With FastAPI, you can benefit from a wide range of advantages, including speed, modernity, and flexibility. However, to ensure that your FastAPI application runs successfully in production, you need the right strategies and tools. Here you'll find the most important best practices and tools to operate your application efficiently and securely.

Introduction

In today's digital world, implementing FastAPI applications in production is an important step for companies and developers. FastAPI offers a quick, modern, and flexible way to develop and operate APIs. But how do you successfully bring your FastAPI application into production? Learn which best practices and tools will help you operate your FastAPI application performantly and securely. We'll start with a few basic conceptual principles before we look at optimizing the production environment.

What is FastAPI anyway?

FastAPI is a modern, fast (high-performance) web framework for Python, based on Starlette and Pydantic. It was written by Sebastián Ramírez a.k.a tiangolo and is one of the fastest-growing Python web frameworks. It is also very efficient at writing APIs in FastAPI, as it leverages the advantages of Python type checks and asynchronous programming models. Moreover, FastAPI automatically generates interactive API documentation with Swagger UI and ReDoc, which significantly reduces development effort.

The 12 Factor App - What Makes a Good Application

Blueshore is a strong proponent of the 12 Factor App approach. The 12 Factor App is a method for building Software-As-A-Service apps that (according to quote) should meet the following requirements:

Thus, the approach encompasses concepts such as good implementation of application configuration or parity between dev and production environments. All factors can be found on the 12 Factor App Website. With FastAPI, this approach can be implemented well.
Thanks to the lightweight nature of the framework, for example, Factor IX can be quite simply fulfilled, and a quick start of the application can be guaranteed.

After clarifying all concepts and basic principles for the SaaS app, the perfect FastAPI production setup follows.

Server Runner - Who Runs Your App?

Gunicorn + Uvicorn - The Old Way

A few months ago, the combination of Gunicorn with Uvicorn workers was the preferred choice to serve a FastAPI API. Gunicorn was used because it has the ability to manage a large number of processes.

The performance remained constant. This made it possible to distribute the load across multiple processes and increase the API's availability. Uvicorn was used as a worker process to process requests, as it offers an efficient implementation of the ASGI standard. However, until recently, Uvicorn did not directly support worker management and restarting, which made the use of Gunicorn as a process manager necessary. By combining Gunicorn and Uvicorn, developers could leverage the advantages of both tools to build a scalable and reliable API infrastructure.

The FastAPI CLI - The New Way

In the meantime, this combination of Gunicorn and Uvicorn is no longer needed, as Uvicorn now also handles worker management itself.

You can now use Uvicorn alone, or use the new FastAPI CLI. This is based on Uvicorn, but significantly simplifies developer life by providing management commands for FastAPI. It can also be used as an entrypoint command to serve production APIs.

To maximize performance in a multiprocessor environment, the FastAPI CLI run command can be given a flag to set the number of service workers. The resulting command looks like this:

fastapi run --workers 4 <path to main file>

This leads Uvicorn to produce optimizations for production and creates 4 workers that can process parallel requests. When you want to host your application in Kubernetes, it is recommended to let replication run across the cluster and not in each individual container. This means you don't need the workers flag, but should look in your deployment configuration instead.

Reverse Proxies

A Reverse Proxy is a server that sits between clients (e.g. browsers or other applications) and the backend servers of an application and functions as an intermediary. Instead of clients communicating directly with the backend, the Reverse Proxy forwards requests and returns the backend's responses to the clients. This conceals the actual backend servers from the clients and serves as a central access point for the application.

Reverse Proxies like Nginx or Traefik are an indispensable tool for deploying modern API applications, as they offer numerous advantages that improve both performance and security and scalability. By taking over tasks like SSL/TLS termination, a Reverse Proxy ensures that the API is securely accessible via HTTPS without burdening the backend application itself. Simultaneously, it enables load balancing by efficiently distributing incoming requests across multiple backend instances, which increases the stability and availability of the application. Moreover, a Reverse Proxy can directly serve static content like images or CSS files, further boosting performance by unburdening the API server. Not least, a Reverse Proxy provides additional security functions like Rate Limiting or IP Blocking to protect APIs from malicious attacks. This combination of performance optimization, security, and flexibility makes Nginx, Traefik, and similar tools an indispensable component of every professional API deployment strategy.

Michael Schilonka

Let us run your FastAPI-App.

Book a call

And finally, Security

Security is a central aspect of API deployment, and there are proven measures that help protect your application from attacks. HTTPS should always be used to secure communication between client and server. This ensures encrypted and secure data transmission, preventing unauthorized access and potential data interception.Server to encrypt. An SSL certificate can be easily and freely provided through services like Let's Encrypt. Furthermore, security headers increase protection against frequent attacks like Cross-Site Scripting (XSS). This can be easily implemented in FastAPI with the SecurityMiddleware from Starlette. Additionally, the use of TrustedHostMiddleware protects against Host Header attacks by only allowing defined domains:

from starlette.middleware.trustedhost import TrustedHostMiddleware
from starlette.middleware import Middleware

app = FastAPI(
  middleware=[
    Middleware(
      TrustedHostMiddleware, 
      allowed_hosts=["yourdomain.com", "*.yourdomain.com"]
    ),
  ]
)

When your API interacts with external clients, a correct configuration of CORS (Cross-Origin Resource Sharing) is crucial to only allow trustworthy origins:

from fastapi.middleware.cors import CORSMiddleware

app.add_middleware(
    CORSMiddleware,
    allow_origins=["https://trustedomain.com"],
    allow_methods=["GET", "POST"],
    allow_headers=["*"],
)

For protecting database access, sensitive information like access data should never be hardcoded. Instead, environment variables or secrets management tools can be used. To prevent SQL injection, you should use ORM tools like SQLAlchemy or Tortoise ORM that securely parameterize queries. Here the 12 Factor App concept comes into play again.

Additionally, you can limit the frequency of incoming requests through Rate Limiting and thus prevent both misuse and overloads. Reverse Proxies like Nginx or Traefik are excellently suited to implement this efficiently. With these measures, you can significantly increase the security of your API.

Example Dockerfile

Here is an example of a Dockerfile for a production environment in Kubernetes (the cluster takes over the replication):

FROM python:3.12-slim

# Set environment variables
ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONUNBUFFERED 1

# Set the working directory
WORKDIR /app

# Install dependencies
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Copy the application code
COPY src/ .

# Expose the port the app runs on
EXPOSE 8000

# Command to run the FastAPI application using the FastAPI CLI -> no workers flag as Kubernetes handles replication
CMD ["fastapi", "run", "main:app", "--host", "0.0.0.0", "--port", "8000"]

Honorable Mentions

Conclusion

FastAPI is not only fast and flexible, but through its integration with modern deployment and security standards, it provides an ideal foundation for production-ready APIs. With the presented best practices and tools, applications can be operated performantly, securely, and scalably. Developers benefit from quick startup times, asynchronous processing, and integrated optimization tools. The use of Reverse Proxies, security measures, and modern deployment strategies make FastAPI the ideal choice for future-oriented API development.