analytics dashboard backend:
1. Ingest endpoint: accept events via POST with Pydantic validation
2. Time-series storage: TimescaleDB for event data
3. Aggregation endpoints: metrics by day/week/month
4. WebSocket: real-time updates for live dashboard
5. Caching: Redis for frequently-accessed metrics
6. Rate limiting: per-API-key limits with middleware
7. Export: CSV/JSON download of filtered data
8. Admin API: user management, API key generation"

Multi-Tenant SaaS API

"Build multi-tenant SaaS API with FastAPI:
1. Tenant isolation: subdomain-based routing
2. Database: separate schemas per tenant in PostgreSQL
3. Auth: tenant-scoped JWT tokens
4. Billing: usage tracking, quota enforcement
5. API versioning: /v1/, /v2/ with deprecation notices
6. Rate limiting: per-tenant quotas
7. Webhooks: tenant-configurable event notifications
8. Admin: tenant provisioning, feature flags"

GraphQL + REST Hybrid

"Create FastAPI app with both REST and GraphQL:
1. REST endpoints: CRUD operations with OpenAPI docs
2. GraphQL: Strawberry integration for complex queries
3. DataLoader: batching and caching for N+1 queries
4. Auth: shared JWT validation across REST/GraphQL
5. Subscriptions: WebSocket support for real-time data
6. File uploads: multipart form data handling
7. Error handling: unified error format
8. Testing: pytest fixtures for both APIs"

Troubleshooting

Issue: "Pydantic validation errors not showing custom messages" Solution: Add Field() with description: email: str = Field(..., description='Valid email required'). Use @validator decorator for complex rules. Check Pydantic V2 migration if using FastAPI 0.100+.

Issue: "Async endpoints slower than sync" Solution: Only use async for I/O operations (database, HTTP calls). CPU-bound tasks should use sync functions. Ensure database driver supports async (asyncpg, aiomysql). Check connection pool settings.

Issue: "CORS errors in browser" Solution: Add CORSMiddleware with correct origins: app.add_middleware(CORSMiddleware, allow_origins=['https://app.example.com'], allow_credentials=True). Don't use wildcard in production.

Issue: "Dependency injection not working" Solution: Ensure dependencies return values, not None. Use Depends() in function signature, not inside function body. Check dependency order - dependencies can depend on other dependencies.

Issue: "File uploads failing with 413 error" Solution: Increase max upload size in uvicorn: uvicorn.run(app, limit_concurrency=100, limit_max_requests=1000, timeout_keep_alive=30). For large files, use streaming with UploadFile.

Learn More

Features

  • Automatic OpenAPI/Swagger documentation generation
  • Native async/await support for high concurrency
  • Pydantic integration for request/response validation
  • Dependency injection system for clean architecture
  • Type-safe APIs with automatic request/response validation
  • WebSocket support for real-time bidirectional communication
  • Built-in testing utilities with TestClient for API testing
  • Background task processing with BackgroundTasks for async operations, task queue integration, and long-running job management without blocking request responses

Use Cases

  • REST API backends with automatic documentation
  • Microservices with async database operations
  • Real-time APIs with WebSocket support
  • High-performance microservices with async database operations
  • API-first applications with automatic OpenAPI documentation
  • Real-time applications with WebSocket and Server-Sent Events

Source citations

Add this badge to your README

Show that FastAPI Python API Development Skill is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/skills/fastapi-python-backend.svg)](https://heyclau.de/entry/skills/fastapi-python-backend)

How it compares

FastAPI Python API Development Skill side by side with 2 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

2 trust signals differ across this comparison (Package trust, Submitter).

Field

Build high-performance async REST APIs with FastAPI, Python's fastest-growing web framework. Automatic OpenAPI/Swagger documentation, type-safe validation with Pydantic, native async/await support, and dependency injection for clean architecture.

Open dossier

Agent Skill from mcp-use for turning OpenAPI or Swagger specs into MCP servers with operation-to-tool mapping, auth wiring, Zod schema generation, inspector testing, and streamable HTTP deployment.

Open dossier

Build and maintain NestJS backend APIs with modules, controllers, providers, dependency injection, configuration, validation pipes, guards, interceptors, exception filters, OpenAPI docs, testing, and production safety review.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustDiffersPackage verified2025-10-23Package not verifiedPackage not verified
Source provenanceSource-backedSource-backedSource-backed
SubmitterDiffersoktofeesh1
Install riskReview firstReview firstReview first
Notes Safety Privacy Safety Privacy Safety Privacy
Brand
Categoryskillsskillsskills
Sourcefirst-partysource-backedsource-backed
AuthorJSONboredmcp-useoktofeesh1
Added2025-10-232026-06-182026-06-04
Platforms
Claude CodeCodexWindsurfGeminiCursorCLI
Claude CodeCodexWindsurfGeminiCursorCLI
Claude CodeCodexWindsurfGeminiCursorCLI
Source repo
Safety notesInstalls and runs server packages (pip install fastapi uvicorn pydantic sqlalchemy) and starts an ASGI web server that listens on a network port. Review dependencies and bind to trusted interfaces before exposing endpoints.Generated MCP tools can expose every selected REST operation from a source API, including destructive or account-changing endpoints if the operation filter is too broad. Large OpenAPI specs can create noisy tool surfaces. Filter by tag or operation list when the API has many endpoints. Auth wiring may include API keys, bearer tokens, basic auth, OAuth bearer tokens, and environment variables; never put secret values in the spec, generated source, prompts, or PR text. The skill recommends streamable HTTP for generated mcp-use servers; review deployment auth, CORS, rate limits, logs, and public reachability before publishing. Human review is needed for generated schemas, tool descriptions, error handling, and write operations before giving an agent access to real accounts.The download URL is the external `nestjs/nest` source archive, not a HeyClaude-packaged skill archive; review source provenance before using it in automated workflows. NestJS changes can alter route behavior, dependency-injection graph, middleware order, guards, authentication, authorization, validation, error handling, and request/response contracts. Do not commit `.env` files, database URLs, JWT secrets, API keys, OAuth credentials, cloud credentials, service tokens, private certificates, or copied production config. Global pipes, filters, guards, interceptors, and middleware affect every matching request. Review denial paths, public routes, admin routes, and backward compatibility before enabling them globally. DTO validation and transformation can silently coerce input. Check `whitelist`, `forbidNonWhitelisted`, transform behavior, nested objects, arrays, and optional fields before trusting sanitized payloads. Provider constructors, module imports, dynamic modules, lifecycle hooks, and request-scoped providers can create startup failures or performance regressions when used casually. Database migrations, message handlers, cron jobs, queues, webhooks, and external-service calls should have explicit retry, idempotency, timeout, and rollback behavior. OpenAPI docs can expose internal DTO fields, route names, auth scheme details, admin endpoints, examples, and deprecated surfaces if generated without review.
Privacy notesAPI endpoints and database integrations can read and persist user-supplied data. Validate and scope what the service stores or logs, and keep database credentials and connection strings out of committed code.OpenAPI specs can expose private endpoint names, internal domains, auth schemes, schemas, object fields, customer concepts, and operational workflows. Tool calls can send prompts, arguments, request bodies, auth-scoped API responses, error payloads, and logs through the MCP server, model provider, and deployment platform. Keep API keys, tokens, OAuth secrets, cookies, private base URLs, customer data, and internal spec comments out of public examples, repository files, issue comments, and screenshots. For third-party or customer APIs, confirm data retention and logging behavior across the MCP client, mcp-use deployment target, model provider, and API provider.NestJS logs, exception filters, validation errors, request IDs, OpenAPI examples, test fixtures, and AI prompts can expose request payloads, headers, cookies, JWT claims, user IDs, emails, tenant IDs, and internal service names. Avoid pasting raw production requests, access tokens, cookies, stack traces with sensitive values, database records, or private OpenAPI exports into prompts or public issues. Use synthetic request data and non-production credentials for examples, tests, screenshots, generated docs, and AI-assisted troubleshooting. Review logging, telemetry, error reporting, audit events, and model-provider retention before routing customer data through AI-assisted debugging or generated diagnostics.
Prerequisites
  • Python 3.9+
  • fastapi ^0.104.0
  • uvicorn[standard] ^0.24.0
  • pydantic ^2.0.0
  • An OpenAPI 3.x or Swagger 2.0 spec from a local file, URL, or pasted source.
  • Node.js and npm or pnpm for `create-mcp-use-app`, TypeScript, swagger-parser, Zod, and mcp-use tooling.
  • An MCP client or coding agent that can install and use Agent Skills from GitHub.
  • Known target API base URL, authentication scheme, operation filter, and deployment intent before broad tool generation.
  • TypeScript backend project or planned service boundary where NestJS is the intended framework.
  • Known package manager, Node.js runtime target, deployment target, module format, and build pipeline.
  • Decision on HTTP adapter, usually Express through `@nestjs/platform-express` unless the app is explicitly using Fastify.
  • API surface inventory covering controllers, routes, request bodies, query parameters, response shapes, errors, authentication, authorization, and versioning.
Install
pip install fastapi uvicorn[standard] pydantic sqlalchemy
npx skills add https://github.com/mcp-use/mcp-use --skill openapi-to-mcp
pnpm add @nestjs/core @nestjs/common @nestjs/platform-express reflect-metadata rxjs
Config
Citations
ClaimUnclaimedUnclaimedUnclaimed
Open 3 picks in the interactive comparison tool

Related guides

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.