DEV Community: archi-jain The latest articles on DEV Community by archi-jain (@archijain). https://dev.to/archijain https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F669316%2Fae12551d-039b-40b1-99b6-c94f0b047c3b.png DEV Community: archi-jain https://dev.to/archijain en Day 8/100: API Documentation & Error Handling - The Professional Polish archi-jain Thu, 12 Mar 2026 15:52:16 +0000 https://dev.to/archijain/day-8100-api-documentation-error-handling-the-professional-polish-23ob https://dev.to/archijain/day-8100-api-documentation-error-handling-the-professional-polish-23ob <blockquote> <p>Part of my 100 Days of Code journey. Today we transform working code into production-ready API.</p> </blockquote> <h2> The Challenge </h2> <p>Add comprehensive documentation and standardized error handling to make the API developer-friendly and production-ready.</p> <p><strong>The Problem:</strong> <br> My API works great... for me. But what about:</p> <ul> <li>New developers trying to integrate?</li> <li>Frontend developers needing to consume the API?</li> <li>DevOps needing to monitor health?</li> <li>Users getting cryptic error messages?</li> </ul> <p><strong>The Solution:</strong> <br> Professional documentation, structured errors, CORS support, and health monitoring.</p> <h2> Why Documentation Matters </h2> <p><strong>True story:</strong> I once worked with an API that had zero documentation. Every endpoint was a mystery:</p> <ul> <li>What parameters does it accept?</li> <li>What response format does it return?</li> <li>What errors can it throw?</li> <li>How do I authenticate?</li> </ul> <p><strong>Result:</strong> </p> <ul> <li>3 weeks to integrate (should've been 3 days)</li> <li>Countless support emails</li> <li>Trial-and-error development</li> <li>Frustrated developers</li> </ul> <p><strong>Good documentation changes everything.</strong></p> <h2> Step-by-Step Implementation </h2> <h3> Step 1: Enhanced FastAPI Configuration </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">FastAPI</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">(</span> <span class="n">title</span><span class="o">=</span><span class="sh">"</span><span class="s">Task Management API</span><span class="sh">"</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="sh">"""</span><span class="s"> ## 🚀 Complete Task Management System A production-ready REST API for managing tasks with authentication, tags, priorities, due dates, and advanced filtering. ### Features * **🔐 JWT Authentication** - Secure user registration and login * **📋 Task Management** - Full CRUD operations with rich metadata * **🏷ī¸ Tag System** - Organize tasks with custom tags and colors * **⚡ Priority Levels** - High, medium, low priorities * **📅 Due Dates** - Track deadlines and overdue tasks * **🔍 Advanced Filtering** - Search, sort, filter by multiple criteria * **📊 Analytics** - Task statistics and insights * **⚙ī¸ Bulk Operations** - Efficient multi-task updates ### Getting Started 1. Register a new account at `/auth/register` 2. Login at `/auth/login` to get your access token 3. Click the 🔒 Authorize button and paste your token 4. Start managing your tasks! </span><span class="sh">"""</span><span class="p">,</span> <span class="n">version</span><span class="o">=</span><span class="sh">"</span><span class="s">1.0.0</span><span class="sh">"</span><span class="p">,</span> <span class="n">contact</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Archi Jain</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">https://github.com/archi-jain/100-days-of-python</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">email</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">your-email@example.com</span><span class="sh">"</span> <span class="p">},</span> <span class="n">license_info</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">MIT License</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">https://opensource.org/licenses/MIT</span><span class="sh">"</span> <span class="p">}</span> <span class="p">)</span> </code></pre> </div> <p><strong>What this does:</strong></p> <p>When developers visit <code>/docs</code>, they see:</p> <ul> <li>Clear API overview</li> <li>Feature list</li> <li>Getting started guide</li> <li>Contact information</li> <li>License details</li> </ul> <p>Professional first impression!</p> <h3> Step 2: Endpoint Organization with Tags </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">(</span> <span class="c1"># ... previous config ... </span> <span class="n">openapi_tags</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Authentication</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">User registration, login, and profile management</span><span class="sh">"</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Tasks</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Task CRUD operations, filtering, sorting, and bulk actions</span><span class="sh">"</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Tags</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Tag management for organizing tasks</span><span class="sh">"</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">System</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">API health checks and system information</span><span class="sh">"</span> <span class="p">}</span> <span class="p">]</span> <span class="p">)</span> </code></pre> </div> <p><strong>Result:</strong> <br> Endpoints grouped logically in documentation. Developers can find what they need quickly.</p> <h3> Step 3: Detailed Endpoint Documentation </h3> <p><strong>Before:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">create_task</span><span class="p">(</span><span class="n">task</span><span class="p">:</span> <span class="n">TaskCreate</span><span class="p">,</span> <span class="p">...):</span> <span class="c1"># code </span></code></pre> </div> <p><strong>After:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.post</span><span class="p">(</span> <span class="sh">"</span><span class="s">/</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">schemas</span><span class="p">.</span><span class="n">TaskResponse</span><span class="p">,</span> <span class="n">status_code</span><span class="o">=</span><span class="n">status</span><span class="p">.</span><span class="n">HTTP_201_CREATED</span><span class="p">,</span> <span class="n">summary</span><span class="o">=</span><span class="sh">"</span><span class="s">Create a new task</span><span class="sh">"</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="sh">"""</span><span class="s"> Create a new task with optional tags, priority, and due date. **Request Body:** - **title** (required): Task name/description - **description** (optional): Detailed information - **priority** (optional): high, medium, or low (default: medium) - **due_date** (optional): Deadline in ISO 8601 format - **tag_ids** (optional): List of tag UUIDs to associate **Returns:** - Newly created task with generated ID and timestamps **Errors:** - 400: Invalid tag IDs or past due date - 401: Not authenticated - 422: Validation error (missing title, invalid format) </span><span class="sh">"""</span><span class="p">,</span> <span class="n">responses</span><span class="o">=</span><span class="p">{</span> <span class="mi">201</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Task created successfully</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">example</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">123e4567-e89b-12d3-a456-426614174000</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">title</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Complete project</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">completed</span><span class="sh">"</span><span class="p">:</span> <span class="bp">False</span><span class="p">,</span> <span class="sh">"</span><span class="s">priority</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">high</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">due_date</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">2026-03-15T17:00:00Z</span><span class="sh">"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">)</span> <span class="k">def</span> <span class="nf">create_task</span><span class="p">(</span><span class="n">task</span><span class="p">:</span> <span class="n">schemas</span><span class="p">.</span><span class="n">TaskCreate</span><span class="p">,</span> <span class="p">...):</span> <span class="sh">"""</span><span class="s">Create a new task for the authenticated user</span><span class="sh">"""</span> <span class="c1"># code </span></code></pre> </div> <p><strong>What developers see:</strong></p> <ul> <li>Clear summary</li> <li>Detailed description</li> <li>Parameter explanations</li> <li>Success example</li> <li>Error cases</li> <li>Sample request/response</li> </ul> <h3> Step 4: Schema Examples </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">TaskCreate</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">title</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(</span> <span class="p">...,</span> <span class="n">max_length</span><span class="o">=</span><span class="mi">100</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="sh">"</span><span class="s">Task title (required)</span><span class="sh">"</span><span class="p">,</span> <span class="n">examples</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">Complete project proposal</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Review pull requests</span><span class="sh">"</span><span class="p">]</span> <span class="p">)</span> <span class="n">description</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(</span> <span class="bp">None</span><span class="p">,</span> <span class="n">max_length</span><span class="o">=</span><span class="mi">500</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="sh">"</span><span class="s">Detailed task description (optional)</span><span class="sh">"</span><span class="p">,</span> <span class="n">examples</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">Prepare Q1 financial review slides</span><span class="sh">"</span><span class="p">]</span> <span class="p">)</span> <span class="n">model_config</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">json_schema_extra</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">examples</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">title</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Submit quarterly report</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Prepare Q1 2026 financial report</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">priority</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">high</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">due_date</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">2026-03-15T17:00:00Z</span><span class="sh">"</span> <span class="p">}</span> <span class="p">]</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Result:</strong> <br> When developers click "Try it out", the form is pre-filled with valid example data!</p> <h3> Step 5: CORS Configuration </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi.middleware.cors</span> <span class="kn">import</span> <span class="n">CORSMiddleware</span> <span class="n">app</span><span class="p">.</span><span class="nf">add_middleware</span><span class="p">(</span> <span class="n">CORSMiddleware</span><span class="p">,</span> <span class="n">allow_origins</span><span class="o">=</span><span class="p">[</span> <span class="sh">"</span><span class="s">http://localhost:3000</span><span class="sh">"</span><span class="p">,</span> <span class="c1"># React default </span> <span class="sh">"</span><span class="s">http://localhost:5173</span><span class="sh">"</span><span class="p">,</span> <span class="c1"># Vite default </span> <span class="sh">"</span><span class="s">http://localhost:8080</span><span class="sh">"</span><span class="p">,</span> <span class="c1"># Vue default </span> <span class="c1"># Add your production domains </span> <span class="p">],</span> <span class="n">allow_credentials</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">allow_methods</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">*</span><span class="sh">"</span><span class="p">],</span> <span class="n">allow_headers</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">*</span><span class="sh">"</span><span class="p">],</span> <span class="p">)</span> </code></pre> </div> <p><strong>Why this matters:</strong></p> <p><strong>Without CORS:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Frontend code</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">http://localhost:8000/tasks</span><span class="dl">'</span><span class="p">)</span> <span class="c1">// Browser blocks:</span> <span class="c1">// "CORS policy: No 'Access-Control-Allow-Origin' header"</span> </code></pre> </div> <p><strong>With CORS:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">http://localhost:8000/tasks</span><span class="dl">'</span><span class="p">)</span> <span class="c1">// ✅ Works!</span> </code></pre> </div> <p>Frontend developers can integrate immediately.</p> <h3> Step 6: Standardized Error Responses </h3> <p><strong>Before:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="ow">not</span> <span class="n">task</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="mi">404</span><span class="p">,</span> <span class="sh">"</span><span class="s">Task not found</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Response: {"detail": "Task not found"} </span></code></pre> </div> <p><strong>After:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">APIError</span><span class="p">(</span><span class="n">HTTPException</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">status_code</span><span class="p">,</span> <span class="n">error_code</span><span class="p">,</span> <span class="n">message</span><span class="p">,</span> <span class="n">details</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__init__</span><span class="p">(</span> <span class="n">status_code</span><span class="o">=</span><span class="n">status_code</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">code</span><span class="sh">"</span><span class="p">:</span> <span class="n">error_code</span><span class="p">,</span> <span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="n">message</span><span class="p">,</span> <span class="sh">"</span><span class="s">details</span><span class="sh">"</span><span class="p">:</span> <span class="n">details</span><span class="p">,</span> <span class="sh">"</span><span class="s">timestamp</span><span class="sh">"</span><span class="p">:</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">utcnow</span><span class="p">().</span><span class="nf">isoformat</span><span class="p">()</span> <span class="p">}</span> <span class="p">}</span> <span class="p">)</span> <span class="k">class</span> <span class="nc">TaskNotFoundError</span><span class="p">(</span><span class="n">APIError</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">task_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__init__</span><span class="p">(</span> <span class="n">status_code</span><span class="o">=</span><span class="mi">404</span><span class="p">,</span> <span class="n">error_code</span><span class="o">=</span><span class="sh">"</span><span class="s">TASK_NOT_FOUND</span><span class="sh">"</span><span class="p">,</span> <span class="n">message</span><span class="o">=</span><span class="sh">"</span><span class="s">Task not found</span><span class="sh">"</span><span class="p">,</span> <span class="n">details</span><span class="o">=</span><span class="sa">f</span><span class="sh">"</span><span class="s">Task with ID </span><span class="si">{</span><span class="n">task_id</span><span class="si">}</span><span class="s"> does not exist or you don</span><span class="sh">'</span><span class="s">t have access</span><span class="sh">"</span> <span class="p">)</span> <span class="c1"># Usage: </span><span class="k">if</span> <span class="ow">not</span> <span class="n">task</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">TaskNotFoundError</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">task_id</span><span class="p">))</span> <span class="c1"># Response: </span><span class="p">{</span> <span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">code</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">TASK_NOT_FOUND</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Task not found</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">details</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Task with ID abc123 does not exist or you don</span><span class="sh">'</span><span class="s">t have access</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">timestamp</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">2026-03-08T10:30:00Z</span><span class="sh">"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Benefits:</strong></p> <ol> <li> <strong>Error codes</strong> - Frontend can handle programmatically</li> <li> <strong>Detailed messages</strong> - Developers know what went wrong</li> <li> <strong>Timestamps</strong> - Debugging and logging</li> <li> <strong>Consistency</strong> - All errors follow same format</li> </ol> <p><strong>Frontend handling:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/tasks/invalid-id</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="k">switch </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">error</span><span class="p">.</span><span class="nx">code</span><span class="p">)</span> <span class="p">{</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">TASK_NOT_FOUND</span><span class="dl">'</span><span class="p">:</span> <span class="nf">showNotification</span><span class="p">(</span><span class="dl">"</span><span class="s2">Task doesn't exist</span><span class="dl">"</span><span class="p">)</span> <span class="k">break</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">AUTHENTICATION_FAILED</span><span class="dl">'</span><span class="p">:</span> <span class="nf">redirectToLogin</span><span class="p">()</span> <span class="k">break</span> <span class="na">default</span><span class="p">:</span> <span class="nf">showError</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Handle error</span> <span class="p">}</span> </code></pre> </div> <h3> Step 7: Custom Validation Error Handler </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">Request</span> <span class="kn">from</span> <span class="n">fastapi.responses</span> <span class="kn">import</span> <span class="n">JSONResponse</span> <span class="kn">from</span> <span class="n">fastapi.exceptions</span> <span class="kn">import</span> <span class="n">RequestValidationError</span> <span class="nd">@app.exception_handler</span><span class="p">(</span><span class="n">RequestValidationError</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">validation_exception_handler</span><span class="p">(</span><span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">,</span> <span class="n">exc</span><span class="p">:</span> <span class="n">RequestValidationError</span><span class="p">):</span> <span class="n">errors</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">error</span> <span class="ow">in</span> <span class="n">exc</span><span class="p">.</span><span class="nf">errors</span><span class="p">():</span> <span class="n">errors</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span> <span class="sh">"</span><span class="s">field</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s"> -&gt; </span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">x</span><span class="p">)</span> <span class="k">for</span> <span class="n">x</span> <span class="ow">in</span> <span class="n">error</span><span class="p">[</span><span class="sh">"</span><span class="s">loc</span><span class="sh">"</span><span class="p">]),</span> <span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="n">error</span><span class="p">[</span><span class="sh">"</span><span class="s">msg</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="n">error</span><span class="p">[</span><span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">]</span> <span class="p">})</span> <span class="k">return</span> <span class="nc">JSONResponse</span><span class="p">(</span> <span class="n">status_code</span><span class="o">=</span><span class="mi">422</span><span class="p">,</span> <span class="n">content</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">code</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">VALIDATION_ERROR</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Request validation failed</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">details</span><span class="sh">"</span><span class="p">:</span> <span class="n">errors</span><span class="p">,</span> <span class="sh">"</span><span class="s">timestamp</span><span class="sh">"</span><span class="p">:</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">utcnow</span><span class="p">().</span><span class="nf">isoformat</span><span class="p">()</span> <span class="p">}</span> <span class="p">}</span> <span class="p">)</span> </code></pre> </div> <p><strong>Before:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"detail"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"loc"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"body"</span><span class="p">,</span><span class="w"> </span><span class="s2">"title"</span><span class="p">],</span><span class="w"> </span><span class="nl">"msg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"field required"</span><span class="p">,</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"value_error.missing"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>After:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"error"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"code"</span><span class="p">:</span><span class="w"> </span><span class="s2">"VALIDATION_ERROR"</span><span class="p">,</span><span class="w"> </span><span class="nl">"message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Request validation failed"</span><span class="p">,</span><span class="w"> </span><span class="nl">"details"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"body -&gt; title"</span><span class="p">,</span><span class="w"> </span><span class="nl">"message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"field required"</span><span class="p">,</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"value_error.missing"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"timestamp"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2026-03-08T10:30:00Z"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Much clearer!</p> <h3> Step 8: Health Check Endpoint </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/health</span><span class="sh">"</span><span class="p">,</span> <span class="n">tags</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">System</span><span class="sh">"</span><span class="p">])</span> <span class="k">def</span> <span class="nf">health_check</span><span class="p">():</span> <span class="sh">"""</span><span class="s">Check API health and database connectivity</span><span class="sh">"""</span> <span class="kn">from</span> <span class="n">database</span> <span class="kn">import</span> <span class="n">SessionLocal</span> <span class="n">db_status</span> <span class="o">=</span> <span class="sh">"</span><span class="s">healthy</span><span class="sh">"</span> <span class="k">try</span><span class="p">:</span> <span class="n">db</span> <span class="o">=</span> <span class="nc">SessionLocal</span><span class="p">()</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">"</span><span class="s">SELECT 1</span><span class="sh">"</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">db_status</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">unhealthy: </span><span class="si">{</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">healthy</span><span class="sh">"</span> <span class="k">if</span> <span class="n">db_status</span> <span class="o">==</span> <span class="sh">"</span><span class="s">healthy</span><span class="sh">"</span> <span class="k">else</span> <span class="sh">"</span><span class="s">degraded</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">version</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">1.0.0</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">timestamp</span><span class="sh">"</span><span class="p">:</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">utcnow</span><span class="p">().</span><span class="nf">isoformat</span><span class="p">(),</span> <span class="sh">"</span><span class="s">database</span><span class="sh">"</span><span class="p">:</span> <span class="n">db_status</span> <span class="p">}</span> </code></pre> </div> <p><strong>Why DevOps loves this:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># Kubernetes health check</span> <span class="na">livenessProbe</span><span class="pi">:</span> <span class="na">httpGet</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/health</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8000</span> <span class="na">initialDelaySeconds</span><span class="pi">:</span> <span class="m">30</span> <span class="na">periodSeconds</span><span class="pi">:</span> <span class="m">10</span> <span class="c1"># Monitoring alert</span> <span class="s">if health_status != "healthy"</span><span class="err">:</span> <span class="s">send_alert()</span> </code></pre> </div> <h3> Step 9: API Information Endpoint </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/</span><span class="sh">"</span><span class="p">,</span> <span class="n">tags</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">System</span><span class="sh">"</span><span class="p">])</span> <span class="k">def</span> <span class="nf">root</span><span class="p">():</span> <span class="sh">"""</span><span class="s">Get basic API information</span><span class="sh">"""</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Task Management API</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">version</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">1.0.0</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">operational</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">documentation</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">swagger</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">/docs</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">redoc</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">/redoc</span><span class="sh">"</span> <span class="p">},</span> <span class="sh">"</span><span class="s">endpoints</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">health</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">/health</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">auth</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">/auth</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">tasks</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">/tasks</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">tags</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">/tags</span><span class="sh">"</span> <span class="p">},</span> <span class="sh">"</span><span class="s">features</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="sh">"</span><span class="s">JWT Authentication</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Task Management</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Tags &amp; Priorities</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Due Dates</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Advanced Filtering</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Bulk Operations</span><span class="sh">"</span> <span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p><strong>First thing developers see:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl http://localhost:8000/ <span class="c"># Returns clear API overview with links to docs</span> </code></pre> </div> <h2> Testing the Enhancements </h2> <h3> Test 1: Enhanced Documentation </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Open browser</span> http://localhost:8000/docs </code></pre> </div> <p><strong>What you'll see:</strong></p> <ul> <li>Professional API overview</li> <li>Organized endpoint groups</li> <li>Detailed descriptions</li> <li>Try-it-out with examples</li> <li>Error documentation</li> </ul> <h3> Test 2: Health Check </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl http://localhost:8000/health </code></pre> </div> <p><strong>Response:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"healthy"</span><span class="p">,</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1.0.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"timestamp"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2026-03-08T10:30:00.123456"</span><span class="p">,</span><span class="w"> </span><span class="nl">"database"</span><span class="p">:</span><span class="w"> </span><span class="s2">"healthy"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Test 3: Structured Error </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create task with missing title</span> curl <span class="nt">-X</span> POST http://localhost:8000/tasks <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer TOKEN"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{}'</span> </code></pre> </div> <p><strong>Response:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"error"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"code"</span><span class="p">:</span><span class="w"> </span><span class="s2">"VALIDATION_ERROR"</span><span class="p">,</span><span class="w"> </span><span class="nl">"message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Request validation failed"</span><span class="p">,</span><span class="w"> </span><span class="nl">"details"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"body -&gt; title"</span><span class="p">,</span><span class="w"> </span><span class="nl">"message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"field required"</span><span class="p">,</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"value_error.missing"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"timestamp"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2026-03-08T10:30:00Z"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Clear, actionable error!</p> <h3> Test 4: CORS from Frontend </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// React component</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">http://localhost:8000/tasks</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Authorization</span><span class="dl">'</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">res</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">data</span> <span class="o">=&gt;</span> <span class="nf">setTasks</span><span class="p">(</span><span class="nx">data</span><span class="p">))</span> <span class="c1">// ✅ Works! No CORS errors</span> <span class="p">},</span> <span class="p">[])</span> </code></pre> </div> <h2> Real-World Impact </h2> <h3> Before Day 8: </h3> <p><strong>New Developer Experience:</strong></p> <ol> <li>Opens /docs - sees basic endpoint list</li> <li>Tries to create task - no examples</li> <li>Gets error: <code>{"detail": "Error"}</code> - what error?</li> <li>Frontend can't connect - CORS errors</li> <li>No way to check if API is running</li> <li>Integration takes 2 weeks</li> </ol> <p><strong>Support burden:</strong></p> <ul> <li>"How do I create a task?"</li> <li>"What's the error response format?"</li> <li>"Why am I getting CORS errors?"</li> <li>"Is the API down?"</li> </ul> <h3> After Day 8: </h3> <p><strong>New Developer Experience:</strong></p> <ol> <li>Opens /docs - sees professional overview</li> <li>Reads detailed endpoint descriptions</li> <li>Clicks "Try it out" - sees example pre-filled</li> <li>Gets structured error with clear message</li> <li>Frontend connects immediately (CORS configured)</li> <li>/health endpoint confirms API status</li> <li>Integration takes 2 days</li> </ol> <p><strong>Support burden:</strong></p> <ul> <li>Developers self-serve via documentation</li> <li>Clear errors reduce confusion</li> <li>CORS works out of the box</li> <li>Health check for monitoring</li> </ul> <h2> Key Takeaways </h2> <h3> 1. Documentation is a Feature </h3> <p>Code that works but isn't documented is only half-done. Documentation is how your API gets adopted.</p> <h3> 2. Errors Should Help, Not Confuse </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Bad </span><span class="p">{</span><span class="sh">"</span><span class="s">detail</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Error</span><span class="sh">"</span><span class="p">}</span> <span class="c1"># Good </span><span class="p">{</span> <span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">code</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">TASK_NOT_FOUND</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Task not found</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">details</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Task abc123 does not exist or you lack access</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">timestamp</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">2026-03-08T10:30:00Z</span><span class="sh">"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> 3. CORS is Not Optional </h3> <p>If you want frontend developers to use your API, CORS must be configured. Period.</p> <h3> 4. Health Checks Enable Monitoring </h3> <p>DevOps can't monitor what they can't query. <code>/health</code> endpoint = observable systems.</p> <h3> 5. Examples Save Time </h3> <p>One good example is worth a thousand words. Pre-filled "Try it out" = instant understanding.</p> <h2> What I Learned </h2> <h3> Technical Skills </h3> <p>✅ OpenAPI/Swagger configuration<br><br> ✅ FastAPI metadata and descriptions<br><br> ✅ Custom exception handlers<br><br> ✅ CORS middleware setup<br><br> ✅ Health check implementation<br><br> ✅ Schema examples and validation<br><br> ✅ Error response standardization </p> <h3> API Design Principles </h3> <p>✅ Developer experience is crucial<br><br> ✅ Consistency reduces friction<br><br> ✅ Good errors save support time<br><br> ✅ Documentation = adoption </p> <h3> Production Readiness </h3> <p>✅ CORS for frontend integration<br><br> ✅ Health checks for monitoring<br><br> ✅ Structured errors for clients<br><br> ✅ Comprehensive documentation </p> <h2> The Numbers </h2> <p><strong>Before:</strong></p> <ul> <li>Basic documentation: 5/10</li> <li>Error clarity: 3/10</li> <li>Frontend ready: 0/10 (CORS blocked)</li> <li>Monitoring: 0/10 (no health check)</li> </ul> <p><strong>After:</strong></p> <ul> <li>Professional documentation: 10/10</li> <li>Error clarity: 10/10</li> <li>Frontend ready: 10/10 (CORS configured)</li> <li>Monitoring: 10/10 (health endpoint)</li> </ul> <p><strong>Time investment:</strong> 2.5 hours<br><br> <strong>Value added:</strong> Immeasurable</p> <h2> Tomorrow's Plans </h2> <p>Day 9 will add:</p> <ul> <li>CSV/JSON export functionality</li> <li>Data import from files</li> <li>Batch task creation</li> <li>Backup/restore capabilities</li> </ul> <p>But today? Today I celebrate making my API <strong>production-ready</strong> and <strong>developer-friendly</strong>! 🎉</p> <h2> Resources </h2> <ul> <li><a href="https://fastapi.tiangolo.com/tutorial/metadata/" rel="noopener noreferrer">FastAPI Documentation</a></li> <li><a href="https://swagger.io/specification/" rel="noopener noreferrer">OpenAPI Specification</a></li> <li><a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS" rel="noopener noreferrer">CORS Explained</a></li> </ul> <h2> Full Code </h2> <p>Complete code on GitHub:<br> <a href="https://github.com/archi-jain/100-days-of-python/tree/main/days/008" rel="noopener noreferrer">100-days-of-python/days/008</a></p> <p><strong>Time Investment:</strong> 2.5 hours<br><br> <strong>Knowledge Gained:</strong> Professional API development practices<br><br> <strong>Feeling:</strong> Like a real API developer 🚀</p> <p><strong>Day 8/100 complete!</strong> ✅</p> <p>Tomorrow: Data import/export features</p> <p><em>Following my journey?</em><br><br> 📝 <a href="https://dev.to/archijain">Blog</a> | đŸĻ <a href="https://x.com/ArchiLearns" rel="noopener noreferrer">Twitter</a> | đŸ’ŧ <a href="https://www.linkedin.com/in/archijain19/" rel="noopener noreferrer">LinkedIn</a></p> <p><strong>Tags:</strong> #100DaysOfCode #Python #FastAPI #APIDevelopment #Documentation #OpenAPI #Swagger #ErrorHandling #CORS #DeveloperExperience #ProductionReady #LearningInPublic</p> 100daysofcode api backend documentation Day 6/100: Quick Win - Task Priorities in 1 Hour archi-jain Mon, 09 Mar 2026 18:28:09 +0000 https://dev.to/archijain/day-6100-quick-win-task-priorities-in-1-hour-mhg https://dev.to/archijain/day-6100-quick-win-task-priorities-in-1-hour-mhg <blockquote> <p>Sometimes the best features are the simplest.</p> </blockquote> <h2> The Challenge </h2> <p>Add task priority levels (high/medium/low) with filtering, sorting, and statistics.</p> <p><strong>Time constraint:</strong> Only 1 hour available today.</p> <p><strong>Result:</strong> Fully implemented in 70 minutes!</p> <h2> Why Priorities Matter </h2> <p><strong>User problem:</strong> "All my tasks look the same. Which should I do first?"</p> <p><strong>Solution:</strong> Let users mark priority levels.</p> <p><strong>Impact:</strong> </p> <ul> <li>Focus on high priority first</li> <li>Filter out low priority noise </li> <li>See if too many tasks marked urgent (priority inflation)</li> </ul> <h2> Implementation (15 Lines of Code) </h2> <h3> 1. Add Enum </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">PriorityEnum</span><span class="p">(</span><span class="nb">str</span><span class="p">,</span> <span class="n">Enum</span><span class="p">):</span> <span class="n">low</span> <span class="o">=</span> <span class="sh">"</span><span class="s">low</span><span class="sh">"</span> <span class="n">medium</span> <span class="o">=</span> <span class="sh">"</span><span class="s">medium</span><span class="sh">"</span> <span class="n">high</span> <span class="o">=</span> <span class="sh">"</span><span class="s">high</span><span class="sh">"</span> </code></pre> </div> <h3> 2. Add Column </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">priority</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">10</span><span class="p">),</span> <span class="n">default</span><span class="o">=</span><span class="sh">"</span><span class="s">medium</span><span class="sh">"</span><span class="p">,</span> <span class="n">index</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <h3> 3. Update Schemas </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">priority</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">PriorityEnum</span><span class="p">]</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(</span><span class="n">default</span><span class="o">=</span><span class="n">PriorityEnum</span><span class="p">.</span><span class="n">medium</span><span class="p">)</span> </code></pre> </div> <h3> 4. Add Filter </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="n">priority</span><span class="p">:</span> <span class="n">query</span> <span class="o">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">Task</span><span class="p">.</span><span class="n">priority</span> <span class="o">==</span> <span class="n">priority</span><span class="p">)</span> </code></pre> </div> <h3> 5. Update Stats </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="sh">"</span><span class="s">by_priority</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">high</span><span class="sh">"</span><span class="p">:</span> <span class="n">tasks</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">Task</span><span class="p">.</span><span class="n">priority</span> <span class="o">==</span> <span class="sh">"</span><span class="s">high</span><span class="sh">"</span><span class="p">).</span><span class="nf">count</span><span class="p">(),</span> <span class="sh">"</span><span class="s">medium</span><span class="sh">"</span><span class="p">:</span> <span class="n">tasks</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">Task</span><span class="p">.</span><span class="n">priority</span> <span class="o">==</span> <span class="sh">"</span><span class="s">medium</span><span class="sh">"</span><span class="p">).</span><span class="nf">count</span><span class="p">(),</span> <span class="sh">"</span><span class="s">low</span><span class="sh">"</span><span class="p">:</span> <span class="n">tasks</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">Task</span><span class="p">.</span><span class="n">priority</span> <span class="o">==</span> <span class="sh">"</span><span class="s">low</span><span class="sh">"</span><span class="p">).</span><span class="nf">count</span><span class="p">()</span> <span class="p">}</span> </code></pre> </div> <h2> Done! </h2> <p><strong>Query examples:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>GET /tasks?priority<span class="o">=</span>high GET /tasks?priority<span class="o">=</span>high&amp;completed<span class="o">=</span><span class="nb">false </span>GET /tasks?sort_by<span class="o">=</span>priority&amp;order<span class="o">=</span>desc </code></pre> </div> <h2> Key Takeaways </h2> <p>✅ Enums prevent typos (no "hgh" or "medum")<br><br> ✅ Defaults prevent decision fatigue<br><br> ✅ Indexes make filtering fast<br><br> ✅ Simple features can have big impact </p> <p><strong>Time:</strong> 1 hour<br><br> <strong>Lines changed:</strong> ~15<br><br> <strong>User value:</strong> Immediate </p> <p>Sometimes less IS more!</p> <p><strong>Day 6/100 complete!</strong> ✅</p> <p><em>Following my journey?</em><br><br> 📝 <a href="https://dev.to/archijain">Blog</a> | đŸĻ <a href="https://x.com/ArchiLearns" rel="noopener noreferrer">Twitter</a> | đŸ’ŧ <a href="https://www.linkedin.com/in/archijain19/" rel="noopener noreferrer">LinkedIn</a></p> <h1> 100DaysOfCode #Python #FastAPI #QuickWins </h1> 100daysofcode python programming ai Day 5/100: Many-to-Many Relationships - Tags, Associations, and Bulk Operations archi-jain Sun, 08 Mar 2026 17:12:56 +0000 https://dev.to/archijain/day-5100-many-to-many-relationships-tags-associations-and-bulk-operations-3gh0 https://dev.to/archijain/day-5100-many-to-many-relationships-tags-associations-and-bulk-operations-3gh0 <blockquote> <p>Part of my 100 Days of Code journey. Today we tackle one of the most important database patterns.</p> </blockquote> <h2> The Challenge </h2> <p>Implement a tagging system with many-to-many relationships and add bulk operations for efficiency.</p> <p><strong>The Problem:</strong> Tasks need flexible organization. Fixed categories don't work because:</p> <ul> <li>One task can belong to multiple categories (urgent AND work AND client-facing)</li> <li>Categories can have multiple tasks</li> <li>Users want custom labels, not predefined options</li> </ul> <p><strong>The Solution:</strong> Many-to-many relationships via junction tables, plus bulk operations for power users.</p> <h2> Why Many-to-Many Matters </h2> <p><strong>One-to-Many relationships</strong> (what we've used so far):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>User ──â”Ŧ─→ Task 1 ├─→ Task 2 └─→ Task 3 </code></pre> </div> <p>Each task has ONE user. Simple!</p> <p><strong>Many-to-Many relationships</strong> (what we need):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Task 1 ──â”Ŧ─→ Tag: urgent └─→ Tag: work Task 2 ──â”Ŧ─→ Tag: urgent ├─→ Tag: personal └─→ Tag: home Tag: urgent ──â”Ŧ─→ Task 1 └─→ Task 2 </code></pre> </div> <p><strong>Problem:</strong> Can't use a simple foreign key!</p> <p>If we add <code>tag_id</code> to tasks table:</p> <ul> <li>❌ Task can only have ONE tag</li> <li>❌ Need multiple <code>tag_id</code> columns (tag_id_1, tag_id_2...) - terrible design!</li> </ul> <p><strong>Solution:</strong> Association table (junction table)</p> <h2> Understanding Association Tables </h2> <p>An <strong>association table</strong> (also called junction table or link table) connects two tables in a many-to-many relationship.</p> <p><strong>Three tables:</strong></p> <p><strong>tasks table:</strong><br> | id | title | owner_id |<br> |----|-------|----------|<br> | 1 | Meeting | user-a |<br> | 2 | Report | user-a |<br> | 3 | Email | user-a |</p> <p><strong>tags table:</strong><br> | id | name | color | owner_id |<br> |----|------|-------|----------|<br> | A | urgent | #FF0000 | user-a |<br> | B | work | #0000FF | user-a |<br> | C | personal | #00FF00 | user-a |</p> <p><strong>task_tags table (association):</strong><br> | task_id | tag_id |<br> |---------|--------|<br> | 1 | A |<br> | 1 | B |<br> | 2 | A |<br> | 3 | C |</p> <p><strong>What this means:</strong></p> <ul> <li>Task 1 (Meeting) has tags: urgent, work</li> <li>Task 2 (Report) has tags: urgent</li> <li>Task 3 (Email) has tags: personal</li> <li>Tag A (urgent) is on: Task 1, Task 2</li> <li>Tag B (work) is on: Task 1</li> </ul> <p>Perfect flexibility!</p> <h2> Step-by-Step Implementation </h2> <h3> Step 1: Creating the Association Table </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">sqlalchemy</span> <span class="kn">import</span> <span class="n">Table</span><span class="p">,</span> <span class="n">Column</span><span class="p">,</span> <span class="n">ForeignKey</span> <span class="kn">from</span> <span class="n">sqlalchemy.dialects.postgresql</span> <span class="kn">import</span> <span class="n">UUID</span> <span class="n">task_tags</span> <span class="o">=</span> <span class="nc">Table</span><span class="p">(</span> <span class="sh">"</span><span class="s">task_tags</span><span class="sh">"</span><span class="p">,</span> <span class="n">Base</span><span class="p">.</span><span class="n">metadata</span><span class="p">,</span> <span class="nc">Column</span><span class="p">(</span><span class="sh">"</span><span class="s">task_id</span><span class="sh">"</span><span class="p">,</span> <span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="nc">ForeignKey</span><span class="p">(</span><span class="sh">"</span><span class="s">tasks.id</span><span class="sh">"</span><span class="p">,</span> <span class="n">ondelete</span><span class="o">=</span><span class="sh">"</span><span class="s">CASCADE</span><span class="sh">"</span><span class="p">),</span> <span class="n">primary_key</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="nc">Column</span><span class="p">(</span><span class="sh">"</span><span class="s">tag_id</span><span class="sh">"</span><span class="p">,</span> <span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="nc">ForeignKey</span><span class="p">(</span><span class="sh">"</span><span class="s">tags.id</span><span class="sh">"</span><span class="p">,</span> <span class="n">ondelete</span><span class="o">=</span><span class="sh">"</span><span class="s">CASCADE</span><span class="sh">"</span><span class="p">),</span> <span class="n">primary_key</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="p">)</span> </code></pre> </div> <p><strong>Breaking it down:</strong></p> <p><strong>Why <code>Table()</code> instead of a class?</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Simple association (just links) </span><span class="n">task_tags</span> <span class="o">=</span> <span class="nc">Table</span><span class="p">(...)</span> <span class="c1"># Recommended! </span> <span class="c1"># Complex association (with extra fields like created_at, priority) </span><span class="k">class</span> <span class="nc">TaskTag</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="c1"># Use when needed </span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">task_tags</span><span class="sh">"</span> <span class="n">task_id</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(...)</span> <span class="n">tag_id</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(...)</span> <span class="n">priority</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="n">Integer</span><span class="p">)</span> <span class="n">created_at</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="n">DateTime</span><span class="p">)</span> </code></pre> </div> <p>For pure many-to-many (just linking), <code>Table()</code> is cleaner.</p> <p><strong>Composite primary key:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">primary_key</span><span class="o">=</span><span class="bp">True</span> <span class="c1"># On task_id </span><span class="n">primary_key</span><span class="o">=</span><span class="bp">True</span> <span class="c1"># On tag_id </span></code></pre> </div> <p>Both together form the primary key! This means:</p> <ul> <li>✅ Can't add same tag twice to same task</li> <li>✅ (task_id=1, tag_id=A) can exist once</li> <li>✅ (task_id=1, tag_id=B) is different, allowed</li> </ul> <p><strong>CASCADE deletes:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nc">ForeignKey</span><span class="p">(</span><span class="sh">"</span><span class="s">tasks.id</span><span class="sh">"</span><span class="p">,</span> <span class="n">ondelete</span><span class="o">=</span><span class="sh">"</span><span class="s">CASCADE</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>What happens:</strong></p> <ol> <li>Task deleted → All task_tags entries with that task_id deleted</li> <li>Tag deleted → All task_tags entries with that tag_id deleted</li> <li>No orphaned associations!</li> </ol> <p><strong>Without CASCADE:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Task 1 deleted task_tags still has: (task_id=1, tag_id=A) # Orphan! Next query: "Show tasks with tag A" Result: Error! task_id=1 doesn't exist! </code></pre> </div> <p><strong>With CASCADE:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Task 1 deleted Database automatically deletes: (task_id=1, tag_id=A), (task_id=1, tag_id=B) Clean! No orphans! </code></pre> </div> <h3> Step 2: Creating the Tag Model </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Tag</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">tags</span><span class="sh">"</span> <span class="nb">id</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="n">primary_key</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">uuid</span><span class="p">.</span><span class="n">uuid4</span><span class="p">)</span> <span class="n">name</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">50</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">color</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">7</span><span class="p">))</span> <span class="c1"># Hex color: #RRGGBB </span> <span class="n">created_at</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="n">DateTime</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">datetime</span><span class="p">.</span><span class="n">utcnow</span><span class="p">)</span> <span class="n">owner_id</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="nc">ForeignKey</span><span class="p">(</span><span class="sh">"</span><span class="s">users.id</span><span class="sh">"</span><span class="p">,</span> <span class="n">ondelete</span><span class="o">=</span><span class="sh">"</span><span class="s">CASCADE</span><span class="sh">"</span><span class="p">))</span> <span class="c1"># Relationships </span> <span class="n">owner</span> <span class="o">=</span> <span class="nf">relationship</span><span class="p">(</span><span class="sh">"</span><span class="s">User</span><span class="sh">"</span><span class="p">,</span> <span class="n">back_populates</span><span class="o">=</span><span class="sh">"</span><span class="s">tags</span><span class="sh">"</span><span class="p">)</span> <span class="n">tasks</span> <span class="o">=</span> <span class="nf">relationship</span><span class="p">(</span><span class="sh">"</span><span class="s">Task</span><span class="sh">"</span><span class="p">,</span> <span class="n">secondary</span><span class="o">=</span><span class="n">task_tags</span><span class="p">,</span> <span class="n">back_populates</span><span class="o">=</span><span class="sh">"</span><span class="s">tags</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Unique constraint: user can't have duplicate tag names </span> <span class="n">__table_args__</span> <span class="o">=</span> <span class="p">(</span> <span class="nc">Index</span><span class="p">(</span><span class="sh">"</span><span class="s">idx_owner_tag</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">owner_id</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">,</span> <span class="n">unique</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="p">)</span> </code></pre> </div> <p><strong>Understanding the relationship:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">tasks</span> <span class="o">=</span> <span class="nf">relationship</span><span class="p">(</span><span class="sh">"</span><span class="s">Task</span><span class="sh">"</span><span class="p">,</span> <span class="n">secondary</span><span class="o">=</span><span class="n">task_tags</span><span class="p">,</span> <span class="n">back_populates</span><span class="o">=</span><span class="sh">"</span><span class="s">tags</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <ul> <li> <code>"Task"</code>: Links to Task model</li> <li> <code>secondary=task_tags</code>: Use task_tags as junction table</li> <li> <code>back_populates="tags"</code>: Links to <code>tags</code> field in Task model</li> </ul> <p><strong>The magic:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">tag</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">Tag</span><span class="p">).</span><span class="nf">first</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">tag</span><span class="p">.</span><span class="n">tasks</span><span class="p">)</span> <span class="c1"># [Task(...), Task(...)] </span> <span class="c1"># SQLAlchemy auto-generates SQL: # SELECT tasks.* # FROM tasks # JOIN task_tags ON tasks.id = task_tags.task_id # WHERE task_tags.tag_id = 'tag-uuid' </span></code></pre> </div> <p>We didn't write that JOIN! SQLAlchemy did!</p> <p><strong>Composite unique constraint:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nc">Index</span><span class="p">(</span><span class="sh">"</span><span class="s">idx_owner_tag</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">owner_id</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">,</span> <span class="n">unique</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <p><strong>What it prevents:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>User A creates tag "urgent" ✅ User A creates tag "urgent" again ❌ Error: duplicate User B creates tag "urgent" ✅ Different user, allowed! </code></pre> </div> <h3> Step 3: Updating the Task Model </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Task</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">tasks</span><span class="sh">"</span> <span class="c1"># ... existing fields ... </span> <span class="c1"># Relationships </span> <span class="n">owner</span> <span class="o">=</span> <span class="nf">relationship</span><span class="p">(</span><span class="sh">"</span><span class="s">User</span><span class="sh">"</span><span class="p">,</span> <span class="n">back_populates</span><span class="o">=</span><span class="sh">"</span><span class="s">tasks</span><span class="sh">"</span><span class="p">)</span> <span class="n">tags</span> <span class="o">=</span> <span class="nf">relationship</span><span class="p">(</span><span class="sh">"</span><span class="s">Tag</span><span class="sh">"</span><span class="p">,</span> <span class="n">secondary</span><span class="o">=</span><span class="n">task_tags</span><span class="p">,</span> <span class="n">back_populates</span><span class="o">=</span><span class="sh">"</span><span class="s">tasks</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>Bidirectional relationship:</strong></p> <p>From Task:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">task</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">Task</span><span class="p">).</span><span class="nf">first</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">task</span><span class="p">.</span><span class="n">tags</span><span class="p">)</span> <span class="c1"># [Tag(name="urgent"), Tag(name="work")] </span></code></pre> </div> <p>From Tag:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">tag</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">Tag</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span><span class="n">Tag</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">urgent</span><span class="sh">"</span><span class="p">).</span><span class="nf">first</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">tag</span><span class="p">.</span><span class="n">tasks</span><span class="p">)</span> <span class="c1"># [Task(title="Meeting"), Task(title="Report")] </span></code></pre> </div> <p>Both directions work!</p> <h3> Step 4: Creating Tags </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/tags</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">TagResponse</span><span class="p">)</span> <span class="k">def</span> <span class="nf">create_tag</span><span class="p">(</span><span class="n">tag</span><span class="p">:</span> <span class="n">TagCreate</span><span class="p">,</span> <span class="n">db</span><span class="p">:</span> <span class="n">Session</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">),</span> <span class="n">current_user</span><span class="p">:</span> <span class="n">User</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_current_user</span><span class="p">)):</span> <span class="c1"># Check if tag already exists for this user </span> <span class="n">existing</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">Tag</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span> <span class="n">Tag</span><span class="p">.</span><span class="n">owner_id</span> <span class="o">==</span> <span class="n">current_user</span><span class="p">.</span><span class="nb">id</span><span class="p">,</span> <span class="n">Tag</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="n">tag</span><span class="p">.</span><span class="n">name</span> <span class="p">).</span><span class="nf">first</span><span class="p">()</span> <span class="k">if</span> <span class="n">existing</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="mi">400</span><span class="p">,</span> <span class="sh">"</span><span class="s">Tag already exists</span><span class="sh">"</span><span class="p">)</span> <span class="n">new_tag</span> <span class="o">=</span> <span class="nc">Tag</span><span class="p">(</span> <span class="n">name</span><span class="o">=</span><span class="n">tag</span><span class="p">.</span><span class="n">name</span><span class="p">,</span> <span class="n">color</span><span class="o">=</span><span class="n">tag</span><span class="p">.</span><span class="n">color</span><span class="p">,</span> <span class="n">owner_id</span><span class="o">=</span><span class="n">current_user</span><span class="p">.</span><span class="nb">id</span> <span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">new_tag</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="n">db</span><span class="p">.</span><span class="nf">refresh</span><span class="p">(</span><span class="n">new_tag</span><span class="p">)</span> <span class="k">return</span> <span class="n">new_tag</span> </code></pre> </div> <p><strong>Why check for existing tag?</strong></p> <p>Without check:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>POST /tags {"name": "urgent", "color": "#FF0000"} ✅ POST /tags {"name": "urgent", "color": "#0000FF"} đŸ’Ĩ Database error! </code></pre> </div> <p>Database throws error because of unique constraint, but:</p> <ul> <li>Error message is cryptic</li> <li>HTTP 500 instead of 400</li> <li>Bad user experience</li> </ul> <p>With check:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>POST /tags {"name": "urgent"} ✅ POST /tags {"name": "urgent"} ✅ 400 Bad Request "Tag already exists" </code></pre> </div> <p>Clean error handling!</p> <h3> Step 5: Creating Tasks with Tags </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">TaskResponse</span><span class="p">)</span> <span class="k">def</span> <span class="nf">create_task</span><span class="p">(</span><span class="n">task</span><span class="p">:</span> <span class="n">TaskCreate</span><span class="p">,</span> <span class="n">db</span><span class="p">:</span> <span class="n">Session</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">),</span> <span class="n">current_user</span><span class="p">:</span> <span class="n">User</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_current_user</span><span class="p">)):</span> <span class="n">new_task</span> <span class="o">=</span> <span class="nc">Task</span><span class="p">(</span> <span class="n">title</span><span class="o">=</span><span class="n">task</span><span class="p">.</span><span class="n">title</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="n">task</span><span class="p">.</span><span class="n">description</span><span class="p">,</span> <span class="n">owner_id</span><span class="o">=</span><span class="n">current_user</span><span class="p">.</span><span class="nb">id</span> <span class="p">)</span> <span class="c1"># Add tags if provided </span> <span class="k">if</span> <span class="n">task</span><span class="p">.</span><span class="n">tag_ids</span><span class="p">:</span> <span class="n">tags</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">Tag</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span> <span class="n">Tag</span><span class="p">.</span><span class="nb">id</span><span class="p">.</span><span class="nf">in_</span><span class="p">(</span><span class="n">task</span><span class="p">.</span><span class="n">tag_ids</span><span class="p">),</span> <span class="n">Tag</span><span class="p">.</span><span class="n">owner_id</span> <span class="o">==</span> <span class="n">current_user</span><span class="p">.</span><span class="nb">id</span> <span class="p">).</span><span class="nf">all</span><span class="p">()</span> <span class="k">if</span> <span class="nf">len</span><span class="p">(</span><span class="n">tags</span><span class="p">)</span> <span class="o">!=</span> <span class="nf">len</span><span class="p">(</span><span class="n">task</span><span class="p">.</span><span class="n">tag_ids</span><span class="p">):</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="mi">400</span><span class="p">,</span> <span class="sh">"</span><span class="s">One or more tags not found</span><span class="sh">"</span><span class="p">)</span> <span class="n">new_task</span><span class="p">.</span><span class="n">tags</span> <span class="o">=</span> <span class="n">tags</span> <span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">new_task</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="n">db</span><span class="p">.</span><span class="nf">refresh</span><span class="p">(</span><span class="n">new_task</span><span class="p">)</span> <span class="k">return</span> <span class="n">new_task</span> </code></pre> </div> <p><strong>Understanding <code>id.in_()</code>:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">Tag</span><span class="p">.</span><span class="nb">id</span><span class="p">.</span><span class="nf">in_</span><span class="p">([</span><span class="sh">"</span><span class="s">uuid1</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">uuid2</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">uuid3</span><span class="sh">"</span><span class="p">])</span> </code></pre> </div> <p><strong>SQL generated:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">tags</span> <span class="k">WHERE</span> <span class="n">id</span> <span class="k">IN</span> <span class="p">(</span><span class="s1">'uuid1'</span><span class="p">,</span> <span class="s1">'uuid2'</span><span class="p">,</span> <span class="s1">'uuid3'</span><span class="p">)</span> <span class="k">AND</span> <span class="n">owner_id</span> <span class="o">=</span> <span class="s1">'current-user-uuid'</span> </code></pre> </div> <p>One query gets all tags!</p> <p><strong>Setting tags:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">new_task</span><span class="p">.</span><span class="n">tags</span> <span class="o">=</span> <span class="n">tags</span> </code></pre> </div> <p><strong>What SQLAlchemy does:</strong></p> <ol> <li>Creates task in tasks table</li> <li>For each tag, creates entry in task_tags table: <ul> <li>INSERT INTO task_tags (task_id, tag_id) VALUES (new_task.id, tag.id)</li> </ul> </li> </ol> <p>All automatic!</p> <p><strong>Validation:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="nf">len</span><span class="p">(</span><span class="n">tags</span><span class="p">)</span> <span class="o">!=</span> <span class="nf">len</span><span class="p">(</span><span class="n">task</span><span class="p">.</span><span class="n">tag_ids</span><span class="p">):</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="mi">400</span><span class="p">,</span> <span class="sh">"</span><span class="s">One or more tags not found</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>If user sends 3 tag IDs but only 2 exist → error!</p> <h3> Step 6: Filtering Tasks by Tags </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_tasks</span><span class="p">(</span> <span class="n">tag_id</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">UUID</span><span class="p">]</span> <span class="o">=</span> <span class="nc">Query</span><span class="p">(</span><span class="bp">None</span><span class="p">),</span> <span class="n">tag_name</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nc">Query</span><span class="p">(</span><span class="bp">None</span><span class="p">),</span> <span class="bp">...</span> <span class="p">):</span> <span class="n">query</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">Task</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span><span class="n">Task</span><span class="p">.</span><span class="n">owner_id</span> <span class="o">==</span> <span class="n">current_user</span><span class="p">.</span><span class="nb">id</span><span class="p">)</span> <span class="c1"># Filter by tag ID </span> <span class="k">if</span> <span class="n">tag_id</span><span class="p">:</span> <span class="n">query</span> <span class="o">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">Task</span><span class="p">.</span><span class="n">tags</span><span class="p">.</span><span class="nf">any</span><span class="p">(</span><span class="n">Tag</span><span class="p">.</span><span class="nb">id</span> <span class="o">==</span> <span class="n">tag_id</span><span class="p">))</span> <span class="c1"># Filter by tag name </span> <span class="k">if</span> <span class="n">tag_name</span><span class="p">:</span> <span class="n">query</span> <span class="o">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">Task</span><span class="p">.</span><span class="n">tags</span><span class="p">.</span><span class="nf">any</span><span class="p">(</span><span class="n">Tag</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="n">tag_name</span><span class="p">.</span><span class="nf">lower</span><span class="p">()))</span> <span class="k">return</span> <span class="n">query</span><span class="p">.</span><span class="nf">all</span><span class="p">()</span> </code></pre> </div> <p><strong>Understanding <code>.any()</code>:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">Task</span><span class="p">.</span><span class="n">tags</span><span class="p">.</span><span class="nf">any</span><span class="p">(</span><span class="n">Tag</span><span class="p">.</span><span class="nb">id</span> <span class="o">==</span> <span class="n">tag_id</span><span class="p">)</span> </code></pre> </div> <p><strong>Translation:</strong> "Get tasks where ANY of their tags has this ID"</p> <p><strong>SQL generated:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="n">tasks</span><span class="p">.</span><span class="o">*</span> <span class="k">FROM</span> <span class="n">tasks</span> <span class="k">WHERE</span> <span class="n">tasks</span><span class="p">.</span><span class="n">owner_id</span> <span class="o">=</span> <span class="s1">'user-uuid'</span> <span class="k">AND</span> <span class="k">EXISTS</span> <span class="p">(</span> <span class="k">SELECT</span> <span class="mi">1</span> <span class="k">FROM</span> <span class="n">task_tags</span> <span class="k">JOIN</span> <span class="n">tags</span> <span class="k">ON</span> <span class="n">tags</span><span class="p">.</span><span class="n">id</span> <span class="o">=</span> <span class="n">task_tags</span><span class="p">.</span><span class="n">tag_id</span> <span class="k">WHERE</span> <span class="n">task_tags</span><span class="p">.</span><span class="n">task_id</span> <span class="o">=</span> <span class="n">tasks</span><span class="p">.</span><span class="n">id</span> <span class="k">AND</span> <span class="n">tags</span><span class="p">.</span><span class="n">id</span> <span class="o">=</span> <span class="s1">'tag-uuid'</span> <span class="p">)</span> </code></pre> </div> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Get all tasks tagged "urgent" </span><span class="n">GET</span> <span class="o">/</span><span class="n">tasks</span><span class="err">?</span><span class="n">tag_name</span><span class="o">=</span><span class="n">urgent</span> <span class="c1"># Get all urgent tasks that are incomplete </span><span class="n">GET</span> <span class="o">/</span><span class="n">tasks</span><span class="err">?</span><span class="n">tag_name</span><span class="o">=</span><span class="n">urgent</span><span class="o">&amp;</span><span class="n">completed</span><span class="o">=</span><span class="n">false</span> <span class="c1"># Get all work tasks, sorted by date </span><span class="n">GET</span> <span class="o">/</span><span class="n">tasks</span><span class="err">?</span><span class="n">tag_name</span><span class="o">=</span><span class="n">work</span><span class="o">&amp;</span><span class="n">sort_by</span><span class="o">=</span><span class="n">created_at</span><span class="o">&amp;</span><span class="n">order</span><span class="o">=</span><span class="n">desc</span> </code></pre> </div> <p>Filters stack beautifully!</p> <h3> Step 7: Adding/Removing Tags from Tasks </h3> <p><strong>Add tags:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks/{task_id}/tags</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">add_tags_to_task</span><span class="p">(</span><span class="n">task_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">,</span> <span class="n">tag_data</span><span class="p">:</span> <span class="n">BulkUpdateTags</span><span class="p">,</span> <span class="p">...):</span> <span class="n">task</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">Task</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span> <span class="n">Task</span><span class="p">.</span><span class="nb">id</span> <span class="o">==</span> <span class="n">task_id</span><span class="p">,</span> <span class="n">Task</span><span class="p">.</span><span class="n">owner_id</span> <span class="o">==</span> <span class="n">current_user</span><span class="p">.</span><span class="nb">id</span> <span class="p">).</span><span class="nf">first</span><span class="p">()</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">task</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="mi">404</span><span class="p">,</span> <span class="sh">"</span><span class="s">Task not found</span><span class="sh">"</span><span class="p">)</span> <span class="n">tags</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">Tag</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span> <span class="n">Tag</span><span class="p">.</span><span class="nb">id</span><span class="p">.</span><span class="nf">in_</span><span class="p">(</span><span class="n">tag_data</span><span class="p">.</span><span class="n">tag_ids</span><span class="p">),</span> <span class="n">Tag</span><span class="p">.</span><span class="n">owner_id</span> <span class="o">==</span> <span class="n">current_user</span><span class="p">.</span><span class="nb">id</span> <span class="p">).</span><span class="nf">all</span><span class="p">()</span> <span class="k">for</span> <span class="n">tag</span> <span class="ow">in</span> <span class="n">tags</span><span class="p">:</span> <span class="k">if</span> <span class="n">tag</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">task</span><span class="p">.</span><span class="n">tags</span><span class="p">:</span> <span class="n">task</span><span class="p">.</span><span class="n">tags</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">tag</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="n">db</span><span class="p">.</span><span class="nf">refresh</span><span class="p">(</span><span class="n">task</span><span class="p">)</span> <span class="k">return</span> <span class="n">task</span> </code></pre> </div> <p><strong>Why check <code>if tag not in task.tags</code>?</strong></p> <p>Without check:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">task</span><span class="p">.</span><span class="n">tags</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">tag</span><span class="p">)</span> <span class="c1"># Adds tag </span><span class="n">task</span><span class="p">.</span><span class="n">tags</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">tag</span><span class="p">)</span> <span class="c1"># Adds again! # Database error: duplicate primary key (task_id, tag_id) </span></code></pre> </div> <p>With check:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="n">tag</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">task</span><span class="p">.</span><span class="n">tags</span><span class="p">:</span> <span class="n">task</span><span class="p">.</span><span class="n">tags</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">tag</span><span class="p">)</span> <span class="c1"># Safe! </span></code></pre> </div> <p><strong>Remove tag:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.delete</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks/{task_id}/tags/{tag_id}</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">remove_tag_from_task</span><span class="p">(</span><span class="n">task_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">,</span> <span class="n">tag_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">,</span> <span class="p">...):</span> <span class="n">task</span> <span class="o">=</span> <span class="bp">...</span> <span class="n">tag</span> <span class="o">=</span> <span class="bp">...</span> <span class="k">if</span> <span class="n">tag</span> <span class="ow">in</span> <span class="n">task</span><span class="p">.</span><span class="n">tags</span><span class="p">:</span> <span class="n">task</span><span class="p">.</span><span class="n">tags</span><span class="p">.</span><span class="nf">remove</span><span class="p">(</span><span class="n">tag</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="k">return</span> <span class="n">task</span> </code></pre> </div> <p><strong>What <code>remove()</code> does:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">task</span><span class="p">.</span><span class="n">tags</span><span class="p">.</span><span class="nf">remove</span><span class="p">(</span><span class="n">tag</span><span class="p">)</span> </code></pre> </div> <p>SQLAlchemy:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">DELETE</span> <span class="k">FROM</span> <span class="n">task_tags</span> <span class="k">WHERE</span> <span class="n">task_id</span> <span class="o">=</span> <span class="s1">'task-uuid'</span> <span class="k">AND</span> <span class="n">tag_id</span> <span class="o">=</span> <span class="s1">'tag-uuid'</span> </code></pre> </div> <p>Association removed!</p> <h3> Step 8: Bulk Operations </h3> <p><strong>Bulk complete:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks/bulk/complete</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">bulk_complete_tasks</span><span class="p">(</span><span class="n">bulk_data</span><span class="p">:</span> <span class="n">BulkTaskIds</span><span class="p">,</span> <span class="p">...):</span> <span class="n">updated</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">Task</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span> <span class="n">Task</span><span class="p">.</span><span class="nb">id</span><span class="p">.</span><span class="nf">in_</span><span class="p">(</span><span class="n">bulk_data</span><span class="p">.</span><span class="n">task_ids</span><span class="p">),</span> <span class="n">Task</span><span class="p">.</span><span class="n">owner_id</span> <span class="o">==</span> <span class="n">current_user</span><span class="p">.</span><span class="nb">id</span> <span class="p">).</span><span class="nf">update</span><span class="p">({</span><span class="sh">"</span><span class="s">completed</span><span class="sh">"</span><span class="p">:</span> <span class="bp">True</span><span class="p">},</span> <span class="n">synchronize_session</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">updated</span><span class="sh">"</span><span class="p">:</span> <span class="n">updated</span><span class="p">,</span> <span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">updated</span><span class="si">}</span><span class="s"> tasks marked complete</span><span class="sh">"</span> <span class="p">}</span> </code></pre> </div> <p><strong>Why bulk operations matter:</strong></p> <p><strong>Without bulk (N requests):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Frontend makes 50 API calls</span> <span class="nx">taskIds</span><span class="p">.</span><span class="nf">forEach</span><span class="p">(</span><span class="nx">id</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`/tasks/</span><span class="p">${</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">PATCH</span><span class="dl">'</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span><span class="na">completed</span><span class="p">:</span> <span class="kc">true</span><span class="p">})</span> <span class="p">})</span> <span class="p">})</span> <span class="c1">// Result:</span> <span class="c1">// - 50 HTTP requests</span> <span class="c1">// - 50 SQL queries</span> <span class="c1">// - ~5 seconds total</span> </code></pre> </div> <p><strong>With bulk (1 request):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Frontend makes 1 API call</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/tasks/bulk/complete</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span><span class="na">task_ids</span><span class="p">:</span> <span class="nx">taskIds</span><span class="p">})</span> <span class="p">})</span> <span class="c1">// Result:</span> <span class="c1">// - 1 HTTP request</span> <span class="c1">// - 1 SQL query</span> <span class="c1">// - ~0.1 seconds total</span> </code></pre> </div> <p><strong>50x faster!</strong></p> <p><strong>The SQL:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">UPDATE</span> <span class="n">tasks</span> <span class="k">SET</span> <span class="n">completed</span> <span class="o">=</span> <span class="k">true</span> <span class="k">WHERE</span> <span class="n">id</span> <span class="k">IN</span> <span class="p">(</span><span class="s1">'uuid1'</span><span class="p">,</span> <span class="s1">'uuid2'</span><span class="p">,</span> <span class="p">...,</span> <span class="s1">'uuid50'</span><span class="p">)</span> <span class="k">AND</span> <span class="n">owner_id</span> <span class="o">=</span> <span class="s1">'user-uuid'</span> </code></pre> </div> <p>One query updates 50 tasks!</p> <p><strong>synchronize_session=False:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="p">.</span><span class="nf">update</span><span class="p">({...},</span> <span class="n">synchronize_session</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> </code></pre> </div> <p><strong>What it means:</strong></p> <ul> <li>We're doing bulk update</li> <li>Don't update ORM objects in memory</li> <li>Faster (we don't need those objects anyway)</li> </ul> <p>Use when you don't need the updated objects returned.</p> <p><strong>Bulk delete:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.delete</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks/bulk</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">bulk_delete_tasks</span><span class="p">(</span><span class="n">bulk_data</span><span class="p">:</span> <span class="n">BulkTaskIds</span><span class="p">,</span> <span class="p">...):</span> <span class="n">deleted</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">Task</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span> <span class="n">Task</span><span class="p">.</span><span class="nb">id</span><span class="p">.</span><span class="nf">in_</span><span class="p">(</span><span class="n">bulk_data</span><span class="p">.</span><span class="n">task_ids</span><span class="p">),</span> <span class="n">Task</span><span class="p">.</span><span class="n">owner_id</span> <span class="o">==</span> <span class="n">current_user</span><span class="p">.</span><span class="nb">id</span> <span class="p">).</span><span class="nf">delete</span><span class="p">(</span><span class="n">synchronize_session</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">deleted</span><span class="sh">"</span><span class="p">:</span> <span class="n">deleted</span><span class="p">,</span> <span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">deleted</span><span class="si">}</span><span class="s"> tasks deleted</span><span class="sh">"</span> <span class="p">}</span> </code></pre> </div> <p><strong>SQL:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">DELETE</span> <span class="k">FROM</span> <span class="n">tasks</span> <span class="k">WHERE</span> <span class="n">id</span> <span class="k">IN</span> <span class="p">(</span><span class="s1">'uuid1'</span><span class="p">,</span> <span class="s1">'uuid2'</span><span class="p">,</span> <span class="s1">'uuid3'</span><span class="p">)</span> <span class="k">AND</span> <span class="n">owner_id</span> <span class="o">=</span> <span class="s1">'user-uuid'</span> </code></pre> </div> <p><strong>CASCADE in action:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>DELETE FROM tasks WHERE id = 'uuid1' ↓ CASCADE DELETE FROM task_tags WHERE task_id = 'uuid1' </code></pre> </div> <p>All associations cleaned up automatically!</p> <h2> Testing the Features </h2> <h3> Test 1: Create Tags </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST <span class="s2">"http://localhost:8000/tags"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer TOKEN"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"name": "urgent", "color": "#FF0000"}'</span> curl <span class="nt">-X</span> POST <span class="s2">"http://localhost:8000/tags"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer TOKEN"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"name": "work", "color": "#0000FF"}'</span> </code></pre> </div> <h3> Test 2: Create Task with Tags </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST <span class="s2">"http://localhost:8000/tasks"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer TOKEN"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{ "title": "Team Meeting", "tag_ids": ["TAG_UUID_1", "TAG_UUID_2"] }'</span> </code></pre> </div> <h3> Test 3: Filter by Tags </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># All urgent tasks</span> curl <span class="nt">-H</span> <span class="s2">"Authorization: Bearer TOKEN"</span> <span class="se">\</span> <span class="s2">"http://localhost:8000/tasks?tag_name=urgent"</span> <span class="c"># Urgent AND incomplete</span> curl <span class="nt">-H</span> <span class="s2">"Authorization: Bearer TOKEN"</span> <span class="se">\</span> <span class="s2">"http://localhost:8000/tasks?tag_name=urgent&amp;completed=false"</span> </code></pre> </div> <h3> Test 4: Bulk Complete </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST <span class="s2">"http://localhost:8000/tasks/bulk/complete"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer TOKEN"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"task_ids": ["UUID1", "UUID2", "UUID3"]}'</span> </code></pre> </div> <p><strong>Response:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"updated"</span><span class="p">:</span><span class="w"> </span><span class="mi">3</span><span class="p">,</span><span class="w"> </span><span class="nl">"message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"3 tasks marked complete"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Real-World Impact </h2> <p><strong>Before tagging:</strong></p> <ul> <li>Tasks in flat list</li> <li>No organization</li> <li>Hard to find related tasks</li> </ul> <p><strong>After tagging:</strong></p> <ul> <li>Flexible organization</li> <li>Filter by project, priority, context</li> <li>Visual coding with colors</li> <li>Power user features (bulk ops)</li> </ul> <p><strong>Example workflows:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Show all urgent client tasks</span> GET /tasks?tag_name<span class="o">=</span>urgent&amp;tag_name<span class="o">=</span>client <span class="c"># Complete all daily standup tasks</span> POST /tasks/bulk/complete Body: <span class="o">{</span>task_ids: <span class="o">[</span>all standup task IDs]<span class="o">}</span> <span class="c"># Find all bugs</span> GET /tasks?tag_name<span class="o">=</span>bug&amp;completed<span class="o">=</span><span class="nb">false</span> </code></pre> </div> <h2> Performance Considerations </h2> <p><strong>Junction table indexes:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Automatically indexed (part of primary key) </span><span class="o">-</span> <span class="p">(</span><span class="n">task_id</span><span class="p">,</span> <span class="n">tag_id</span><span class="p">)</span> <span class="c1"># Should also index individually for reverse lookups </span><span class="nc">Index</span><span class="p">(</span><span class="sh">"</span><span class="s">idx_task_tags_task</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">task_id</span><span class="sh">"</span><span class="p">)</span> <span class="nc">Index</span><span class="p">(</span><span class="sh">"</span><span class="s">idx_task_tags_tag</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">tag_id</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>Query performance:</strong></p> <p>Without indexes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="n">tasks</span><span class="p">.</span><span class="o">*</span> <span class="k">FROM</span> <span class="n">tasks</span> <span class="k">JOIN</span> <span class="n">task_tags</span> <span class="k">ON</span> <span class="p">...</span> <span class="k">WHERE</span> <span class="n">tag_id</span> <span class="o">=</span> <span class="s1">'uuid'</span> <span class="c1">-- Scans entire task_tags table (~10,000 rows: 500ms)</span> </code></pre> </div> <p>With indexes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Same query, uses index</span> <span class="c1">-- (~10,000 rows: 50ms)</span> </code></pre> </div> <p>10x faster with proper indexes!</p> <h2> What I Learned </h2> <h3> Technical Skills </h3> <p>✅ Many-to-many relationship implementation<br><br> ✅ Association tables (junction tables)<br><br> ✅ Composite primary keys<br><br> ✅ SQLAlchemy <code>secondary</code> parameter<br><br> ✅ Relationship navigation (bidirectional)<br><br> ✅ <code>.any()</code> for filtering relationships<br><br> ✅ Bulk update/delete operations<br><br> ✅ CASCADE behavior and cleanup </p> <h3> Database Design </h3> <p>✅ When to use junction tables<br><br> ✅ Composite unique constraints<br><br> ✅ Index optimization for associations<br><br> ✅ Preventing orphaned records </p> <h3> API Design </h3> <p>✅ Bulk operation endpoints<br><br> ✅ Tag-based filtering<br><br> ✅ Flexible organization systems<br><br> ✅ Power user features </p> <h2> Common Mistakes I Avoided </h2> <h3> Mistake 1: Forgetting CASCADE </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Bad - orphaned associations </span><span class="nc">ForeignKey</span><span class="p">(</span><span class="sh">"</span><span class="s">tasks.id</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Good - clean cascade </span><span class="nc">ForeignKey</span><span class="p">(</span><span class="sh">"</span><span class="s">tasks.id</span><span class="sh">"</span><span class="p">,</span> <span class="n">ondelete</span><span class="o">=</span><span class="sh">"</span><span class="s">CASCADE</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> Mistake 2: Not Validating Ownership </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Bad - user can add anyone's tags </span><span class="n">tags</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">Tag</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span><span class="n">Tag</span><span class="p">.</span><span class="nb">id</span><span class="p">.</span><span class="nf">in_</span><span class="p">(</span><span class="n">tag_ids</span><span class="p">)).</span><span class="nf">all</span><span class="p">()</span> <span class="c1"># Good - only user's tags </span><span class="n">tags</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">Tag</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span> <span class="n">Tag</span><span class="p">.</span><span class="nb">id</span><span class="p">.</span><span class="nf">in_</span><span class="p">(</span><span class="n">tag_ids</span><span class="p">),</span> <span class="n">Tag</span><span class="p">.</span><span class="n">owner_id</span> <span class="o">==</span> <span class="n">current_user</span><span class="p">.</span><span class="nb">id</span> <span class="p">).</span><span class="nf">all</span><span class="p">()</span> </code></pre> </div> <h3> Mistake 3: Duplicate Tag Names </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Bad - no uniqueness check </span><span class="nc">Tag</span><span class="p">(</span><span class="n">name</span><span class="o">=</span><span class="sh">"</span><span class="s">urgent</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># User creates </span><span class="nc">Tag</span><span class="p">(</span><span class="n">name</span><span class="o">=</span><span class="sh">"</span><span class="s">urgent</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># User creates again - confusing! </span> <span class="c1"># Good - unique constraint </span><span class="nc">Index</span><span class="p">(</span><span class="sh">"</span><span class="s">idx_owner_tag</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">owner_id</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">,</span> <span class="n">unique</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <h3> Mistake 4: N Loop Updates </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Bad - 50 queries </span><span class="k">for</span> <span class="n">task_id</span> <span class="ow">in</span> <span class="n">task_ids</span><span class="p">:</span> <span class="n">task</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">Task</span><span class="p">).</span><span class="nf">get</span><span class="p">(</span><span class="n">task_id</span><span class="p">)</span> <span class="n">task</span><span class="p">.</span><span class="n">completed</span> <span class="o">=</span> <span class="bp">True</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="c1"># Good - 1 query </span><span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">Task</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span><span class="n">Task</span><span class="p">.</span><span class="nb">id</span><span class="p">.</span><span class="nf">in_</span><span class="p">(</span><span class="n">task_ids</span><span class="p">)).</span><span class="nf">update</span><span class="p">({...})</span> </code></pre> </div> <h2> Tomorrow's Plans </h2> <p>Day 6 will add:</p> <ul> <li>Due dates and reminders</li> <li>Task priorities (high, medium, low)</li> <li>Recurring tasks</li> <li>Calendar view support</li> </ul> <p>But today? Today I celebrate mastering <strong>many-to-many relationships</strong> - one of the most important database patterns! 🎉</p> <h2> Resources </h2> <ul> <li><a href="https://docs.sqlalchemy.org/en/14/orm/basic_relationships.html" rel="noopener noreferrer">SQLAlchemy Relationships</a></li> <li><a href="https://docs.sqlalchemy.org/en/14/orm/basic_relationships.html#many-to-many" rel="noopener noreferrer">Many-to-Many Pattern</a></li> <li><a href="https://docs.sqlalchemy.org/en/14/orm/basic_relationships.html#association-object" rel="noopener noreferrer">Association Tables</a></li> </ul> <h2> Full Code </h2> <p>Complete code on GitHub:<br> <a href="https://github.com/archi-jain/100-days-of-python/tree/main/days/005" rel="noopener noreferrer">100-days-of-python/days/005</a></p> <p><strong>Time Investment:</strong> 3 hours<br><br> <strong>Knowledge Gained:</strong> Advanced relationship patterns<br><br> <strong>Feeling:</strong> Like I understand how real databases work 🗄ī¸</p> <p><strong>Day 5/100 complete!</strong> ✅</p> <p>Tomorrow: Due dates, priorities, and scheduling</p> <p><em>Following my journey?</em><br><br> 📝 <a href="https://dev.to/archijain">Blog</a> | đŸĻ <a href="https://x.com/ArchiLearns" rel="noopener noreferrer">Twitter</a> | đŸ’ŧ <a href="https://www.linkedin.com/in/archijain19/" rel="noopener noreferrer">LinkedIn</a></p> <p><strong>Tags:</strong> #100DaysOfCode #Python #FastAPI #PostgreSQL #SQLAlchemy #ManyToMany #JunctionTables #BulkOperations #DatabaseDesign #LearningInPublic</p> 100dayswitharchi 100daysofcode python fastapi Day 4/100: Advanced Query Features - From Basic CRUD to Production API archi-jain Sun, 08 Mar 2026 03:58:45 +0000 https://dev.to/archijain/day-4100-advanced-query-features-from-basic-crud-to-production-api-648 https://dev.to/archijain/day-4100-advanced-query-features-from-basic-crud-to-production-api-648 <blockquote> <p>Part of my 100 Days of Code journey. Today we make the API actually usable at scale.</p> </blockquote> <h2> The Challenge </h2> <p>Add advanced query features to the Task Management API: filtering, sorting, pagination, search, and statistics.</p> <p><strong>The Problem:</strong> Yesterday's API works, but imagine having 1,000 tasks:</p> <ul> <li>Can't find specific tasks (no search)</li> <li>Loading all 1,000 at once (slow, wasteful)</li> <li>Can't sort by priority (no sorting)</li> <li>No insights into completion rates (no analytics)</li> </ul> <p><strong>The Solution:</strong> Implement production-grade query features with proper indexing.</p> <h2> Why Advanced Queries Matter </h2> <p><strong>Real scenario:</strong> You have 5,000 tasks in your database.</p> <p><strong>Without these features:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># User clicks "View Tasks" </span><span class="n">tasks</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">Task</span><span class="p">).</span><span class="nf">all</span><span class="p">()</span> <span class="c1"># Loads ALL 5,000 tasks! # Result: # - 3 second page load # - 5MB data transfer # - Angry users </span></code></pre> </div> <p><strong>With these features:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># User searches "meeting", page 1 </span><span class="n">tasks</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">Task</span><span class="p">)</span>\ <span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">Task</span><span class="p">.</span><span class="n">title</span><span class="p">.</span><span class="nf">ilike</span><span class="p">(</span><span class="sh">"</span><span class="s">%meeting%</span><span class="sh">"</span><span class="p">))</span>\ <span class="p">.</span><span class="nf">order_by</span><span class="p">(</span><span class="nf">desc</span><span class="p">(</span><span class="n">Task</span><span class="p">.</span><span class="n">created_at</span><span class="p">))</span>\ <span class="p">.</span><span class="nf">limit</span><span class="p">(</span><span class="mi">20</span><span class="p">)</span> <span class="c1"># Result: # - 0.05 second response # - 50KB data transfer # - Happy users </span></code></pre> </div> <p><strong>This is the difference between a toy and a product.</strong></p> <h2> What We're Building </h2> <h3> Query Features: </h3> <ol> <li> <strong>Filtering</strong> - Get only completed or pending tasks</li> <li> <strong>Sorting</strong> - Order by date, title, or status</li> <li> <strong>Pagination</strong> - Load 20 tasks at a time</li> <li> <strong>Search</strong> - Find tasks by keyword</li> <li> <strong>Combined</strong> - Use all features together</li> </ol> <h3> Statistics: </h3> <ul> <li>Total task count</li> <li>Completion rate</li> <li>Tasks created today/this week</li> </ul> <h3> Performance: </h3> <ul> <li>Database indexes for speed</li> <li>Query constraints for safety</li> </ul> <h2> Understanding Query Parameters </h2> <p><strong>Query parameters</strong> are the <code>?key=value</code> parts of URLs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>https://api.example.com/tasks?completed=false&amp;sort_by=created_at&amp;limit=20 ↑ ↑ ↑ Filter Sort Paginate </code></pre> </div> <p><strong>In FastAPI:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">Query</span> <span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_tasks</span><span class="p">(</span> <span class="n">completed</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">bool</span><span class="p">]</span> <span class="o">=</span> <span class="nc">Query</span><span class="p">(</span><span class="bp">None</span><span class="p">),</span> <span class="n">sort_by</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="nc">Query</span><span class="p">(</span><span class="sh">"</span><span class="s">created_at</span><span class="sh">"</span><span class="p">),</span> <span class="n">skip</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="nc">Query</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="n">ge</span><span class="o">=</span><span class="mi">0</span><span class="p">),</span> <span class="n">limit</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="nc">Query</span><span class="p">(</span><span class="mi">20</span><span class="p">,</span> <span class="n">ge</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> <span class="n">le</span><span class="o">=</span><span class="mi">100</span><span class="p">)</span> <span class="p">):</span> <span class="c1"># FastAPI auto-extracts and validates! </span></code></pre> </div> <p><strong>What FastAPI does automatically:</strong></p> <ol> <li>Extracts <code>completed</code> from URL</li> <li>Converts "true" string → Python <code>True</code> boolean</li> <li>Validates <code>skip &gt;= 0</code> and <code>limit</code> between 1-100</li> <li>Returns 422 error if validation fails</li> </ol> <p>Beautiful!</p> <h2> Step-by-Step Implementation </h2> <h3> Step 1: Query Parameter Setup </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">Query</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Optional</span> <span class="nd">@router.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">List</span><span class="p">[</span><span class="n">schemas</span><span class="p">.</span><span class="n">TaskResponse</span><span class="p">])</span> <span class="k">def</span> <span class="nf">get_tasks</span><span class="p">(</span> <span class="c1"># Filtering </span> <span class="n">completed</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">bool</span><span class="p">]</span> <span class="o">=</span> <span class="nc">Query</span><span class="p">(</span><span class="bp">None</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="sh">"</span><span class="s">Filter by status</span><span class="sh">"</span><span class="p">),</span> <span class="c1"># Sorting </span> <span class="n">sort_by</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="nc">Query</span><span class="p">(</span><span class="sh">"</span><span class="s">created_at</span><span class="sh">"</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="sh">"</span><span class="s">Field to sort by</span><span class="sh">"</span><span class="p">),</span> <span class="n">order</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="nc">Query</span><span class="p">(</span><span class="sh">"</span><span class="s">desc</span><span class="sh">"</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="sh">"</span><span class="s">asc or desc</span><span class="sh">"</span><span class="p">),</span> <span class="c1"># Pagination </span> <span class="n">skip</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="nc">Query</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="n">ge</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="sh">"</span><span class="s">Records to skip</span><span class="sh">"</span><span class="p">),</span> <span class="n">limit</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="nc">Query</span><span class="p">(</span><span class="mi">20</span><span class="p">,</span> <span class="n">ge</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> <span class="n">le</span><span class="o">=</span><span class="mi">100</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="sh">"</span><span class="s">Max records</span><span class="sh">"</span><span class="p">),</span> <span class="c1"># Search </span> <span class="n">search</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nc">Query</span><span class="p">(</span><span class="bp">None</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="sh">"</span><span class="s">Search term</span><span class="sh">"</span><span class="p">),</span> <span class="n">db</span><span class="p">:</span> <span class="n">Session</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">),</span> <span class="n">current_user</span><span class="p">:</span> <span class="n">models</span><span class="p">.</span><span class="n">User</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_current_user</span><span class="p">)</span> <span class="p">):</span> <span class="c1"># Implementation below... </span></code></pre> </div> <p><strong>Query() parameters explained:</strong></p> <ul> <li> <code>Query(None)</code> - Optional, defaults to None</li> <li> <code>Query(0, ge=0)</code> - Defaults to 0, must be &gt;= 0</li> <li> <code>Query(20, ge=1, le=100)</code> - Defaults to 20, must be 1-100</li> </ul> <p><strong>Why constrain limit to 100?</strong></p> <p>Without constraints:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">GET</span> <span class="o">/</span><span class="n">tasks</span><span class="err">?</span><span class="n">limit</span><span class="o">=</span><span class="mi">1000000</span> <span class="c1"># User requests 1 million records! # Server crashes, database overloaded </span></code></pre> </div> <p>With constraints:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">limit</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="nc">Query</span><span class="p">(</span><span class="mi">20</span><span class="p">,</span> <span class="n">ge</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> <span class="n">le</span><span class="o">=</span><span class="mi">100</span><span class="p">)</span> <span class="n">GET</span> <span class="o">/</span><span class="n">tasks</span><span class="err">?</span><span class="n">limit</span><span class="o">=</span><span class="mi">1000000</span> <span class="c1"># FastAPI returns 422 error # Server protected! </span></code></pre> </div> <h3> Step 2: Building the Query </h3> <p><strong>The magic of query chaining:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Start with base query </span><span class="n">query</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">.</span><span class="n">owner_id</span> <span class="o">==</span> <span class="n">current_user</span><span class="p">.</span><span class="nb">id</span><span class="p">)</span> <span class="c1"># Add filter if provided </span><span class="k">if</span> <span class="n">completed</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="n">query</span> <span class="o">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">.</span><span class="n">completed</span> <span class="o">==</span> <span class="n">completed</span><span class="p">)</span> <span class="c1"># Add search if provided </span><span class="k">if</span> <span class="n">search</span><span class="p">:</span> <span class="n">search_term</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">%</span><span class="si">{</span><span class="n">search</span><span class="si">}</span><span class="s">%</span><span class="sh">"</span> <span class="n">query</span> <span class="o">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span> <span class="nf">or_</span><span class="p">(</span> <span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">.</span><span class="n">title</span><span class="p">.</span><span class="nf">ilike</span><span class="p">(</span><span class="n">search_term</span><span class="p">),</span> <span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">.</span><span class="n">description</span><span class="p">.</span><span class="nf">ilike</span><span class="p">(</span><span class="n">search_term</span><span class="p">)</span> <span class="p">)</span> <span class="p">)</span> <span class="c1"># Add sorting </span><span class="n">valid_sort_fields</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">created_at</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">updated_at</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">title</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">completed</span><span class="sh">"</span><span class="p">]</span> <span class="k">if</span> <span class="n">sort_by</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">valid_sort_fields</span><span class="p">:</span> <span class="n">sort_by</span> <span class="o">=</span> <span class="sh">"</span><span class="s">created_at</span><span class="sh">"</span> <span class="n">column</span> <span class="o">=</span> <span class="nf">getattr</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">,</span> <span class="n">sort_by</span><span class="p">)</span> <span class="k">if</span> <span class="n">order</span> <span class="o">==</span> <span class="sh">"</span><span class="s">desc</span><span class="sh">"</span><span class="p">:</span> <span class="n">query</span> <span class="o">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">order_by</span><span class="p">(</span><span class="nf">desc</span><span class="p">(</span><span class="n">column</span><span class="p">))</span> <span class="k">else</span><span class="p">:</span> <span class="n">query</span> <span class="o">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">order_by</span><span class="p">(</span><span class="nf">asc</span><span class="p">(</span><span class="n">column</span><span class="p">))</span> <span class="c1"># Add pagination </span><span class="n">query</span> <span class="o">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">offset</span><span class="p">(</span><span class="n">skip</span><span class="p">).</span><span class="nf">limit</span><span class="p">(</span><span class="n">limit</span><span class="p">)</span> <span class="c1"># Execute query (only NOW does it hit database!) </span><span class="k">return</span> <span class="n">query</span><span class="p">.</span><span class="nf">all</span><span class="p">()</span> </code></pre> </div> <p><strong>Key insight:</strong> Query isn't executed until <code>.all()</code> is called!</p> <p>This means:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">query</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">Task</span><span class="p">)</span> <span class="c1"># No SQL yet </span><span class="n">query</span> <span class="o">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">filter</span><span class="p">(...)</span> <span class="c1"># Still no SQL </span><span class="n">query</span> <span class="o">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">order_by</span><span class="p">(...)</span> <span class="c1"># Still building </span><span class="n">tasks</span> <span class="o">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">all</span><span class="p">()</span> <span class="c1"># NOW executes SQL! </span></code></pre> </div> <p><strong>Benefit:</strong> SQLAlchemy generates one optimized SQL query, not multiple.</p> <h3> Step 3: Understanding Filtering </h3> <p><strong>Basic filtering:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="n">completed</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="n">query</span> <span class="o">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">.</span><span class="n">completed</span> <span class="o">==</span> <span class="n">completed</span><span class="p">)</span> </code></pre> </div> <p><strong>Why <code>is not None</code>?</strong></p> <p>Consider these requests:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">GET</span> <span class="o">/</span><span class="n">tasks</span> <span class="c1"># completed = None (don't filter) </span><span class="n">GET</span> <span class="o">/</span><span class="n">tasks</span><span class="err">?</span><span class="n">completed</span><span class="o">=</span><span class="n">true</span> <span class="c1"># completed = True (filter completed) </span><span class="n">GET</span> <span class="o">/</span><span class="n">tasks</span><span class="err">?</span><span class="n">completed</span><span class="o">=</span><span class="n">false</span> <span class="c1"># completed = False (filter pending) </span></code></pre> </div> <p>Without <code>is not None</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Bad </span><span class="k">if</span> <span class="n">completed</span><span class="p">:</span> <span class="n">query</span> <span class="o">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">Task</span><span class="p">.</span><span class="n">completed</span> <span class="o">==</span> <span class="n">completed</span><span class="p">)</span> <span class="c1"># GET /tasks?completed=false # completed = False # if False: -&gt; doesn't execute! # Filter not applied! Bug! </span></code></pre> </div> <p>With <code>is not None</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Good </span><span class="k">if</span> <span class="n">completed</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="n">query</span> <span class="o">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">Task</span><span class="p">.</span><span class="n">completed</span> <span class="o">==</span> <span class="n">completed</span><span class="p">)</span> <span class="c1"># GET /tasks?completed=false # completed = False # if False is not None: -&gt; True # Filter applied correctly! </span></code></pre> </div> <h3> Step 4: Implementing Search </h3> <p><strong>Case-insensitive search:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="n">search</span><span class="p">:</span> <span class="n">search_term</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">%</span><span class="si">{</span><span class="n">search</span><span class="si">}</span><span class="s">%</span><span class="sh">"</span> <span class="n">query</span> <span class="o">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span> <span class="nf">or_</span><span class="p">(</span> <span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">.</span><span class="n">title</span><span class="p">.</span><span class="nf">ilike</span><span class="p">(</span><span class="n">search_term</span><span class="p">),</span> <span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">.</span><span class="n">description</span><span class="p">.</span><span class="nf">ilike</span><span class="p">(</span><span class="n">search_term</span><span class="p">)</span> <span class="p">)</span> <span class="p">)</span> </code></pre> </div> <p><strong>Breaking it down:</strong></p> <p><strong>ILIKE (case-insensitive LIKE):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">Task</span><span class="p">.</span><span class="n">title</span><span class="p">.</span><span class="nf">ilike</span><span class="p">(</span><span class="sh">"</span><span class="s">%meeting%</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>Matches:</p> <ul> <li>"Team Meeting" ✅</li> <li>"meeting notes" ✅</li> <li>"MEETING" ✅</li> <li>"Status meeting tomorrow" ✅</li> </ul> <p>Doesn't match:</p> <ul> <li>"Project discussion" ❌</li> </ul> <p><strong>The <code>%</code> wildcards:</strong></p> <ul> <li> <code>meeting%</code> - Starts with "meeting"</li> <li> <code>%meeting</code> - Ends with "meeting"</li> <li> <code>%meeting%</code> - Contains "meeting" anywhere</li> </ul> <p><strong>OR condition:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nf">or_</span><span class="p">(</span> <span class="n">Task</span><span class="p">.</span><span class="n">title</span><span class="p">.</span><span class="nf">ilike</span><span class="p">(</span><span class="sh">"</span><span class="s">%meeting%</span><span class="sh">"</span><span class="p">),</span> <span class="n">Task</span><span class="p">.</span><span class="n">description</span><span class="p">.</span><span class="nf">ilike</span><span class="p">(</span><span class="sh">"</span><span class="s">%meeting%</span><span class="sh">"</span><span class="p">)</span> <span class="p">)</span> </code></pre> </div> <p><strong>SQL generated:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">WHERE</span> <span class="p">(</span><span class="n">title</span> <span class="k">ILIKE</span> <span class="s1">'%meeting%'</span> <span class="k">OR</span> <span class="n">description</span> <span class="k">ILIKE</span> <span class="s1">'%meeting%'</span><span class="p">)</span> </code></pre> </div> <p>Searches both title AND description!</p> <h3> Step 5: Dynamic Sorting </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">valid_sort_fields</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">created_at</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">updated_at</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">title</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">completed</span><span class="sh">"</span><span class="p">]</span> <span class="k">if</span> <span class="n">sort_by</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">valid_sort_fields</span><span class="p">:</span> <span class="n">sort_by</span> <span class="o">=</span> <span class="sh">"</span><span class="s">created_at</span><span class="sh">"</span> <span class="c1"># Fallback to safe default </span> <span class="n">column</span> <span class="o">=</span> <span class="nf">getattr</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">,</span> <span class="n">sort_by</span><span class="p">)</span> <span class="k">if</span> <span class="n">order</span> <span class="o">==</span> <span class="sh">"</span><span class="s">desc</span><span class="sh">"</span><span class="p">:</span> <span class="n">query</span> <span class="o">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">order_by</span><span class="p">(</span><span class="nf">desc</span><span class="p">(</span><span class="n">column</span><span class="p">))</span> <span class="k">else</span><span class="p">:</span> <span class="n">query</span> <span class="o">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">order_by</span><span class="p">(</span><span class="nf">asc</span><span class="p">(</span><span class="n">column</span><span class="p">))</span> </code></pre> </div> <p><strong>Why validate sort fields?</strong></p> <p><strong>Without validation (DANGEROUS):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># User sends malicious request </span><span class="n">GET</span> <span class="o">/</span><span class="n">tasks</span><span class="err">?</span><span class="n">sort_by</span><span class="o">=</span><span class="n">hashed_password</span> <span class="n">column</span> <span class="o">=</span> <span class="nf">getattr</span><span class="p">(</span><span class="n">Task</span><span class="p">,</span> <span class="sh">"</span><span class="s">hashed_password</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Leaks password hashes! </span><span class="n">query</span><span class="p">.</span><span class="nf">order_by</span><span class="p">(</span><span class="n">column</span><span class="p">)</span> </code></pre> </div> <p><strong>With validation (SAFE):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">valid_fields</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">created_at</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">title</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">completed</span><span class="sh">"</span><span class="p">]</span> <span class="k">if</span> <span class="n">sort_by</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">valid_fields</span><span class="p">:</span> <span class="n">sort_by</span> <span class="o">=</span> <span class="sh">"</span><span class="s">created_at</span><span class="sh">"</span> <span class="c1"># Use safe default </span> <span class="c1"># User sends malicious request </span><span class="n">GET</span> <span class="o">/</span><span class="n">tasks</span><span class="err">?</span><span class="n">sort_by</span><span class="o">=</span><span class="n">hashed_password</span> <span class="c1"># sort_by not in valid_fields # Defaults to "created_at" # Attack prevented! </span></code></pre> </div> <p><strong>Using getattr dynamically:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Static (hardcoded) </span><span class="k">if</span> <span class="n">sort_by</span> <span class="o">==</span> <span class="sh">"</span><span class="s">title</span><span class="sh">"</span><span class="p">:</span> <span class="n">query</span><span class="p">.</span><span class="nf">order_by</span><span class="p">(</span><span class="n">Task</span><span class="p">.</span><span class="n">title</span><span class="p">)</span> <span class="k">elif</span> <span class="n">sort_by</span> <span class="o">==</span> <span class="sh">"</span><span class="s">created_at</span><span class="sh">"</span><span class="p">:</span> <span class="n">query</span><span class="p">.</span><span class="nf">order_by</span><span class="p">(</span><span class="n">Task</span><span class="p">.</span><span class="n">created_at</span><span class="p">)</span> <span class="c1"># ... many elif statements </span> <span class="c1"># Dynamic (elegant) </span><span class="n">column</span> <span class="o">=</span> <span class="nf">getattr</span><span class="p">(</span><span class="n">Task</span><span class="p">,</span> <span class="n">sort_by</span><span class="p">)</span> <span class="n">query</span><span class="p">.</span><span class="nf">order_by</span><span class="p">(</span><span class="n">column</span><span class="p">)</span> </code></pre> </div> <h3> Step 6: Pagination </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">query</span> <span class="o">=</span> <span class="n">query</span><span class="p">.</span><span class="nf">offset</span><span class="p">(</span><span class="n">skip</span><span class="p">).</span><span class="nf">limit</span><span class="p">(</span><span class="n">limit</span><span class="p">)</span> </code></pre> </div> <p><strong>How pagination works:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Page 1 (records 1-20) </span><span class="n">skip</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> <span class="n">limit</span><span class="o">=</span><span class="mi">20</span> <span class="c1"># SELECT * FROM tasks LIMIT 20 OFFSET 0 </span> <span class="c1"># Page 2 (records 21-40) </span><span class="n">skip</span><span class="o">=</span><span class="mi">20</span><span class="p">,</span> <span class="n">limit</span><span class="o">=</span><span class="mi">20</span> <span class="c1"># SELECT * FROM tasks LIMIT 20 OFFSET 20 </span> <span class="c1"># Page 3 (records 41-60) </span><span class="n">skip</span><span class="o">=</span><span class="mi">40</span><span class="p">,</span> <span class="n">limit</span><span class="o">=</span><span class="mi">20</span> <span class="c1"># SELECT * FROM tasks LIMIT 20 OFFSET 40 </span></code></pre> </div> <p><strong>Calculating skip:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">page_number</span> <span class="o">=</span> <span class="mi">3</span> <span class="n">page_size</span> <span class="o">=</span> <span class="mi">20</span> <span class="n">skip</span> <span class="o">=</span> <span class="p">(</span><span class="n">page_number</span> <span class="o">-</span> <span class="mi">1</span><span class="p">)</span> <span class="o">*</span> <span class="n">page_size</span> <span class="c1"># (3-1) * 20 = 40 </span></code></pre> </div> <p><strong>Frontend implementation:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// React example</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">page</span><span class="p">,</span> <span class="nx">setPage</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">pageSize</span> <span class="o">=</span> <span class="mi">20</span><span class="p">;</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`/tasks?skip=</span><span class="p">${(</span><span class="nx">page</span> <span class="o">-</span> <span class="mi">1</span><span class="p">)</span> <span class="o">*</span> <span class="nx">pageSize</span><span class="p">}</span><span class="s2">&amp;limit=</span><span class="p">${</span><span class="nx">pageSize</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> </code></pre> </div> <h3> Step 7: Statistics Endpoint </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/stats</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">schemas</span><span class="p">.</span><span class="n">TaskStatsResponse</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_task_stats</span><span class="p">(</span> <span class="n">db</span><span class="p">:</span> <span class="n">Session</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">),</span> <span class="n">current_user</span><span class="p">:</span> <span class="n">models</span><span class="p">.</span><span class="n">User</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_current_user</span><span class="p">)</span> <span class="p">):</span> <span class="c1"># Base query </span> <span class="n">user_tasks</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span> <span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">.</span><span class="n">owner_id</span> <span class="o">==</span> <span class="n">current_user</span><span class="p">.</span><span class="nb">id</span> <span class="p">)</span> <span class="c1"># Total count </span> <span class="n">total</span> <span class="o">=</span> <span class="n">user_tasks</span><span class="p">.</span><span class="nf">count</span><span class="p">()</span> <span class="c1"># Completed count </span> <span class="n">completed</span> <span class="o">=</span> <span class="n">user_tasks</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">.</span><span class="n">completed</span> <span class="o">==</span> <span class="bp">True</span><span class="p">).</span><span class="nf">count</span><span class="p">()</span> <span class="c1"># Pending count </span> <span class="n">pending</span> <span class="o">=</span> <span class="n">total</span> <span class="o">-</span> <span class="n">completed</span> <span class="c1"># Completion rate (prevent division by zero!) </span> <span class="n">completion_rate</span> <span class="o">=</span> <span class="p">(</span><span class="n">completed</span> <span class="o">/</span> <span class="n">total</span> <span class="o">*</span> <span class="mi">100</span><span class="p">)</span> <span class="k">if</span> <span class="n">total</span> <span class="k">else</span> <span class="mi">0</span> <span class="c1"># Tasks created today </span> <span class="n">today_start</span> <span class="o">=</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">utcnow</span><span class="p">().</span><span class="nf">replace</span><span class="p">(</span> <span class="n">hour</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> <span class="n">minute</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> <span class="n">second</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> <span class="n">microsecond</span><span class="o">=</span><span class="mi">0</span> <span class="p">)</span> <span class="n">created_today</span> <span class="o">=</span> <span class="n">user_tasks</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span> <span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">.</span><span class="n">created_at</span> <span class="o">&gt;=</span> <span class="n">today_start</span> <span class="p">).</span><span class="nf">count</span><span class="p">()</span> <span class="c1"># Tasks created this week </span> <span class="n">week_start</span> <span class="o">=</span> <span class="n">today_start</span> <span class="o">-</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">days</span><span class="o">=</span><span class="n">today_start</span><span class="p">.</span><span class="nf">weekday</span><span class="p">())</span> <span class="n">created_this_week</span> <span class="o">=</span> <span class="n">user_tasks</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span> <span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">.</span><span class="n">created_at</span> <span class="o">&gt;=</span> <span class="n">week_start</span> <span class="p">).</span><span class="nf">count</span><span class="p">()</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">total</span><span class="sh">"</span><span class="p">:</span> <span class="n">total</span><span class="p">,</span> <span class="sh">"</span><span class="s">completed</span><span class="sh">"</span><span class="p">:</span> <span class="n">completed</span><span class="p">,</span> <span class="sh">"</span><span class="s">pending</span><span class="sh">"</span><span class="p">:</span> <span class="n">pending</span><span class="p">,</span> <span class="sh">"</span><span class="s">completion_rate</span><span class="sh">"</span><span class="p">:</span> <span class="nf">round</span><span class="p">(</span><span class="n">completion_rate</span><span class="p">,</span> <span class="mi">2</span><span class="p">),</span> <span class="sh">"</span><span class="s">created_today</span><span class="sh">"</span><span class="p">:</span> <span class="n">created_today</span><span class="p">,</span> <span class="sh">"</span><span class="s">created_this_week</span><span class="sh">"</span><span class="p">:</span> <span class="n">created_this_week</span> <span class="p">}</span> </code></pre> </div> <p><strong>Understanding the date calculations:</strong></p> <p><strong>Today start (midnight):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">today_start</span> <span class="o">=</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">utcnow</span><span class="p">().</span><span class="nf">replace</span><span class="p">(</span><span class="n">hour</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> <span class="n">minute</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> <span class="n">second</span><span class="o">=</span><span class="mi">0</span><span class="p">)</span> <span class="c1"># If now is: 2026-03-05 14:30:00 # today_start: 2026-03-05 00:00:00 </span></code></pre> </div> <p><strong>Week start (Monday):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># weekday() returns 0=Monday, 6=Sunday </span><span class="n">today_start</span><span class="p">.</span><span class="nf">weekday</span><span class="p">()</span> <span class="c1"># If Tuesday: returns 1 </span> <span class="n">week_start</span> <span class="o">=</span> <span class="n">today_start</span> <span class="o">-</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">days</span><span class="o">=</span><span class="mi">1</span><span class="p">)</span> <span class="c1"># Tuesday - 1 day = Monday </span></code></pre> </div> <p><strong>Edge case handling:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Bad (crashes on empty task list) </span><span class="n">completion_rate</span> <span class="o">=</span> <span class="p">(</span><span class="n">completed</span> <span class="o">/</span> <span class="n">total</span> <span class="o">*</span> <span class="mi">100</span><span class="p">)</span> <span class="c1"># ZeroDivisionError! </span> <span class="c1"># Good (handles zero total) </span><span class="n">completion_rate</span> <span class="o">=</span> <span class="p">(</span><span class="n">completed</span> <span class="o">/</span> <span class="n">total</span> <span class="o">*</span> <span class="mi">100</span><span class="p">)</span> <span class="k">if</span> <span class="n">total</span> <span class="k">else</span> <span class="mi">0</span> </code></pre> </div> <h3> Step 8: Database Indexing </h3> <p><strong>Update <code>models.py</code>:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Task</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">tasks</span><span class="sh">"</span> <span class="c1"># Add index=True to frequently queried columns </span> <span class="n">title</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">100</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">index</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">completed</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="n">Boolean</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">index</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">created_at</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="n">DateTime</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">datetime</span><span class="p">.</span><span class="n">utcnow</span><span class="p">,</span> <span class="n">index</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">owner_id</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="nc">ForeignKey</span><span class="p">(</span><span class="sh">"</span><span class="s">users.id</span><span class="sh">"</span><span class="p">),</span> <span class="n">index</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="c1"># Composite indexes for common query patterns </span> <span class="n">__table_args__</span> <span class="o">=</span> <span class="p">(</span> <span class="nc">Index</span><span class="p">(</span><span class="sh">'</span><span class="s">idx_owner_completed</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">owner_id</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">completed</span><span class="sh">'</span><span class="p">),</span> <span class="nc">Index</span><span class="p">(</span><span class="sh">'</span><span class="s">idx_owner_created</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">owner_id</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">created_at</span><span class="sh">'</span><span class="p">),</span> <span class="p">)</span> </code></pre> </div> <p><strong>Why indexes matter:</strong></p> <p><strong>Without index:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">tasks</span> <span class="k">WHERE</span> <span class="n">completed</span> <span class="o">=</span> <span class="k">false</span><span class="p">;</span> <span class="c1">-- Database scans every row (full table scan)</span> <span class="c1">-- 1,000 rows: ~50ms</span> <span class="c1">-- 100,000 rows: ~5,000ms (5 seconds!)</span> </code></pre> </div> <p><strong>With index:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">tasks</span> <span class="k">WHERE</span> <span class="n">completed</span> <span class="o">=</span> <span class="k">false</span><span class="p">;</span> <span class="c1">-- Database uses index (binary search)</span> <span class="c1">-- 1,000 rows: ~5ms</span> <span class="c1">-- 100,000 rows: ~50ms</span> </code></pre> </div> <p><strong>~100x faster with indexes!</strong></p> <p><strong>Composite indexes:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nc">Index</span><span class="p">(</span><span class="sh">'</span><span class="s">idx_owner_completed</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">owner_id</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">completed</span><span class="sh">'</span><span class="p">)</span> </code></pre> </div> <p>Optimizes queries like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">WHERE</span> <span class="n">owner_id</span> <span class="o">=</span> <span class="s1">'uuid'</span> <span class="k">AND</span> <span class="n">completed</span> <span class="o">=</span> <span class="k">false</span> </code></pre> </div> <p>Common in our API:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">query</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">Task</span><span class="p">.</span><span class="n">owner_id</span> <span class="o">==</span> <span class="n">current_user</span><span class="p">.</span><span class="nb">id</span><span class="p">,</span> <span class="n">Task</span><span class="p">.</span><span class="n">completed</span> <span class="o">==</span> <span class="bp">False</span><span class="p">)</span> </code></pre> </div> <p><strong>Index trade-offs:</strong></p> <p>Pros:</p> <ul> <li>✅ Much faster queries</li> <li>✅ Better user experience</li> </ul> <p>Cons:</p> <ul> <li>❌ Slightly slower writes (index must be updated)</li> <li>❌ More disk space (~10-30% overhead)</li> </ul> <p><strong>Worth it for read-heavy applications!</strong></p> <h2> Testing the Advanced Features </h2> <h3> Test 1: Filtering </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Get pending tasks</span> curl <span class="nt">-H</span> <span class="s2">"Authorization: Bearer TOKEN"</span> <span class="se">\</span> <span class="s2">"http://localhost:8000/tasks?completed=false"</span> <span class="c"># Get completed tasks</span> curl <span class="nt">-H</span> <span class="s2">"Authorization: Bearer TOKEN"</span> <span class="se">\</span> <span class="s2">"http://localhost:8000/tasks?completed=true"</span> </code></pre> </div> <h3> Test 2: Sorting </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Newest first</span> curl <span class="nt">-H</span> <span class="s2">"Authorization: Bearer TOKEN"</span> <span class="se">\</span> <span class="s2">"http://localhost:8000/tasks?sort_by=created_at&amp;order=desc"</span> <span class="c"># Alphabetical by title</span> curl <span class="nt">-H</span> <span class="s2">"Authorization: Bearer TOKEN"</span> <span class="se">\</span> <span class="s2">"http://localhost:8000/tasks?sort_by=title&amp;order=asc"</span> </code></pre> </div> <h3> Test 3: Search </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Find tasks with "meeting"</span> curl <span class="nt">-H</span> <span class="s2">"Authorization: Bearer TOKEN"</span> <span class="se">\</span> <span class="s2">"http://localhost:8000/tasks?search=meeting"</span> <span class="c"># Case doesn't matter!</span> curl <span class="nt">-H</span> <span class="s2">"Authorization: Bearer TOKEN"</span> <span class="se">\</span> <span class="s2">"http://localhost:8000/tasks?search=MEETING"</span> <span class="c"># Same results</span> </code></pre> </div> <h3> Test 4: Pagination </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># First page</span> curl <span class="nt">-H</span> <span class="s2">"Authorization: Bearer TOKEN"</span> <span class="se">\</span> <span class="s2">"http://localhost:8000/tasks?skip=0&amp;limit=20"</span> <span class="c"># Second page</span> curl <span class="nt">-H</span> <span class="s2">"Authorization: Bearer TOKEN"</span> <span class="se">\</span> <span class="s2">"http://localhost:8000/tasks?skip=20&amp;limit=20"</span> </code></pre> </div> <h3> Test 5: Combined Query </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Pending tasks with "project", sorted by date, page 1</span> curl <span class="nt">-H</span> <span class="s2">"Authorization: Bearer TOKEN"</span> <span class="se">\</span> <span class="s2">"http://localhost:8000/tasks?completed=false&amp;search=project&amp;sort_by=created_at&amp;order=desc&amp;limit=10"</span> </code></pre> </div> <h3> Test 6: Statistics </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-H</span> <span class="s2">"Authorization: Bearer TOKEN"</span> <span class="se">\</span> <span class="s2">"http://localhost:8000/tasks/stats"</span> </code></pre> </div> <p><strong>Response:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"total"</span><span class="p">:</span><span class="w"> </span><span class="mi">25</span><span class="p">,</span><span class="w"> </span><span class="nl">"completed"</span><span class="p">:</span><span class="w"> </span><span class="mi">10</span><span class="p">,</span><span class="w"> </span><span class="nl">"pending"</span><span class="p">:</span><span class="w"> </span><span class="mi">15</span><span class="p">,</span><span class="w"> </span><span class="nl">"completion_rate"</span><span class="p">:</span><span class="w"> </span><span class="mf">40.0</span><span class="p">,</span><span class="w"> </span><span class="nl">"created_today"</span><span class="p">:</span><span class="w"> </span><span class="mi">3</span><span class="p">,</span><span class="w"> </span><span class="nl">"created_this_week"</span><span class="p">:</span><span class="w"> </span><span class="mi">8</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Performance Comparison </h2> <h3> Before (Day 3): </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Get all tasks (no pagination) </span><span class="n">SELECT</span> <span class="o">*</span> <span class="n">FROM</span> <span class="n">tasks</span> <span class="n">WHERE</span> <span class="n">owner_id</span> <span class="o">=</span> <span class="sh">'</span><span class="s">uuid</span><span class="sh">'</span> <span class="c1"># Returns: 1,000 tasks # Time: 500ms # Data transfer: 500KB </span></code></pre> </div> <h3> After (Day 4): </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Get filtered, sorted, paginated tasks </span><span class="n">SELECT</span> <span class="o">*</span> <span class="n">FROM</span> <span class="n">tasks</span> <span class="n">WHERE</span> <span class="n">owner_id</span> <span class="o">=</span> <span class="sh">'</span><span class="s">uuid</span><span class="sh">'</span> <span class="n">AND</span> <span class="n">completed</span> <span class="o">=</span> <span class="n">false</span> <span class="n">ORDER</span> <span class="n">BY</span> <span class="n">created_at</span> <span class="n">DESC</span> <span class="n">LIMIT</span> <span class="mi">20</span> <span class="n">OFFSET</span> <span class="mi">0</span> <span class="c1"># Returns: 20 tasks # Time: 50ms (with indexes) # Data transfer: 10KB </span></code></pre> </div> <p><strong>Improvement:</strong> 10x faster, 50x less data!</p> <h2> Real-World Impact </h2> <p><strong>Before advanced queries:</strong></p> <ul> <li>User has 5,000 tasks</li> <li>Page loads all 5,000 (slow, crashes mobile apps)</li> <li>Can't find specific tasks</li> <li>No insights into productivity</li> </ul> <p><strong>After advanced queries:</strong></p> <ul> <li>Loads 20 tasks at a time (fast on any device)</li> <li>Search finds tasks instantly</li> <li>Filter shows only what's needed</li> <li>Statistics provide insights</li> </ul> <p><strong>This transforms the API from proof-of-concept to product.</strong></p> <h2> Common Mistakes I Avoided </h2> <h3> Mistake 1: Not Checking completed is not None </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Bad - breaks for completed=false </span><span class="k">if</span> <span class="n">completed</span><span class="p">:</span> <span class="n">query</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">Task</span><span class="p">.</span><span class="n">completed</span> <span class="o">==</span> <span class="n">completed</span><span class="p">)</span> <span class="c1"># Good - works for all cases </span><span class="k">if</span> <span class="n">completed</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="n">query</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">Task</span><span class="p">.</span><span class="n">completed</span> <span class="o">==</span> <span class="n">completed</span><span class="p">)</span> </code></pre> </div> <h3> Mistake 2: No Sort Field Validation </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Bad - SQL injection risk </span><span class="n">column</span> <span class="o">=</span> <span class="nf">getattr</span><span class="p">(</span><span class="n">Task</span><span class="p">,</span> <span class="n">sort_by</span><span class="p">)</span> <span class="c1"># User could send "password" </span> <span class="c1"># Good - whitelist validation </span><span class="n">valid_fields</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">created_at</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">title</span><span class="sh">"</span><span class="p">]</span> <span class="k">if</span> <span class="n">sort_by</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">valid_fields</span><span class="p">:</span> <span class="n">sort_by</span> <span class="o">=</span> <span class="sh">"</span><span class="s">created_at</span><span class="sh">"</span> <span class="n">column</span> <span class="o">=</span> <span class="nf">getattr</span><span class="p">(</span><span class="n">Task</span><span class="p">,</span> <span class="n">sort_by</span><span class="p">)</span> </code></pre> </div> <h3> Mistake 3: Unlimited Pagination </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Bad - user can request millions of records </span><span class="n">limit</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="nc">Query</span><span class="p">(</span><span class="mi">20</span><span class="p">)</span> <span class="c1"># Good - constrain to reasonable max </span><span class="n">limit</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="nc">Query</span><span class="p">(</span><span class="mi">20</span><span class="p">,</span> <span class="n">ge</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> <span class="n">le</span><span class="o">=</span><span class="mi">100</span><span class="p">)</span> </code></pre> </div> <h3> Mistake 4: Case-Sensitive Search </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Bad - won't match "Meeting" when searching "meeting" </span><span class="n">Task</span><span class="p">.</span><span class="n">title</span><span class="p">.</span><span class="nf">like</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">%</span><span class="si">{</span><span class="n">search</span><span class="si">}</span><span class="s">%</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Good - case-insensitive </span><span class="n">Task</span><span class="p">.</span><span class="n">title</span><span class="p">.</span><span class="nf">ilike</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">%</span><span class="si">{</span><span class="n">search</span><span class="si">}</span><span class="s">%</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> Mistake 5: Division by Zero </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Bad - crashes on empty task list </span><span class="n">completion_rate</span> <span class="o">=</span> <span class="p">(</span><span class="n">completed</span> <span class="o">/</span> <span class="n">total</span> <span class="o">*</span> <span class="mi">100</span><span class="p">)</span> <span class="c1"># Good - handle zero case </span><span class="n">completion_rate</span> <span class="o">=</span> <span class="p">(</span><span class="n">completed</span> <span class="o">/</span> <span class="n">total</span> <span class="o">*</span> <span class="mi">100</span><span class="p">)</span> <span class="k">if</span> <span class="n">total</span> <span class="k">else</span> <span class="mi">0</span> </code></pre> </div> <h2> What I Learned </h2> <h3> Technical Skills </h3> <p>✅ Advanced SQLAlchemy query composition<br><br> ✅ FastAPI Query parameter validation<br><br> ✅ Database indexing strategies<br><br> ✅ Pagination implementation<br><br> ✅ Case-insensitive search (ILIKE)<br><br> ✅ Aggregation queries (COUNT, date filters)<br><br> ✅ Dynamic column access with getattr </p> <h3> Conceptual Understanding </h3> <p>✅ Query chaining and lazy evaluation<br><br> ✅ Index trade-offs (speed vs space)<br><br> ✅ Security via input validation<br><br> ✅ Edge case handling (zero division)<br><br> ✅ Performance optimization strategies </p> <h3> API Design Patterns </h3> <p>✅ Standard query parameter conventions<br><br> ✅ Pagination with skip/limit<br><br> ✅ Multi-field sorting<br><br> ✅ Combined query parameters<br><br> ✅ Statistics endpoints for analytics </p> <h2> The "Aha!" Moments </h2> <p><strong>1. Queries aren't executed until .all()</strong><br> Building queries is cheap. Executing is expensive. Chain operations freely!</p> <p><strong>2. Indexes are like book indexes</strong><br> Without index: Read every page to find "PostgreSQL"<br><br> With index: Jump directly to pages with "PostgreSQL"</p> <p><strong>3. Validation prevents attacks</strong><br> Whitelisting sort fields isn't just best practice - it's security!</p> <p><strong>4. Query parameters compose beautifully</strong><br> <code>?completed=false&amp;search=meeting&amp;sort_by=created_at</code><br><br> Each parameter is independent but they work together!</p> <h2> Tomorrow's Plans </h2> <p>Day 5 will add:</p> <ul> <li>Task categories/tags (many-to-many relationship)</li> <li>Tag-based filtering</li> <li>Bulk operations (delete multiple, update multiple)</li> <li>Export functionality (CSV download)</li> </ul> <p>But today? Today I celebrate building a <strong>production-ready query system</strong> that handles scale! 🎉</p> <h2> Resources That Helped </h2> <ul> <li><a href="https://docs.sqlalchemy.org/en/14/orm/query.html" rel="noopener noreferrer">SQLAlchemy Query API</a></li> <li><a href="https://fastapi.tiangolo.com/tutorial/query-params/" rel="noopener noreferrer">FastAPI Query Parameters</a></li> <li><a href="https://www.postgresql.org/docs/current/indexes.html" rel="noopener noreferrer">PostgreSQL Indexing</a></li> </ul> <h2> Full Code </h2> <p>Complete code on GitHub:<br> <a href="https://github.com/archi-jain/100-days-of-python/tree/main/days/004" rel="noopener noreferrer">100-days-of-python/days/004</a></p> <p><strong>Time Investment:</strong> 2.5 hours<br><br> <strong>Knowledge Gained:</strong> Production query optimization skills<br><br> <strong>Feeling:</strong> Like I built something that actually scales 📊</p> <p><strong>Day 4/100 complete!</strong> ✅</p> <p>Tomorrow: Many-to-many relationships and bulk operations</p> <p><em>Following my journey?</em><br><br> 📝 <a href="https://dev.to/archijain">Blog</a> | đŸĻ <a href="https://x.com/ArchiLearns" rel="noopener noreferrer">Twitter</a> | đŸ’ŧ <a href="https://www.linkedin.com/in/archijain19/" rel="noopener noreferrer">LinkedIn</a></p> <p><strong>Tags:</strong> #100DaysOfCode #Python #FastAPI #PostgreSQL #SQLAlchemy #BackendDevelopment #DatabaseOptimization #APIDesign #PerformanceTuning #LearningInPublic</p> 100daysofcode python backend fastapi Day 3/100: Adding JWT Authentication - Secure APIs with FastAPI archi-jain Fri, 06 Mar 2026 17:46:50 +0000 https://dev.to/archijain/day-3100-adding-jwt-authentication-secure-apis-with-fastapi-28pg https://dev.to/archijain/day-3100-adding-jwt-authentication-secure-apis-with-fastapi-28pg <blockquote> <p>Part of my 100 Days of Code journey. Today we go from single-user to multi-user with proper security.</p> </blockquote> <h2> The Challenge </h2> <p>Add JWT-based authentication to the Task Management API, enabling user registration, login, and secure task isolation.</p> <p><strong>The Problem:</strong> Yesterday's API works great for one person. But what if multiple people use it? How do we know who owns which tasks? How do we keep data private?</p> <p><strong>The Solution:</strong> Implement industry-standard JWT authentication with password hashing, user management, and authorization.</p> <h2> Why Authentication Matters </h2> <p>Let me tell you what happens without authentication:</p> <p>If you build APIs without authentication, you don't really have an application.</p> <p>You have an <strong>open database with HTTP access.</strong></p> <p>Imagine a production task manager where:</p> <p>User A could see User B's tasks.</p> <p>User B could delete User A's tasks.</p> <p>That would be chaos.</p> <p><strong>This isn't a feature. It's a security nightmare.</strong></p> <p>Today, we fix all of this.</p> <h2> What We're Building </h2> <p>Authentication has three parts:</p> <ol> <li> <strong>Registration</strong> - Create a new user account</li> <li> <strong>Login</strong> - Verify credentials, issue token</li> <li> <strong>Authorization</strong> - Validate token, restrict access</li> </ol> <p>Plus security features:</p> <ul> <li>Password hashing (never store plain text!)</li> <li>JWT tokens (stateless authentication)</li> <li>User isolation (can't see others' data)</li> </ul> <h2> Understanding JWT </h2> <p><strong>JWT (JSON Web Token)</strong> is how modern APIs handle authentication.</p> <h3> Traditional Session-Based Auth: </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. User logs in 2. Server creates session, stores in database 3. Server sends session ID to user 4. User sends session ID with each request 5. Server looks up session in database </code></pre> </div> <p><strong>Problem:</strong> Server must store sessions. Doesn't scale well.</p> <h3> JWT Token-Based Auth: </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. User logs in 2. Server creates JWT (signed with secret) 3. Server sends JWT to user 4. User sends JWT with each request 5. Server verifies signature (no database lookup!) </code></pre> </div> <p><strong>Benefit:</strong> Stateless! Server doesn't store anything.</p> <h3> JWT Structure </h3> <p>A JWT has three parts:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>header.payload.signature Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhcmNoaSIsImV4cCI6MTY3ODkwMTIzNH0.rYVvXZ9f_Q... </code></pre> </div> <p><strong>Header</strong> (base64 encoded):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"HS256"</span><span class="p">,</span><span class="w"> </span><span class="nl">"typ"</span><span class="p">:</span><span class="w"> </span><span class="s2">"JWT"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>Payload</strong> (base64 encoded):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"sub"</span><span class="p">:</span><span class="w"> </span><span class="s2">"archi"</span><span class="p">,</span><span class="w"> </span><span class="nl">"exp"</span><span class="p">:</span><span class="w"> </span><span class="mi">1678901234</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>Signature</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), SECRET_KEY ) </code></pre> </div> <p><strong>Key point:</strong> Anyone can decode header and payload (they're just base64). But only someone with the SECRET_KEY can create a valid signature.</p> <p>This means:</p> <ul> <li>✅ Server can verify token wasn't tampered with</li> <li>✅ No database lookup needed</li> <li>✅ Token is self-contained</li> </ul> <h2> Step-by-Step Implementation </h2> <h3> Step 1: Installing Dependencies </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>python-jose[cryptography] passlib[bcrypt] python-multipart </code></pre> </div> <p><strong>Why these packages?</strong></p> <ul> <li> <code>python-jose</code>: JWT creation and validation</li> <li> <code>passlib[bcrypt]</code>: Password hashing (bcrypt algorithm)</li> <li> <code>python-multipart</code>: Required for OAuth2 forms</li> </ul> <h3> Step 2: Environment Configuration </h3> <p>Create <code>.env</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>SECRET_KEY=your-super-secret-key-min-32-characters-long ALGORITHM=HS256 ACCESS_TOKEN_EXPIRE_MINUTES=30 </code></pre> </div> <p><strong>Generate a secure SECRET_KEY:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python3 <span class="nt">-c</span> <span class="s2">"import secrets; print(secrets.token_urlsafe(32))"</span> </code></pre> </div> <p><strong>CRITICAL:</strong> Never commit <code>.env</code> to Git. Add to <code>.gitignore</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">echo</span> <span class="s2">".env"</span> <span class="o">&gt;&gt;</span> .gitignore </code></pre> </div> <h3> Step 3: Password Hashing </h3> <p><strong>Why hash passwords?</strong></p> <p><strong>Scenario:</strong> Your database gets hacked.</p> <p><strong>If you store plain text:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>username: archi password: securepass123 ← Attacker sees this! </code></pre> </div> <p><strong>If you hash:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>username: archi hashed_password: $2b$12$LQv3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8/ ← Useless to attacker! </code></pre> </div> <p><strong>Create <code>auth.py</code>:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">passlib.context</span> <span class="kn">import</span> <span class="n">CryptContext</span> <span class="n">pwd_context</span> <span class="o">=</span> <span class="nc">CryptContext</span><span class="p">(</span><span class="n">schemes</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">bcrypt</span><span class="sh">"</span><span class="p">],</span> <span class="n">deprecated</span><span class="o">=</span><span class="sh">"</span><span class="s">auto</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_password_hash</span><span class="p">(</span><span class="n">password</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="k">return</span> <span class="n">pwd_context</span><span class="p">.</span><span class="nf">hash</span><span class="p">(</span><span class="n">password</span><span class="p">)</span> <span class="k">def</span> <span class="nf">verify_password</span><span class="p">(</span><span class="n">plain_password</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">hashed_password</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="k">return</span> <span class="n">pwd_context</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="n">plain_password</span><span class="p">,</span> <span class="n">hashed_password</span><span class="p">)</span> </code></pre> </div> <p><strong>How bcrypt works:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Hashing (when user registers) </span><span class="n">password</span> <span class="o">=</span> <span class="sh">"</span><span class="s">securepass123</span><span class="sh">"</span> <span class="n">hashed</span> <span class="o">=</span> <span class="nf">get_password_hash</span><span class="p">(</span><span class="n">password</span><span class="p">)</span> <span class="c1"># Result: $2b$12$LQv3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8/... </span> <span class="c1"># Verification (when user logs in) </span><span class="n">entered_password</span> <span class="o">=</span> <span class="sh">"</span><span class="s">securepass123</span><span class="sh">"</span> <span class="n">is_valid</span> <span class="o">=</span> <span class="nf">verify_password</span><span class="p">(</span><span class="n">entered_password</span><span class="p">,</span> <span class="n">hashed</span><span class="p">)</span> <span class="c1"># Result: True </span> <span class="c1"># Wrong password </span><span class="n">wrong_password</span> <span class="o">=</span> <span class="sh">"</span><span class="s">wrongpass</span><span class="sh">"</span> <span class="n">is_valid</span> <span class="o">=</span> <span class="nf">verify_password</span><span class="p">(</span><span class="n">wrong_password</span><span class="p">,</span> <span class="n">hashed</span><span class="p">)</span> <span class="c1"># Result: False </span></code></pre> </div> <p><strong>Bcrypt automatically:</strong></p> <ul> <li>Generates random salt (prevents rainbow table attacks)</li> <li>Uses slow algorithm (prevents brute force)</li> <li>Includes salt in output (no need to store separately)</li> </ul> <h3> Step 4: JWT Token Creation </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">datetime</span><span class="p">,</span> <span class="n">timedelta</span> <span class="kn">from</span> <span class="n">jose</span> <span class="kn">import</span> <span class="n">jwt</span> <span class="kn">import</span> <span class="n">os</span> <span class="n">SECRET_KEY</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">"</span><span class="s">SECRET_KEY</span><span class="sh">"</span><span class="p">)</span> <span class="n">ALGORITHM</span> <span class="o">=</span> <span class="sh">"</span><span class="s">HS256</span><span class="sh">"</span> <span class="n">ACCESS_TOKEN_EXPIRE_MINUTES</span> <span class="o">=</span> <span class="mi">30</span> <span class="k">def</span> <span class="nf">create_access_token</span><span class="p">(</span><span class="n">data</span><span class="p">:</span> <span class="nb">dict</span><span class="p">):</span> <span class="n">to_encode</span> <span class="o">=</span> <span class="n">data</span><span class="p">.</span><span class="nf">copy</span><span class="p">()</span> <span class="n">expire</span> <span class="o">=</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">utcnow</span><span class="p">()</span> <span class="o">+</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">minutes</span><span class="o">=</span><span class="n">ACCESS_TOKEN_EXPIRE_MINUTES</span><span class="p">)</span> <span class="n">to_encode</span><span class="p">.</span><span class="nf">update</span><span class="p">({</span><span class="sh">"</span><span class="s">exp</span><span class="sh">"</span><span class="p">:</span> <span class="n">expire</span><span class="p">})</span> <span class="n">encoded_jwt</span> <span class="o">=</span> <span class="n">jwt</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span><span class="n">to_encode</span><span class="p">,</span> <span class="n">SECRET_KEY</span><span class="p">,</span> <span class="n">algorithm</span><span class="o">=</span><span class="n">ALGORITHM</span><span class="p">)</span> <span class="k">return</span> <span class="n">encoded_jwt</span> </code></pre> </div> <p><strong>Breaking it down:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Input </span><span class="n">data</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">sub</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">archi</span><span class="sh">"</span><span class="p">}</span> <span class="c1"># Add expiration </span><span class="n">to_encode</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">sub</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">archi</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">exp</span><span class="sh">"</span><span class="p">:</span> <span class="mi">1678901234</span><span class="p">}</span> <span class="c1"># Encode with secret </span><span class="n">token</span> <span class="o">=</span> <span class="n">jwt</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span><span class="n">to_encode</span><span class="p">,</span> <span class="n">SECRET_KEY</span><span class="p">,</span> <span class="n">algorithm</span><span class="o">=</span><span class="sh">"</span><span class="s">HS256</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Result </span><span class="sh">"</span><span class="s">eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhcmNoaSIsImV4cCI6MTY3ODkwMTIzNH0.signature</span><span class="sh">"</span> </code></pre> </div> <p><strong>What's "sub"?</strong></p> <ul> <li>JWT standard claim</li> <li>"Subject" - who the token is about</li> <li>We use username as the subject</li> </ul> <h3> Step 5: Token Validation </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">jose</span> <span class="kn">import</span> <span class="n">jwt</span><span class="p">,</span> <span class="n">JWTError</span> <span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">HTTPException</span><span class="p">,</span> <span class="n">status</span> <span class="k">def</span> <span class="nf">get_current_user</span><span class="p">(</span><span class="n">token</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">db</span><span class="p">:</span> <span class="n">Session</span><span class="p">):</span> <span class="n">credentials_exception</span> <span class="o">=</span> <span class="nc">HTTPException</span><span class="p">(</span> <span class="n">status_code</span><span class="o">=</span><span class="n">status</span><span class="p">.</span><span class="n">HTTP_401_UNAUTHORIZED</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Invalid credentials</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">WWW-Authenticate</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Bearer</span><span class="sh">"</span><span class="p">},</span> <span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="n">payload</span> <span class="o">=</span> <span class="n">jwt</span><span class="p">.</span><span class="nf">decode</span><span class="p">(</span><span class="n">token</span><span class="p">,</span> <span class="n">SECRET_KEY</span><span class="p">,</span> <span class="n">algorithms</span><span class="o">=</span><span class="p">[</span><span class="n">ALGORITHM</span><span class="p">])</span> <span class="n">username</span> <span class="o">=</span> <span class="n">payload</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">sub</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">username</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="k">raise</span> <span class="n">credentials_exception</span> <span class="k">except</span> <span class="n">JWTError</span><span class="p">:</span> <span class="k">raise</span> <span class="n">credentials_exception</span> <span class="n">user</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">User</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span><span class="n">User</span><span class="p">.</span><span class="n">username</span> <span class="o">==</span> <span class="n">username</span><span class="p">).</span><span class="nf">first</span><span class="p">()</span> <span class="k">if</span> <span class="n">user</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="k">raise</span> <span class="n">credentials_exception</span> <span class="k">return</span> <span class="n">user</span> </code></pre> </div> <p><strong>What can go wrong?</strong></p> <ol> <li> <strong>Token expired</strong> → JWTError raised</li> <li> <strong>Invalid signature</strong> → JWTError raised (token was tampered with)</li> <li> <strong>Missing "sub"</strong> → credentials_exception</li> <li> <strong>User doesn't exist</strong> → credentials_exception</li> </ol> <p><strong>All result in 401 Unauthorized</strong> - never tell attackers which part failed!</p> <h3> Step 6: OAuth2 Password Bearer </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi.security</span> <span class="kn">import</span> <span class="n">OAuth2PasswordBearer</span> <span class="n">oauth2_scheme</span> <span class="o">=</span> <span class="nc">OAuth2PasswordBearer</span><span class="p">(</span><span class="n">tokenUrl</span><span class="o">=</span><span class="sh">"</span><span class="s">/auth/login</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>What this does:</strong></p> <ol> <li>Tells FastAPI where to get tokens from</li> <li>Automatically extracts token from <code>Authorization: Bearer &lt;token&gt;</code> header</li> <li>Shows "Authorize" button in /docs</li> <li>Returns 401 if token missing</li> </ol> <p><strong>Using it:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">get_current_user</span><span class="p">(</span> <span class="n">token</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">oauth2_scheme</span><span class="p">),</span> <span class="c1"># Auto-extracts token! </span> <span class="n">db</span><span class="p">:</span> <span class="n">Session</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">)</span> <span class="p">):</span> <span class="c1"># token is already extracted from Authorization header </span> <span class="c1"># ... </span></code></pre> </div> <h3> Step 7: User Model </h3> <p><strong>Update <code>models.py</code>:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">sqlalchemy</span> <span class="kn">import</span> <span class="n">Column</span><span class="p">,</span> <span class="n">String</span><span class="p">,</span> <span class="n">Boolean</span><span class="p">,</span> <span class="n">ForeignKey</span> <span class="kn">from</span> <span class="n">sqlalchemy.orm</span> <span class="kn">import</span> <span class="n">relationship</span> <span class="k">class</span> <span class="nc">User</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">users</span><span class="sh">"</span> <span class="nb">id</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="n">primary_key</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">uuid</span><span class="p">.</span><span class="n">uuid4</span><span class="p">)</span> <span class="n">username</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">50</span><span class="p">),</span> <span class="n">unique</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">index</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">email</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">100</span><span class="p">),</span> <span class="n">unique</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">index</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">hashed_password</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">255</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">is_active</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="n">Boolean</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">created_at</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="n">DateTime</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">datetime</span><span class="p">.</span><span class="n">utcnow</span><span class="p">)</span> <span class="c1"># Relationship </span> <span class="n">tasks</span> <span class="o">=</span> <span class="nf">relationship</span><span class="p">(</span><span class="sh">"</span><span class="s">Task</span><span class="sh">"</span><span class="p">,</span> <span class="n">back_populates</span><span class="o">=</span><span class="sh">"</span><span class="s">owner</span><span class="sh">"</span><span class="p">,</span> <span class="n">cascade</span><span class="o">=</span><span class="sh">"</span><span class="s">all, delete-orphan</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>Key fields:</strong></p> <ul> <li> <code>username</code>: Must be unique (for login)</li> <li> <code>email</code>: Must be unique (for verification)</li> <li> <code>hashed_password</code>: NEVER plain text!</li> <li> <code>is_active</code>: Allows disabling accounts</li> <li> <code>index=True</code>: Fast lookups (we search by username often)</li> </ul> <p><strong>Relationship:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">tasks</span> <span class="o">=</span> <span class="nf">relationship</span><span class="p">(</span><span class="sh">"</span><span class="s">Task</span><span class="sh">"</span><span class="p">,</span> <span class="n">back_populates</span><span class="o">=</span><span class="sh">"</span><span class="s">owner</span><span class="sh">"</span><span class="p">,</span> <span class="n">cascade</span><span class="o">=</span><span class="sh">"</span><span class="s">all, delete-orphan</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <ul> <li>User can have many tasks</li> <li>If user deleted, delete their tasks too (<code>cascade</code>)</li> </ul> <h3> Step 8: Updated Task Model </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Task</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">tasks</span><span class="sh">"</span> <span class="c1"># ... existing fields ... </span> <span class="c1"># NEW: Foreign key </span> <span class="n">owner_id</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="nc">ForeignKey</span><span class="p">(</span><span class="sh">"</span><span class="s">users.id</span><span class="sh">"</span><span class="p">,</span> <span class="n">ondelete</span><span class="o">=</span><span class="sh">"</span><span class="s">CASCADE</span><span class="sh">"</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="c1"># NEW: Relationship </span> <span class="n">owner</span> <span class="o">=</span> <span class="nf">relationship</span><span class="p">(</span><span class="sh">"</span><span class="s">User</span><span class="sh">"</span><span class="p">,</span> <span class="n">back_populates</span><span class="o">=</span><span class="sh">"</span><span class="s">tasks</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>Foreign key:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">owner_id</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="nc">ForeignKey</span><span class="p">(</span><span class="sh">"</span><span class="s">users.id</span><span class="sh">"</span><span class="p">,</span> <span class="n">ondelete</span><span class="o">=</span><span class="sh">"</span><span class="s">CASCADE</span><span class="sh">"</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> </code></pre> </div> <ul> <li>Links task to a user</li> <li> <code>ondelete="CASCADE"</code>: If user deleted, delete task</li> <li> <code>nullable=False</code>: Every task MUST have an owner</li> </ul> <p><strong>Database visualization:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>users table: id | username | email | hashed_password 1 | archi | ... | $2b$12... tasks table: id | title | owner_id (FK) 1 | Learn JWT | 1 (points to archi) 2 | Build API | 1 (points to archi) </code></pre> </div> <h3> Step 9: Pydantic Schemas </h3> <p><strong>Update <code>schemas.py</code>:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">pydantic</span> <span class="kn">import</span> <span class="n">BaseModel</span><span class="p">,</span> <span class="n">EmailStr</span> <span class="k">class</span> <span class="nc">UserCreate</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">username</span><span class="p">:</span> <span class="nb">str</span> <span class="n">email</span><span class="p">:</span> <span class="n">EmailStr</span> <span class="n">password</span><span class="p">:</span> <span class="nb">str</span> <span class="k">class</span> <span class="nc">UserResponse</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="nb">id</span><span class="p">:</span> <span class="n">UUID</span> <span class="n">username</span><span class="p">:</span> <span class="nb">str</span> <span class="n">email</span><span class="p">:</span> <span class="nb">str</span> <span class="n">is_active</span><span class="p">:</span> <span class="nb">bool</span> <span class="n">created_at</span><span class="p">:</span> <span class="n">datetime</span> <span class="c1"># NO PASSWORD! Never expose hashes </span> <span class="k">class</span> <span class="nc">Config</span><span class="p">:</span> <span class="n">from_attributes</span> <span class="o">=</span> <span class="bp">True</span> <span class="k">class</span> <span class="nc">Token</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">access_token</span><span class="p">:</span> <span class="nb">str</span> <span class="n">token_type</span><span class="p">:</span> <span class="nb">str</span> </code></pre> </div> <p><strong>Critical: UserResponse excludes password!</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># BAD - exposes password hash </span><span class="k">class</span> <span class="nc">UserResponse</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">username</span><span class="p">:</span> <span class="nb">str</span> <span class="n">hashed_password</span><span class="p">:</span> <span class="nb">str</span> <span class="c1"># ❌ NEVER! </span> <span class="c1"># GOOD </span><span class="k">class</span> <span class="nc">UserResponse</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">username</span><span class="p">:</span> <span class="nb">str</span> <span class="c1"># No password field ✅ </span></code></pre> </div> <h3> Step 10: Registration Endpoint </h3> <p><strong>Create <code>routers/auth_router.py</code>:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/register</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">schemas</span><span class="p">.</span><span class="n">UserResponse</span><span class="p">)</span> <span class="k">def</span> <span class="nf">register</span><span class="p">(</span><span class="n">user</span><span class="p">:</span> <span class="n">schemas</span><span class="p">.</span><span class="n">UserCreate</span><span class="p">,</span> <span class="n">db</span><span class="p">:</span> <span class="n">Session</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">)):</span> <span class="c1"># Check if username exists </span> <span class="n">existing</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">User</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span> <span class="n">models</span><span class="p">.</span><span class="n">User</span><span class="p">.</span><span class="n">username</span> <span class="o">==</span> <span class="n">user</span><span class="p">.</span><span class="n">username</span> <span class="p">).</span><span class="nf">first</span><span class="p">()</span> <span class="k">if</span> <span class="n">existing</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="n">status_code</span><span class="o">=</span><span class="mi">400</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Username already exists</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Create user with hashed password </span> <span class="n">new_user</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">User</span><span class="p">(</span> <span class="n">username</span><span class="o">=</span><span class="n">user</span><span class="p">.</span><span class="n">username</span><span class="p">,</span> <span class="n">email</span><span class="o">=</span><span class="n">user</span><span class="p">.</span><span class="n">email</span><span class="p">,</span> <span class="n">hashed_password</span><span class="o">=</span><span class="nf">get_password_hash</span><span class="p">(</span><span class="n">user</span><span class="p">.</span><span class="n">password</span><span class="p">)</span> <span class="c1"># Hash it! </span> <span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">new_user</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="n">db</span><span class="p">.</span><span class="nf">refresh</span><span class="p">(</span><span class="n">new_user</span><span class="p">)</span> <span class="k">return</span> <span class="n">new_user</span> </code></pre> </div> <p><strong>Security checks:</strong></p> <ol> <li> <strong>Verify username doesn't exist</strong> - Prevents duplicates</li> <li> <strong>Hash password before storing</strong> - NEVER store plain text!</li> <li> <strong>Return user without password</strong> - UserResponse excludes it</li> </ol> <h3> Step 11: Login Endpoint </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/login</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">schemas</span><span class="p">.</span><span class="n">Token</span><span class="p">)</span> <span class="k">def</span> <span class="nf">login</span><span class="p">(</span><span class="n">credentials</span><span class="p">:</span> <span class="n">schemas</span><span class="p">.</span><span class="n">UserLogin</span><span class="p">,</span> <span class="n">db</span><span class="p">:</span> <span class="n">Session</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">)):</span> <span class="c1"># Find user </span> <span class="n">user</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">User</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span> <span class="n">models</span><span class="p">.</span><span class="n">User</span><span class="p">.</span><span class="n">username</span> <span class="o">==</span> <span class="n">credentials</span><span class="p">.</span><span class="n">username</span> <span class="p">).</span><span class="nf">first</span><span class="p">()</span> <span class="c1"># Verify user exists AND password correct </span> <span class="k">if</span> <span class="ow">not</span> <span class="n">user</span> <span class="ow">or</span> <span class="ow">not</span> <span class="nf">verify_password</span><span class="p">(</span><span class="n">credentials</span><span class="p">.</span><span class="n">password</span><span class="p">,</span> <span class="n">user</span><span class="p">.</span><span class="n">hashed_password</span><span class="p">):</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="n">status_code</span><span class="o">=</span><span class="mi">401</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Invalid credentials</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Create token </span> <span class="n">token</span> <span class="o">=</span> <span class="nf">create_access_token</span><span class="p">({</span><span class="sh">"</span><span class="s">sub</span><span class="sh">"</span><span class="p">:</span> <span class="n">user</span><span class="p">.</span><span class="n">username</span><span class="p">})</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">access_token</span><span class="sh">"</span><span class="p">:</span> <span class="n">token</span><span class="p">,</span> <span class="sh">"</span><span class="s">token_type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">bearer</span><span class="sh">"</span><span class="p">}</span> </code></pre> </div> <p><strong>Security best practices:</strong></p> <p><strong>1. Generic error messages:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># BAD - tells attacker what's wrong </span><span class="k">if</span> <span class="ow">not</span> <span class="n">user</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Username not found</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="nf">verify_password</span><span class="p">(...):</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Wrong password</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># GOOD - same error for both </span><span class="k">if</span> <span class="ow">not</span> <span class="n">user</span> <span class="ow">or</span> <span class="ow">not</span> <span class="nf">verify_password</span><span class="p">(...):</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Invalid credentials</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>2. Always verify password:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Check both conditions together </span><span class="k">if</span> <span class="ow">not</span> <span class="n">user</span> <span class="ow">or</span> <span class="ow">not</span> <span class="nf">verify_password</span><span class="p">(</span><span class="n">credentials</span><span class="p">.</span><span class="n">password</span><span class="p">,</span> <span class="n">user</span><span class="p">.</span><span class="n">hashed_password</span><span class="p">):</span> </code></pre> </div> <p>This prevents timing attacks (where attacker can tell if username exists based on response time).</p> <h3> Step 12: Protected Routes </h3> <p><strong>Update <code>routers/tasks_router.py</code>:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">schemas</span><span class="p">.</span><span class="n">TaskResponse</span><span class="p">)</span> <span class="k">def</span> <span class="nf">create_task</span><span class="p">(</span> <span class="n">task</span><span class="p">:</span> <span class="n">schemas</span><span class="p">.</span><span class="n">TaskCreate</span><span class="p">,</span> <span class="n">db</span><span class="p">:</span> <span class="n">Session</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">),</span> <span class="n">current_user</span><span class="p">:</span> <span class="n">models</span><span class="p">.</span><span class="n">User</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_current_user</span><span class="p">)</span> <span class="c1"># 🔒 Requires auth! </span><span class="p">):</span> <span class="n">new_task</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">Task</span><span class="p">(</span> <span class="n">title</span><span class="o">=</span><span class="n">task</span><span class="p">.</span><span class="n">title</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="n">task</span><span class="p">.</span><span class="n">description</span><span class="p">,</span> <span class="n">owner_id</span><span class="o">=</span><span class="n">current_user</span><span class="p">.</span><span class="nb">id</span> <span class="c1"># Assign to current user </span> <span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">new_task</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="n">db</span><span class="p">.</span><span class="nf">refresh</span><span class="p">(</span><span class="n">new_task</span><span class="p">)</span> <span class="k">return</span> <span class="n">new_task</span> </code></pre> </div> <p><strong>What <code>Depends(get_current_user)</code> does:</strong></p> <ol> <li>Extract token from Authorization header</li> <li>Decode and validate token</li> <li>Look up user in database</li> <li>Return user object</li> <li>If any step fails → 401 Unauthorized</li> </ol> <p><strong>User isolation:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">List</span><span class="p">[</span><span class="n">schemas</span><span class="p">.</span><span class="n">TaskResponse</span><span class="p">])</span> <span class="k">def</span> <span class="nf">get_tasks</span><span class="p">(</span> <span class="n">db</span><span class="p">:</span> <span class="n">Session</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">),</span> <span class="n">current_user</span><span class="p">:</span> <span class="n">models</span><span class="p">.</span><span class="n">User</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_current_user</span><span class="p">)</span> <span class="p">):</span> <span class="c1"># Only return current user's tasks! </span> <span class="n">tasks</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span> <span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">.</span><span class="n">owner_id</span> <span class="o">==</span> <span class="n">current_user</span><span class="p">.</span><span class="nb">id</span> <span class="p">).</span><span class="nf">all</span><span class="p">()</span> <span class="k">return</span> <span class="n">tasks</span> </code></pre> </div> <p><strong>SQL equivalent:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">tasks</span> <span class="k">WHERE</span> <span class="n">owner_id</span> <span class="o">=</span> <span class="k">current_user</span><span class="p">.</span><span class="n">id</span><span class="p">;</span> </code></pre> </div> <p><strong>Why this matters:</strong></p> <ul> <li>Alice (user id=1) calls GET /tasks</li> <li>Query: <code>WHERE owner_id = 1</code> </li> <li><p>Only Alice's tasks returned</p></li> <li><p>Bob (user id=2) calls GET /tasks </p></li> <li><p>Query: <code>WHERE owner_id = 2</code></p></li> <li><p>Only Bob's tasks returned</p></li> </ul> <p><strong>Perfect isolation!</strong></p> <h3> Step 13: Complete Flow Example </h3> <p><strong>User journey:</strong></p> <p><strong>1. Register:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>POST /auth/register <span class="o">{</span> <span class="s2">"username"</span>: <span class="s2">"archi"</span>, <span class="s2">"email"</span>: <span class="s2">"archi@example.com"</span>, <span class="s2">"password"</span>: <span class="s2">"securepass123"</span> <span class="o">}</span> Response: <span class="o">{</span> <span class="s2">"id"</span>: <span class="s2">"uuid-here"</span>, <span class="s2">"username"</span>: <span class="s2">"archi"</span>, <span class="s2">"email"</span>: <span class="s2">"archi@example.com"</span>, <span class="s2">"is_active"</span>: <span class="nb">true</span>, <span class="s2">"created_at"</span>: <span class="s2">"2026-03-05T..."</span> <span class="o">}</span> </code></pre> </div> <p><strong>2. Login:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>POST /auth/login <span class="o">{</span> <span class="s2">"username"</span>: <span class="s2">"archi"</span>, <span class="s2">"password"</span>: <span class="s2">"securepass123"</span> <span class="o">}</span> Response: <span class="o">{</span> <span class="s2">"access_token"</span>: <span class="s2">"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."</span>, <span class="s2">"token_type"</span>: <span class="s2">"bearer"</span> <span class="o">}</span> </code></pre> </div> <p><strong>3. Create task (with token):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>POST /tasks/ Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... <span class="o">{</span> <span class="s2">"title"</span>: <span class="s2">"My Task"</span>, <span class="s2">"description"</span>: <span class="s2">"Only I can see this"</span> <span class="o">}</span> Response: <span class="o">{</span> <span class="s2">"id"</span>: <span class="s2">"task-uuid"</span>, <span class="s2">"title"</span>: <span class="s2">"My Task"</span>, <span class="s2">"owner_id"</span>: <span class="s2">"archi-uuid"</span>, ← Automatically <span class="nb">set</span><span class="o">!</span> ... <span class="o">}</span> </code></pre> </div> <p><strong>4. Try without token (fails):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>POST /tasks/ <span class="o">{</span> <span class="s2">"title"</span>: <span class="s2">"Unauthorized"</span> <span class="o">}</span> Response: 401 Unauthorized <span class="o">{</span> <span class="s2">"detail"</span>: <span class="s2">"Not authenticated"</span> <span class="o">}</span> </code></pre> </div> <h2> Testing the Authentication </h2> <h3> Using cURL </h3> <p><strong>Register:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST <span class="s2">"http://localhost:8000/auth/register"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"username":"archi","email":"archi@example.com","password":"test1234"}'</span> </code></pre> </div> <p><strong>Login:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST <span class="s2">"http://localhost:8000/auth/login"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"username":"archi","password":"test1234"}'</span> </code></pre> </div> <p>Copy the <code>access_token</code> from response.</p> <p><strong>Create task with token:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST <span class="s2">"http://localhost:8000/tasks/"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer YOUR_TOKEN_HERE"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"title":"Authenticated Task","description":"With JWT"}'</span> </code></pre> </div> <h3> Using Interactive Docs </h3> <ol> <li>Go to <a href="http://localhost:8000/docs" rel="noopener noreferrer">http://localhost:8000/docs</a> </li> <li>Click "Authorize" button (🔓 icon)</li> <li>Click "POST /auth/login"</li> <li>Enter username and password</li> <li>Click "Try it out" → "Execute"</li> <li>Copy the <code>access_token</code> </li> <li>Click "Authorize" button again</li> <li>Paste token (will auto-add "Bearer ")</li> <li>Click "Authorize"</li> <li>Now all endpoints show 🔒 (locked/authorized)</li> <li>Try creating tasks - they'll be yours!</li> </ol> <h2> Security Considerations </h2> <h3> What We Did Right </h3> <p>✅ <strong>Password hashing</strong> - Never store plain text<br><br> ✅ <strong>Token expiration</strong> - Tokens expire after 30 min<br><br> ✅ <strong>Generic errors</strong> - Don't leak info to attackers<br><br> ✅ <strong>User isolation</strong> - Can't access others' data<br><br> ✅ <strong>Environment variables</strong> - Secrets not in code </p> <h3> What Could Be Improved (Future) </h3> <p><strong>1. Refresh tokens:</strong></p> <ul> <li>Access token expires quickly (30 min)</li> <li>Refresh token lasts longer (7 days)</li> <li>Use refresh to get new access token</li> </ul> <p><strong>2. Password strength validation:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">re</span> <span class="k">def</span> <span class="nf">validate_password</span><span class="p">(</span><span class="n">password</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="k">if</span> <span class="nf">len</span><span class="p">(</span><span class="n">password</span><span class="p">)</span> <span class="o">&lt;</span> <span class="mi">8</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span><span class="sh">"</span><span class="s">Too short</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">re</span><span class="p">.</span><span class="nf">search</span><span class="p">(</span><span class="sa">r</span><span class="sh">"</span><span class="s">[A-Z]</span><span class="sh">"</span><span class="p">,</span> <span class="n">password</span><span class="p">):</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span><span class="sh">"</span><span class="s">Need uppercase</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">re</span><span class="p">.</span><span class="nf">search</span><span class="p">(</span><span class="sa">r</span><span class="sh">"</span><span class="s">[0-9]</span><span class="sh">"</span><span class="p">,</span> <span class="n">password</span><span class="p">):</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span><span class="sh">"</span><span class="s">Need number</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>3. Rate limiting:</strong></p> <ul> <li>Prevent brute force attacks</li> <li>Limit login attempts per IP</li> <li>Lock account after failures</li> </ul> <p><strong>4. Email verification:</strong></p> <ul> <li>Send confirmation email</li> <li>User must verify before login</li> </ul> <p><strong>5. Two-factor authentication (2FA):</strong></p> <ul> <li>SMS or authenticator app</li> <li>Extra security layer</li> </ul> <h2> Common Mistakes I Avoided </h2> <h3> Mistake 1: Storing Plain Text Passwords </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># NEVER DO THIS ❌ </span><span class="n">new_user</span> <span class="o">=</span> <span class="nc">User</span><span class="p">(</span> <span class="n">username</span><span class="o">=</span><span class="n">username</span><span class="p">,</span> <span class="n">password</span><span class="o">=</span><span class="n">password</span> <span class="c1"># Plain text! </span><span class="p">)</span> <span class="c1"># ALWAYS DO THIS ✅ </span><span class="n">new_user</span> <span class="o">=</span> <span class="nc">User</span><span class="p">(</span> <span class="n">username</span><span class="o">=</span><span class="n">username</span><span class="p">,</span> <span class="n">hashed_password</span><span class="o">=</span><span class="nf">get_password_hash</span><span class="p">(</span><span class="n">password</span><span class="p">)</span> <span class="p">)</span> </code></pre> </div> <h3> Mistake 2: Exposing Passwords in API </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># BAD ❌ </span><span class="k">class</span> <span class="nc">UserResponse</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">username</span><span class="p">:</span> <span class="nb">str</span> <span class="n">hashed_password</span><span class="p">:</span> <span class="nb">str</span> <span class="c1"># Exposed! </span> <span class="c1"># GOOD ✅ </span><span class="k">class</span> <span class="nc">UserResponse</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">username</span><span class="p">:</span> <span class="nb">str</span> <span class="c1"># No password field! </span></code></pre> </div> <h3> Mistake 3: Not Checking Task Ownership </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># BAD - Anyone can modify any task ❌ </span><span class="n">task</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">Task</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span><span class="n">Task</span><span class="p">.</span><span class="nb">id</span> <span class="o">==</span> <span class="n">task_id</span><span class="p">).</span><span class="nf">first</span><span class="p">()</span> <span class="c1"># GOOD - Only owner can modify ✅ </span><span class="n">task</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">Task</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span> <span class="n">Task</span><span class="p">.</span><span class="nb">id</span> <span class="o">==</span> <span class="n">task_id</span><span class="p">,</span> <span class="n">Task</span><span class="p">.</span><span class="n">owner_id</span> <span class="o">==</span> <span class="n">current_user</span><span class="p">.</span><span class="nb">id</span> <span class="p">).</span><span class="nf">first</span><span class="p">()</span> </code></pre> </div> <h3> Mistake 4: Hardcoding SECRET_KEY </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># BAD ❌ </span><span class="n">SECRET_KEY</span> <span class="o">=</span> <span class="sh">"</span><span class="s">my-secret-123</span><span class="sh">"</span> <span class="c1"># In code! </span> <span class="c1"># GOOD ✅ </span><span class="n">SECRET_KEY</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">"</span><span class="s">SECRET_KEY</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># From .env </span></code></pre> </div> <h2> What I Learned </h2> <h3> Technical Skills </h3> <p>✅ JWT token creation and validation<br><br> ✅ Password hashing with bcrypt<br><br> ✅ OAuth2 bearer token authentication<br><br> ✅ FastAPI security dependencies<br><br> ✅ SQLAlchemy relationships (one-to-many)<br><br> ✅ User isolation and authorization </p> <h3> Conceptual Understanding </h3> <p>✅ Authentication vs Authorization<br><br> ✅ Stateless vs Stateful sessions<br><br> ✅ Token-based auth advantages<br><br> ✅ Why never store plain text passwords<br><br> ✅ Salt and hashing concepts<br><br> ✅ Security best practices </p> <h3> Real-World Patterns </h3> <p>✅ Multi-user application architecture<br><br> ✅ Router organization and modularity<br><br> ✅ Environment-based configuration<br><br> ✅ Error handling that doesn't leak info </p> <h2> The "Aha!" Moments </h2> <p><strong>1. JWT is self-contained</strong><br> No database lookup needed to validate! The signature proves authenticity.</p> <p><strong>2. Bcrypt handles salt automatically</strong><br> Don't need to generate/store salt separately. It's in the hash!</p> <p><strong>3. Dependency injection is powerful</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">current_user</span><span class="p">:</span> <span class="n">User</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_current_user</span><span class="p">)</span> </code></pre> </div> <p>One line gets authenticated user in every route!</p> <p><strong>4. Relationships simplify queries</strong><br> Instead of manual joins, just <code>user.tasks</code> or <code>task.owner</code>.</p> <h2> Next Steps </h2> <p>Next improvements I want to add:</p> <ul> <li>Refresh tokens</li> <li>Pagination for tasks</li> <li>Password strength validation</li> <li>Email verification</li> <li>Role-based authorization</li> </ul> <p>But today? Today I celebrate building a <strong>secure, multi-user API</strong> that could actually go to production! 🎉</p> <h2> Resources That Helped </h2> <ul> <li><a href="https://fastapi.tiangolo.com/tutorial/security/" rel="noopener noreferrer">FastAPI Security Documentation</a></li> <li> <a href="https://jwt.io/" rel="noopener noreferrer">JWT.io</a> - JWT debugger</li> <li><a href="https://cheatsheetsecurity.blogspot.com/2013/09/how-to-store-passwords-safely-cheat.html" rel="noopener noreferrer">OWASP Password Storage Cheat Sheet</a></li> </ul> <h2> Full Code </h2> <p>Complete code on GitHub:<br> <a href="https://github.com/archi-jain/100-days-of-python/tree/main/days/003" rel="noopener noreferrer">100-days-of-python/days/003</a></p> <p><strong>Time Investment:</strong> 3 hours<br><br> <strong>Knowledge Gained:</strong> Production authentication skills<br><br> <strong>Feeling:</strong> Like I can build secure systems 🔐</p> <p><strong>Day 3/100 complete!</strong> ✅</p> <p>Tomorrow: Advanced features (filtering, search, pagination)</p> <p><em>Following my journey?</em><br><br> 📝 <a href="https://dev.to/archijain">Blog</a> | đŸĻ <a href="https://x.com/ArchiLearns" rel="noopener noreferrer">Twitter</a> | đŸ’ŧ <a href="https://www.linkedin.com/in/archijain19/" rel="noopener noreferrer">LinkedIn</a></p> <p><strong>Tags:</strong> #100DaysOfCode #Python #FastAPI #JWT #Authentication #Security #BackendDevelopment #OAuth2 #PasswordHashing #LearningInPublic</p> 100daysofcode python fastapi jwt Day 2/100: From In-Memory to PostgreSQL - Database Integration with SQLAlchemy archi-jain Thu, 05 Mar 2026 08:28:49 +0000 https://dev.to/archijain/day-2100-from-in-memory-to-postgresql-database-integration-with-sqlalchemy-2j89 https://dev.to/archijain/day-2100-from-in-memory-to-postgresql-database-integration-with-sqlalchemy-2j89 <blockquote> <p>Part of my 100 Days of Code journey. Yesterday I built a REST API. Today I make it real.</p> </blockquote> <h2> The Challenge </h2> <p>Take the Task Management API from Day 1 and upgrade it from in-memory storage to a production-ready PostgreSQL database using SQLAlchemy ORM.</p> <p><strong>The Problem:</strong> In-memory storage disappears when the server restarts. Not exactly production-ready.</p> <p><strong>The Solution:</strong> Integrate PostgreSQL with proper ORM patterns, session management, and environment configuration.</p> <h2> Why Databases Matter </h2> <p>Let me be blunt: <strong>your API is useless without persistent storage.</strong></p> <p>Day 1's in-memory dictionary was perfect for learning HTTP and REST patterns. But the moment you restart your server, <em>poof</em>—all data gone. That's not an API. That's a expensive notepad.</p> <p>Today, we fix that.</p> <h2> What We're Building </h2> <p>We're keeping all the functionality from Day 1:</p> <ul> <li>Create, read, update, delete tasks</li> <li>Mark tasks complete/incomplete</li> <li>Proper error handling</li> </ul> <p>But now with:</p> <ul> <li>✅ Data that survives server restarts</li> <li>✅ Scalable database architecture</li> <li>✅ Production-ready patterns</li> <li>✅ Environment-based configuration</li> </ul> <h2> Technology Stack </h2> <p><strong>Database:</strong> PostgreSQL 15<br><br> <strong>ORM:</strong> SQLAlchemy<br><br> <strong>Environment Config:</strong> python-dotenv<br><br> <strong>Database Driver:</strong> psycopg2</p> <h2> Step-by-Step Implementation </h2> <h3> Step 1: Installing PostgreSQL </h3> <p>I used Docker because it's the easiest way to get PostgreSQL running without cluttering my system:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">--name</span> postgres-tasks <span class="se">\</span> <span class="nt">-e</span> <span class="nv">POSTGRES_USER</span><span class="o">=</span>postgres <span class="se">\</span> <span class="nt">-e</span> <span class="nv">POSTGRES_PASSWORD</span><span class="o">=</span>postgres <span class="se">\</span> <span class="nt">-e</span> <span class="nv">POSTGRES_DB</span><span class="o">=</span>tasks_db <span class="se">\</span> <span class="nt">-p</span> 5432:5432 <span class="se">\</span> <span class="nt">-d</span> postgres:15 </code></pre> </div> <p><strong>What this does:</strong></p> <ul> <li>Creates a PostgreSQL container named <code>postgres-tasks</code> </li> <li>Sets up a database called <code>tasks_db</code> </li> <li>Exposes it on port 5432 (PostgreSQL default)</li> <li>Runs in detached mode (background)</li> </ul> <p><strong>Verify it's running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker ps </code></pre> </div> <p>You should see your postgres-tasks container running.</p> <h3> Step 2: Installing Python Dependencies </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>sqlalchemy psycopg2-binary python-dotenv </code></pre> </div> <p><strong>Package purposes:</strong></p> <ul> <li> <code>sqlalchemy</code>: The ORM that converts Python to SQL</li> <li> <code>psycopg2-binary</code>: PostgreSQL adapter (connects Python to PostgreSQL)</li> <li> <code>python-dotenv</code>: Loads environment variables from <code>.env</code> files</li> </ul> <h3> Step 3: Project Structure </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>days/002/ ├── database.py # Database connection setup ├── models.py # SQLAlchemy ORM models ├── schemas.py # Pydantic models (API validation) ├── main.py # FastAPI application ├── .env # Environment variables (DON'T COMMIT!) └── requirements.txt </code></pre> </div> <h3> Step 4: Environment Configuration </h3> <p>Create <code>.env</code> file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>DATABASE_URL=postgresql://postgres:postgres@localhost:5432/tasks_db </code></pre> </div> <p><strong>Breaking down the URL:</strong></p> <ul> <li> <code>postgresql://</code> - Database type</li> <li> <code>postgres:postgres</code> - username:password</li> <li> <code>@localhost:5432</code> - host:port</li> <li> <code>/tasks_db</code> - database name</li> </ul> <p><strong>Security Note:</strong> Never commit <code>.env</code> files! Add to <code>.gitignore</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">echo</span> <span class="s2">".env"</span> <span class="o">&gt;&gt;</span> .gitignore </code></pre> </div> <h3> Step 5: Database Connection Setup </h3> <p>Create <code>database.py</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">sqlalchemy</span> <span class="kn">import</span> <span class="n">create_engine</span> <span class="kn">from</span> <span class="n">sqlalchemy.ext.declarative</span> <span class="kn">import</span> <span class="n">declarative_base</span> <span class="kn">from</span> <span class="n">sqlalchemy.orm</span> <span class="kn">import</span> <span class="n">sessionmaker</span> <span class="kn">import</span> <span class="n">os</span> <span class="kn">from</span> <span class="n">dotenv</span> <span class="kn">import</span> <span class="n">load_dotenv</span> <span class="nf">load_dotenv</span><span class="p">()</span> <span class="n">DATABASE_URL</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">"</span><span class="s">DATABASE_URL</span><span class="sh">"</span><span class="p">)</span> <span class="n">engine</span> <span class="o">=</span> <span class="nf">create_engine</span><span class="p">(</span> <span class="n">DATABASE_URL</span><span class="p">,</span> <span class="n">pool_pre_ping</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">echo</span><span class="o">=</span><span class="bp">True</span> <span class="p">)</span> <span class="n">SessionLocal</span> <span class="o">=</span> <span class="nf">sessionmaker</span><span class="p">(</span><span class="n">autocommit</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">autoflush</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">bind</span><span class="o">=</span><span class="n">engine</span><span class="p">)</span> <span class="n">Base</span> <span class="o">=</span> <span class="nf">declarative_base</span><span class="p">()</span> <span class="k">def</span> <span class="nf">get_db</span><span class="p">():</span> <span class="n">db</span> <span class="o">=</span> <span class="nc">SessionLocal</span><span class="p">()</span> <span class="k">try</span><span class="p">:</span> <span class="k">yield</span> <span class="n">db</span> <span class="k">finally</span><span class="p">:</span> <span class="n">db</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> </code></pre> </div> <p><strong>Understanding each part:</strong></p> <p><strong>create_engine:</strong></p> <ul> <li>Creates a connection pool to the database</li> <li> <code>pool_pre_ping=True</code>: Checks connections before using (prevents stale connections)</li> <li> <code>echo=True</code>: Logs all SQL queries (great for learning, remove in production)</li> </ul> <p><strong>SessionLocal:</strong></p> <ul> <li>Factory for creating database sessions</li> <li>A session is like a workspace for database operations</li> <li> <code>autocommit=False</code>: We control when to save changes</li> <li> <code>autoflush=False</code>: We control when to send changes to database</li> </ul> <p><strong>Base:</strong></p> <ul> <li>Base class that all our models inherit from</li> <li>SQLAlchemy uses this to track all models</li> </ul> <p><strong>get_db() function:</strong></p> <ul> <li>FastAPI dependency that provides database sessions</li> <li> <code>yield</code> gives the session to the route</li> <li> <code>finally</code> ensures session always closes (even on errors)</li> </ul> <p>This pattern is <strong>crucial</strong> - it prevents database connection leaks.</p> <h3> Step 6: Creating the Database Model </h3> <p>Create <code>models.py</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">sqlalchemy</span> <span class="kn">import</span> <span class="n">Column</span><span class="p">,</span> <span class="n">String</span><span class="p">,</span> <span class="n">Boolean</span><span class="p">,</span> <span class="n">DateTime</span> <span class="kn">from</span> <span class="n">sqlalchemy.dialects.postgresql</span> <span class="kn">import</span> <span class="n">UUID</span> <span class="kn">from</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">uuid</span> <span class="kn">from</span> <span class="n">database</span> <span class="kn">import</span> <span class="n">Base</span> <span class="k">class</span> <span class="nc">Task</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">tasks</span><span class="sh">"</span> <span class="nb">id</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="n">primary_key</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">uuid</span><span class="p">.</span><span class="n">uuid4</span><span class="p">)</span> <span class="n">title</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">100</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">description</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">500</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">completed</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="n">Boolean</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">created_at</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="n">DateTime</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">datetime</span><span class="p">.</span><span class="n">utcnow</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">updated_at</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="n">DateTime</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">datetime</span><span class="p">.</span><span class="n">utcnow</span><span class="p">,</span> <span class="n">onupdate</span><span class="o">=</span><span class="n">datetime</span><span class="p">.</span><span class="n">utcnow</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="k">def</span> <span class="nf">__repr__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">&lt;Task(id=</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="nb">id</span><span class="si">}</span><span class="s">, title=</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">title</span><span class="si">}</span><span class="s">)&gt;</span><span class="sh">"</span> </code></pre> </div> <p><strong>Deep dive into the model:</strong></p> <p><strong><strong>tablename</strong> = "tasks":</strong></p> <ul> <li>Tells SQLAlchemy what to name the database table</li> </ul> <p><strong>id Column:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nc">Column</span><span class="p">(</span><span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="n">primary_key</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">uuid</span><span class="p">.</span><span class="n">uuid4</span><span class="p">)</span> </code></pre> </div> <ul> <li> <code>UUID(as_uuid=True)</code>: Uses PostgreSQL's native UUID type</li> <li> <code>primary_key=True</code>: This column uniquely identifies each row</li> <li> <code>default=uuid.uuid4</code>: Auto-generates UUID when creating new tasks</li> </ul> <p><strong>Why UUIDs over integers?</strong></p> <ul> <li>Globally unique (can merge databases without ID conflicts)</li> <li>Hard to guess (security)</li> <li>Can generate client-side</li> <li>Better for distributed systems</li> </ul> <p><strong>title and description:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nc">Column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">100</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="nc">Column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">500</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <ul> <li> <code>String(100)</code>: Maximum 100 characters</li> <li> <code>nullable=False</code>: Required field</li> <li> <code>nullable=True</code>: Optional field</li> </ul> <p><strong>completed:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nc">Column</span><span class="p">(</span><span class="n">Boolean</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> </code></pre> </div> <ul> <li>Boolean type (true/false)</li> <li>Defaults to False (new tasks are incomplete)</li> <li>Cannot be null</li> </ul> <p><strong>Timestamps:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">created_at</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="n">DateTime</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">datetime</span><span class="p">.</span><span class="n">utcnow</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">updated_at</span> <span class="o">=</span> <span class="nc">Column</span><span class="p">(</span><span class="n">DateTime</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">datetime</span><span class="p">.</span><span class="n">utcnow</span><span class="p">,</span> <span class="n">onupdate</span><span class="o">=</span><span class="n">datetime</span><span class="p">.</span><span class="n">utcnow</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> </code></pre> </div> <ul> <li> <code>default=datetime.utcnow</code>: Sets timestamp when task created</li> <li> <code>onupdate=datetime.utcnow</code>: Auto-updates timestamp on any modification</li> <li>Always use UTC in databases! Convert to local time in the frontend</li> </ul> <p><strong><strong>repr</strong> method:</strong></p> <ul> <li>Defines how the object appears when printed</li> <li>Useful for debugging</li> <li>Example: <code>&lt;Task(id=uuid, title="Learn FastAPI")&gt;</code> </li> </ul> <h3> Step 7: Pydantic Schemas </h3> <p>Create <code>schemas.py</code> (similar to Day 1, but with one important change):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">pydantic</span> <span class="kn">import</span> <span class="n">BaseModel</span><span class="p">,</span> <span class="n">Field</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Optional</span> <span class="kn">from</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">datetime</span> <span class="kn">from</span> <span class="n">uuid</span> <span class="kn">import</span> <span class="n">UUID</span> <span class="k">class</span> <span class="nc">TaskCreate</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">title</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(...,</span> <span class="n">max_length</span><span class="o">=</span><span class="mi">100</span><span class="p">)</span> <span class="n">description</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(</span><span class="bp">None</span><span class="p">,</span> <span class="n">max_length</span><span class="o">=</span><span class="mi">500</span><span class="p">)</span> <span class="k">class</span> <span class="nc">TaskUpdate</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">title</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(</span><span class="bp">None</span><span class="p">,</span> <span class="n">max_length</span><span class="o">=</span><span class="mi">100</span><span class="p">)</span> <span class="n">description</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(</span><span class="bp">None</span><span class="p">,</span> <span class="n">max_length</span><span class="o">=</span><span class="mi">500</span><span class="p">)</span> <span class="k">class</span> <span class="nc">TaskResponse</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="nb">id</span><span class="p">:</span> <span class="n">UUID</span> <span class="n">title</span><span class="p">:</span> <span class="nb">str</span> <span class="n">description</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="n">completed</span><span class="p">:</span> <span class="nb">bool</span> <span class="n">created_at</span><span class="p">:</span> <span class="n">datetime</span> <span class="n">updated_at</span><span class="p">:</span> <span class="n">datetime</span> <span class="k">class</span> <span class="nc">Config</span><span class="p">:</span> <span class="n">from_attributes</span> <span class="o">=</span> <span class="bp">True</span> </code></pre> </div> <p><strong>The critical addition:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Config</span><span class="p">:</span> <span class="n">from_attributes</span> <span class="o">=</span> <span class="bp">True</span> </code></pre> </div> <p>This tells Pydantic to convert SQLAlchemy model objects to Pydantic models.</p> <p><strong>Why do we need both models.py and schemas.py?</strong></p> <ul> <li> <code>models.py</code> (SQLAlchemy): Defines database structure</li> <li> <code>schemas.py</code> (Pydantic): Defines API structure</li> </ul> <p>They're similar but serve different purposes:</p> <ul> <li>SQLAlchemy talks to the database</li> <li>Pydantic validates API requests/responses</li> </ul> <h3> Step 8: Creating the FastAPI Application </h3> <p>Create <code>main.py</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">FastAPI</span><span class="p">,</span> <span class="n">HTTPException</span><span class="p">,</span> <span class="n">status</span><span class="p">,</span> <span class="n">Depends</span> <span class="kn">from</span> <span class="n">sqlalchemy.orm</span> <span class="kn">import</span> <span class="n">Session</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">List</span> <span class="kn">from</span> <span class="n">uuid</span> <span class="kn">import</span> <span class="n">UUID</span> <span class="kn">import</span> <span class="n">models</span> <span class="kn">import</span> <span class="n">schemas</span> <span class="kn">from</span> <span class="n">database</span> <span class="kn">import</span> <span class="n">engine</span><span class="p">,</span> <span class="n">get_db</span> <span class="c1"># Create all tables </span><span class="n">models</span><span class="p">.</span><span class="n">Base</span><span class="p">.</span><span class="n">metadata</span><span class="p">.</span><span class="nf">create_all</span><span class="p">(</span><span class="n">bind</span><span class="o">=</span><span class="n">engine</span><span class="p">)</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">(</span> <span class="n">title</span><span class="o">=</span><span class="sh">"</span><span class="s">Task Management API with PostgreSQL</span><span class="sh">"</span><span class="p">,</span> <span class="n">version</span><span class="o">=</span><span class="sh">"</span><span class="s">2.0.0</span><span class="sh">"</span> <span class="p">)</span> <span class="nd">@app.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">schemas</span><span class="p">.</span><span class="n">TaskResponse</span><span class="p">,</span> <span class="n">status_code</span><span class="o">=</span><span class="n">status</span><span class="p">.</span><span class="n">HTTP_201_CREATED</span><span class="p">)</span> <span class="k">def</span> <span class="nf">create_task</span><span class="p">(</span><span class="n">task</span><span class="p">:</span> <span class="n">schemas</span><span class="p">.</span><span class="n">TaskCreate</span><span class="p">,</span> <span class="n">db</span><span class="p">:</span> <span class="n">Session</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">)):</span> <span class="n">new_task</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">Task</span><span class="p">(</span> <span class="n">title</span><span class="o">=</span><span class="n">task</span><span class="p">.</span><span class="n">title</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="n">task</span><span class="p">.</span><span class="n">description</span> <span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">new_task</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="n">db</span><span class="p">.</span><span class="nf">refresh</span><span class="p">(</span><span class="n">new_task</span><span class="p">)</span> <span class="k">return</span> <span class="n">new_task</span> </code></pre> </div> <p><strong>Let's break down the create endpoint:</strong></p> <p><strong>1. Function signature:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">create_task</span><span class="p">(</span><span class="n">task</span><span class="p">:</span> <span class="n">schemas</span><span class="p">.</span><span class="n">TaskCreate</span><span class="p">,</span> <span class="n">db</span><span class="p">:</span> <span class="n">Session</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">)):</span> </code></pre> </div> <ul> <li> <code>task: schemas.TaskCreate</code>: FastAPI auto-validates request body</li> <li> <code>db: Session = Depends(get_db)</code>: FastAPI injects database session</li> </ul> <p><strong>2. Creating the model instance:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">new_task</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">Task</span><span class="p">(</span> <span class="n">title</span><span class="o">=</span><span class="n">task</span><span class="p">.</span><span class="n">title</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="n">task</span><span class="p">.</span><span class="n">description</span> <span class="p">)</span> </code></pre> </div> <ul> <li>Creates SQLAlchemy Task object</li> <li>Note: We DON'T set id, created_at, updated_at, completed</li> <li>Those are auto-generated by the database!</li> </ul> <p><strong>3. Saving to database:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">new_task</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="n">db</span><span class="p">.</span><span class="nf">refresh</span><span class="p">(</span><span class="n">new_task</span><span class="p">)</span> </code></pre> </div> <ul> <li> <code>db.add()</code>: Stages the task for insertion</li> <li> <code>db.commit()</code>: Actually saves to database</li> <li> <code>db.refresh()</code>: Fetches auto-generated values (id, timestamps)</li> </ul> <p><strong>Why three separate calls?</strong></p> <ul> <li>Allows batching multiple operations</li> <li>Can rollback before commit if needed</li> <li>Refresh gets database-generated values</li> </ul> <p><strong>4. Returning the task:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">return</span> <span class="n">new_task</span> </code></pre> </div> <p>FastAPI automatically:</p> <ul> <li>Converts SQLAlchemy model to Pydantic schema</li> <li>Serializes to JSON</li> <li>Sets proper Content-Type header</li> </ul> <h3> The Other Endpoints </h3> <p><strong>Get All Tasks:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">List</span><span class="p">[</span><span class="n">schemas</span><span class="p">.</span><span class="n">TaskResponse</span><span class="p">])</span> <span class="k">def</span> <span class="nf">get_tasks</span><span class="p">(</span><span class="n">skip</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="mi">0</span><span class="p">,</span> <span class="n">limit</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="mi">100</span><span class="p">,</span> <span class="n">db</span><span class="p">:</span> <span class="n">Session</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">)):</span> <span class="n">tasks</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">).</span><span class="nf">offset</span><span class="p">(</span><span class="n">skip</span><span class="p">).</span><span class="nf">limit</span><span class="p">(</span><span class="n">limit</span><span class="p">).</span><span class="nf">all</span><span class="p">()</span> <span class="k">return</span> <span class="n">tasks</span> </code></pre> </div> <p><strong>Understanding the query:</strong></p> <ul> <li> <code>db.query(models.Task)</code>: Start building a query</li> <li> <code>.offset(skip)</code>: Skip first N records (pagination)</li> <li> <code>.limit(limit)</code>: Return max N records</li> <li> <code>.all()</code>: Execute query, return all results</li> </ul> <p><strong>SQL equivalent:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">tasks</span> <span class="k">OFFSET</span> <span class="mi">0</span> <span class="k">LIMIT</span> <span class="mi">100</span><span class="p">;</span> </code></pre> </div> <p><strong>Get Single Task:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks/{task_id}</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">schemas</span><span class="p">.</span><span class="n">TaskResponse</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_task</span><span class="p">(</span><span class="n">task_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">,</span> <span class="n">db</span><span class="p">:</span> <span class="n">Session</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">)):</span> <span class="n">task</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">.</span><span class="nb">id</span> <span class="o">==</span> <span class="n">task_id</span><span class="p">).</span><span class="nf">first</span><span class="p">()</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">task</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="n">status_code</span><span class="o">=</span><span class="mi">404</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Task not found</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">task</span> </code></pre> </div> <p><strong>Query breakdown:</strong></p> <ul> <li> <code>.filter(models.Task.id == task_id)</code>: WHERE clause</li> <li> <code>.first()</code>: Returns first result or None</li> </ul> <p><strong>SQL equivalent:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">tasks</span> <span class="k">WHERE</span> <span class="n">id</span> <span class="o">=</span> <span class="s1">'some-uuid'</span> <span class="k">LIMIT</span> <span class="mi">1</span><span class="p">;</span> </code></pre> </div> <p><strong>Update Task:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.put</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks/{task_id}</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">schemas</span><span class="p">.</span><span class="n">TaskResponse</span><span class="p">)</span> <span class="k">def</span> <span class="nf">update_task</span><span class="p">(</span><span class="n">task_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">,</span> <span class="n">task_update</span><span class="p">:</span> <span class="n">schemas</span><span class="p">.</span><span class="n">TaskUpdate</span><span class="p">,</span> <span class="n">db</span><span class="p">:</span> <span class="n">Session</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">)):</span> <span class="n">task</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">.</span><span class="nb">id</span> <span class="o">==</span> <span class="n">task_id</span><span class="p">).</span><span class="nf">first</span><span class="p">()</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">task</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="n">status_code</span><span class="o">=</span><span class="mi">404</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Task not found</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">task_update</span><span class="p">.</span><span class="n">title</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="n">task</span><span class="p">.</span><span class="n">title</span> <span class="o">=</span> <span class="n">task_update</span><span class="p">.</span><span class="n">title</span> <span class="k">if</span> <span class="n">task_update</span><span class="p">.</span><span class="n">description</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="n">task</span><span class="p">.</span><span class="n">description</span> <span class="o">=</span> <span class="n">task_update</span><span class="p">.</span><span class="n">description</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="n">db</span><span class="p">.</span><span class="nf">refresh</span><span class="p">(</span><span class="n">task</span><span class="p">)</span> <span class="k">return</span> <span class="n">task</span> </code></pre> </div> <p><strong>Why check <code>is not None</code>?</strong></p> <p>Consider this request:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"title"</span><span class="p">:</span><span class="w"> </span><span class="s2">"New Title"</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">description</span><span class="w"> </span><span class="err">not</span><span class="w"> </span><span class="err">sent</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>We want to update title but keep description unchanged.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="n">task_update</span><span class="p">.</span><span class="n">title</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="c1"># True </span> <span class="n">task</span><span class="p">.</span><span class="n">title</span> <span class="o">=</span> <span class="n">task_update</span><span class="p">.</span><span class="n">title</span> <span class="k">if</span> <span class="n">task_update</span><span class="p">.</span><span class="n">description</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="c1"># False </span> <span class="n">task</span><span class="p">.</span><span class="n">description</span> <span class="o">=</span> <span class="n">task_update</span><span class="p">.</span><span class="n">description</span> <span class="c1"># Skipped! </span></code></pre> </div> <p>This enables partial updates!</p> <p><strong>Delete Task:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.delete</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks/{task_id}</span><span class="sh">"</span><span class="p">,</span> <span class="n">status_code</span><span class="o">=</span><span class="n">status</span><span class="p">.</span><span class="n">HTTP_204_NO_CONTENT</span><span class="p">)</span> <span class="k">def</span> <span class="nf">delete_task</span><span class="p">(</span><span class="n">task_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">,</span> <span class="n">db</span><span class="p">:</span> <span class="n">Session</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">)):</span> <span class="n">task</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Task</span><span class="p">.</span><span class="nb">id</span> <span class="o">==</span> <span class="n">task_id</span><span class="p">).</span><span class="nf">first</span><span class="p">()</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">task</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="n">status_code</span><span class="o">=</span><span class="mi">404</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Task not found</span><span class="sh">"</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">delete</span><span class="p">(</span><span class="n">task</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="k">return</span> <span class="bp">None</span> </code></pre> </div> <p><strong>Why return None for 204?</strong></p> <ul> <li>HTTP 204 means "success, no content"</li> <li>Returning None tells FastAPI not to send a response body</li> <li>Still returns 204 status code</li> </ul> <h2> Testing the API </h2> <p><strong>Start the server:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>uvicorn main:app <span class="nt">--reload</span> </code></pre> </div> <p><strong>Create a task:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST <span class="s2">"http://localhost:8000/tasks"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"title": "Learn SQLAlchemy", "description": "Integrate PostgreSQL with FastAPI"}'</span> </code></pre> </div> <p><strong>The magic moment:</strong></p> <ol> <li>Stop the server (Ctrl+C)</li> <li>Start it again</li> <li>Get all tasks: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl http://localhost:8000/tasks </code></pre> </div> <p><strong>The task is still there!</strong> 🎉</p> <p>That's the power of persistent storage.</p> <h2> Checking the Database Directly </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker <span class="nb">exec</span> <span class="nt">-it</span> postgres-tasks psql <span class="nt">-U</span> postgres <span class="nt">-d</span> tasks_db SELECT <span class="k">*</span> FROM tasks<span class="p">;</span> </code></pre> </div> <p>You'll see your task with all columns:</p> <ul> <li>id (UUID)</li> <li>title</li> <li>description</li> <li>completed (false)</li> <li>created_at (timestamp)</li> <li>updated_at (timestamp)</li> </ul> <h2> Key Concepts Learned </h2> <h3> ORM (Object-Relational Mapping) </h3> <p><strong>Without ORM (raw SQL):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">"</span><span class="s">INSERT INTO tasks (title, description) VALUES (%s, %s)</span><span class="sh">"</span><span class="p">,</span> <span class="p">(</span><span class="n">title</span><span class="p">,</span> <span class="n">desc</span><span class="p">))</span> </code></pre> </div> <p><strong>With ORM:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">new_task</span> <span class="o">=</span> <span class="nc">Task</span><span class="p">(</span><span class="n">title</span><span class="o">=</span><span class="n">title</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="n">desc</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">new_task</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> </code></pre> </div> <p><strong>Benefits:</strong></p> <ul> <li>Type-safe (Python catches errors before database does)</li> <li>Prevents SQL injection automatically</li> <li>Database-agnostic (can switch from PostgreSQL to MySQL)</li> <li>Easier to maintain and test</li> </ul> <h3> Database Sessions </h3> <p>Think of a session as a transaction workspace:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">db</span> <span class="o">=</span> <span class="nc">SessionLocal</span><span class="p">()</span> <span class="c1"># Open workspace </span><span class="k">try</span><span class="p">:</span> <span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">task1</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">task2</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="c1"># Save all changes </span><span class="k">except</span><span class="p">:</span> <span class="n">db</span><span class="p">.</span><span class="nf">rollback</span><span class="p">()</span> <span class="c1"># Undo all changes </span><span class="k">finally</span><span class="p">:</span> <span class="n">db</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="c1"># Clean up </span></code></pre> </div> <p>FastAPI's <code>Depends(get_db)</code> handles this automatically!</p> <h3> Connection Pooling </h3> <p>SQLAlchemy maintains a pool of database connections:</p> <ul> <li>Reuses connections (faster than creating new ones)</li> <li>Limits max connections (prevents overwhelming database)</li> <li>Auto-reconnects if connection dies</li> </ul> <p>All handled automatically by <code>create_engine()</code>.</p> <h2> Common Mistakes and How I Avoided Them </h2> <h3> Mistake 1: Not Closing Sessions </h3> <p><strong>Wrong:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">db</span> <span class="o">=</span> <span class="nc">SessionLocal</span><span class="p">()</span> <span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">task</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="c1"># Forgot to close! </span></code></pre> </div> <p><strong>Right (with Depends):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">create_task</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">Session</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">)):</span> <span class="c1"># Session auto-closes when function ends </span></code></pre> </div> <h3> Mistake 2: Forgetting to Commit </h3> <p><strong>Wrong:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">task</span><span class="p">)</span> <span class="k">return</span> <span class="n">task</span> <span class="c1"># Task not saved! </span></code></pre> </div> <p><strong>Right:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">task</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="c1"># Actually save </span><span class="n">db</span><span class="p">.</span><span class="nf">refresh</span><span class="p">(</span><span class="n">task</span><span class="p">)</span> <span class="c1"># Get auto-generated fields </span><span class="k">return</span> <span class="n">task</span> </code></pre> </div> <h3> Mistake 3: Hardcoding Database URL </h3> <p><strong>Wrong:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">DATABASE_URL</span> <span class="o">=</span> <span class="sh">"</span><span class="s">postgresql://user:pass@localhost/db</span><span class="sh">"</span> <span class="c1"># In code! </span></code></pre> </div> <p><strong>Right:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">DATABASE_URL</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">"</span><span class="s">DATABASE_URL</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># From .env </span></code></pre> </div> <p>Never commit credentials!</p> <h2> What I Learned Today </h2> <h3> Technical Skills: </h3> <p>✅ PostgreSQL setup and configuration<br><br> ✅ SQLAlchemy ORM models and relationships<br><br> ✅ Database session lifecycle management<br><br> ✅ Environment-based configuration<br><br> ✅ Query building with SQLAlchemy<br><br> ✅ UUID vs integer primary keys<br><br> ✅ Timestamp auto-management </p> <h3> Conceptual Understanding: </h3> <p>✅ Why ORMs exist and when to use them<br><br> ✅ Database connection pooling<br><br> ✅ Transaction management<br><br> ✅ The difference between staging and committing<br><br> ✅ Why sessions must be closed </p> <h3> Production Patterns: </h3> <p>✅ Environment variable configuration<br><br> ✅ Dependency injection for resources<br><br> ✅ Proper error handling<br><br> ✅ Security best practices (no hardcoded credentials) </p> <h2> The "Aha!" Moments </h2> <p><strong>1. Sessions are NOT connections</strong></p> <ul> <li>A session is a workspace for database operations</li> <li>Connections are managed by the engine's pool</li> <li>One session can use multiple connections</li> </ul> <p><strong>2. ORM saves so much boilerplate</strong></p> <ul> <li>No manual SQL string building</li> <li>No manual parameter binding</li> <li>Type checking at Python level</li> </ul> <p><strong>3. Dependency injection is elegant</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">my_route</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">Session</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">)):</span> </code></pre> </div> <p>That one line:</p> <ul> <li>Gets a database session</li> <li>Provides it to the function</li> <li>Ensures it's closed afterward</li> <li>Handles errors automatically</li> </ul> <p>Beautiful.</p> <h2> Next Steps </h2> <p>Tomorrow (Day 3), I'm planning to add:</p> <ul> <li>Advanced query features (filtering, searching)</li> <li>User model with relationships</li> <li>Authentication basics</li> </ul> <p>But today? Today I celebrate having a <strong>real, production-ready database</strong> powering my API. 🎉</p> <h2> Resources That Helped </h2> <ul> <li><a href="https://docs.sqlalchemy.org/" rel="noopener noreferrer">SQLAlchemy Documentation</a></li> <li><a href="https://fastapi.tiangolo.com/tutorial/sql-databases/" rel="noopener noreferrer">FastAPI Database Guide</a></li> <li><a href="https://www.postgresql.org/docs/" rel="noopener noreferrer">PostgreSQL Documentation</a></li> </ul> <h2> Full Code </h2> <p>Complete code available on GitHub:<br> <a href="https://github.com/archi-jain/100-days-of-python/tree/main/days/002" rel="noopener noreferrer">100-days-of-python/days/002</a></p> <p><strong>Time Investment:</strong> 2.5 hours<br><br> <strong>Knowledge Gained:</strong> Production database integration skills<br><br> <strong>Feeling:</strong> Like a real backend developer đŸ’Ē</p> <p><strong>Day 2/100 complete!</strong> ✅</p> <p>Tomorrow: Advanced queries and relationships</p> <p><em>Following my 100 Days journey?</em><br><br> 📝 <a href="https://dev.to/archijain">Blog</a> | đŸĻ <a href="https://x.com/ArchiLearns" rel="noopener noreferrer">Twitter</a> | đŸ’ŧ <a href="https://www.linkedin.com/in/archijain19/" rel="noopener noreferrer">LinkedIn</a></p> <p><strong>Tags:</strong> #100DaysOfCode #Python #FastAPI #PostgreSQL #SQLAlchemy #BackendDevelopment #DatabaseDesign #LearningInPublic</p> fastapi postgres backend programming Day 1/100: Building Your First FastAPI REST API - A Complete Beginner's Guide archi-jain Wed, 04 Mar 2026 16:48:45 +0000 https://dev.to/archijain/day-1100-building-your-first-fastapi-rest-api-a-complete-beginners-guide-n2j https://dev.to/archijain/day-1100-building-your-first-fastapi-rest-api-a-complete-beginners-guide-n2j <h1> Day 1/100: Building Your First FastAPI REST API - A Complete Beginner's Guide </h1> <blockquote> <p>Part of my 100 Days of Code journey. Follow along as I build production-ready Python skills.</p> </blockquote> <h2> Introduction </h2> <p>Welcome to Day 1 of my 100 Days of Code challenge! Today, I'm diving into FastAPI, a modern Python web framework that's taking the backend world by storm. If you've been using Flask or Django and wondering what all the FastAPI hype is about, this post is for you.</p> <p>By the end of this tutorial, you'll understand how to build a complete REST API from scratch, including proper validation, error handling, and auto-generated documentation.</p> <h2> Why FastAPI? </h2> <p>Before we dive into code, let's talk about why FastAPI matters:</p> <ul> <li> <strong>Fast</strong>: As the name suggests, it's one of the fastest Python frameworks available (comparable to Node.js and Go)</li> <li> <strong>Modern</strong>: Built on modern Python features like type hints and async/await</li> <li> <strong>Auto-validation</strong>: Pydantic models validate requests automatically</li> <li> <strong>Auto-docs</strong>: Interactive API documentation generated for free</li> <li> <strong>Industry adoption</strong>: Used by Uber, Netflix, Microsoft, and other tech giants</li> </ul> <h2> The Challenge </h2> <p>Build a <strong>Task Management API</strong> with these features:</p> <ul> <li>Create, read, update, and delete tasks (CRUD)</li> <li>Mark tasks as complete/incomplete</li> <li>Proper error handling</li> <li>Request/response validation</li> <li>Auto-generated API documentation</li> </ul> <h2> Project Setup </h2> <h3> Installing Dependencies </h3> <p>First, create a virtual environment and install FastAPI:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create virtual environment</span> python3 <span class="nt">-m</span> venv venv <span class="nb">source </span>venv/bin/activate <span class="c"># On Windows: venv\Scripts\activate</span> <span class="c"># Install dependencies</span> pip <span class="nb">install </span>fastapi uvicorn </code></pre> </div> <p><strong>What are these packages?</strong></p> <ul> <li> <code>fastapi</code>: The web framework itself</li> <li> <code>uvicorn</code>: An ASGI server to run our FastAPI application</li> </ul> <h3> Project Structure </h3> <p>Create a single file called <code>main.py</code>. For this beginner project, we'll keep everything in one file for simplicity.</p> <h2> Building the API - Step by Step </h2> <h3> Step 1: Initial Setup and Imports </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">FastAPI</span><span class="p">,</span> <span class="n">HTTPException</span><span class="p">,</span> <span class="n">status</span> <span class="kn">from</span> <span class="n">pydantic</span> <span class="kn">import</span> <span class="n">BaseModel</span><span class="p">,</span> <span class="n">Field</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Optional</span><span class="p">,</span> <span class="n">Dict</span><span class="p">,</span> <span class="n">List</span> <span class="kn">from</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">uuid</span> </code></pre> </div> <p><strong>Line-by-line explanation:</strong></p> <ul> <li> <code>FastAPI</code>: The main class to create our application</li> <li> <code>HTTPException</code>: Used to return HTTP error responses (like 404 Not Found)</li> <li> <code>status</code>: Contains HTTP status code constants (201, 404, etc.)</li> <li> <code>BaseModel</code> from Pydantic: Base class for our data models</li> <li> <code>Field</code>: Adds validation constraints to model fields</li> <li> <code>Optional</code>: Type hint for fields that can be None</li> <li> <code>Dict, List</code>: Type hints for dictionaries and lists</li> <li> <code>datetime</code>: For timestamps</li> <li> <code>uuid</code>: For generating unique task IDs</li> </ul> <h3> Step 2: Initialize the Application </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">(</span> <span class="n">title</span><span class="o">=</span><span class="sh">"</span><span class="s">Task Management API</span><span class="sh">"</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="sh">"</span><span class="s">A simple REST API for managing tasks</span><span class="sh">"</span><span class="p">,</span> <span class="n">version</span><span class="o">=</span><span class="sh">"</span><span class="s">1.0.0</span><span class="sh">"</span> <span class="p">)</span> </code></pre> </div> <p><strong>What's happening here?</strong></p> <p>We create a FastAPI instance with metadata. This information appears in the auto-generated documentation at <code>/docs</code>.</p> <h3> Step 3: Create In-Memory Storage </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">tasks_db</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">dict</span><span class="p">]</span> <span class="o">=</span> <span class="p">{}</span> </code></pre> </div> <p><strong>Why a dictionary?</strong></p> <p>For Day 1, we're using a simple Python dictionary to store tasks. The keys are task IDs (strings), and the values are task dictionaries. This simulates a database without the complexity.</p> <p><strong>Type hint breakdown:</strong></p> <ul> <li> <code>Dict[str, dict]</code>: A dictionary with string keys and dict values</li> <li> <code>: Dict[str, dict] = {}</code>: Type annotation with default empty dict</li> </ul> <p>In production, you'd use a real database (PostgreSQL, MongoDB, etc.), but this is perfect for learning.</p> <h3> Step 4: Define Data Models with Pydantic </h3> <h4> TaskCreate Model </h4> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">TaskCreate</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">title</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(...,</span> <span class="n">max_length</span><span class="o">=</span><span class="mi">100</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="sh">"</span><span class="s">Task title</span><span class="sh">"</span><span class="p">)</span> <span class="n">description</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(</span><span class="bp">None</span><span class="p">,</span> <span class="n">max_length</span><span class="o">=</span><span class="mi">500</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="sh">"</span><span class="s">Task description</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>Breaking it down:</strong></p> <ul> <li> <code>class TaskCreate(BaseModel)</code>: Inherits from Pydantic's BaseModel</li> <li> <code>title: str</code>: Required string field</li> <li> <code>Field(...)</code>: The <code>...</code> means this field is required</li> <li> <code>max_length=100</code>: Validation - title can't exceed 100 characters</li> <li> <code>description="Task title"</code>: Shows in API docs</li> <li> <code>Optional[str]</code>: This field can be a string or None</li> <li> <code>Field(None, ...)</code>: Default value is None (field is optional)</li> </ul> <p><strong>Why separate models?</strong></p> <p>We create different models for different purposes:</p> <ul> <li> <code>TaskCreate</code>: What the user sends when creating a task</li> <li> <code>TaskUpdate</code>: What can be updated</li> <li> <code>TaskResponse</code>: What the API returns (includes ID, timestamps)</li> </ul> <p>This separation follows the <strong>Single Responsibility Principle</strong>.</p> <h4> TaskUpdate Model </h4> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">TaskUpdate</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">title</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(</span><span class="bp">None</span><span class="p">,</span> <span class="n">max_length</span><span class="o">=</span><span class="mi">100</span><span class="p">)</span> <span class="n">description</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(</span><span class="bp">None</span><span class="p">,</span> <span class="n">max_length</span><span class="o">=</span><span class="mi">500</span><span class="p">)</span> </code></pre> </div> <p><strong>Why everything is Optional here?</strong></p> <p>When updating, users might want to change only the title OR only the description, not necessarily both. Making fields optional allows partial updates.</p> <h4> TaskResponse Model </h4> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">TaskResponse</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="nb">id</span><span class="p">:</span> <span class="nb">str</span> <span class="n">title</span><span class="p">:</span> <span class="nb">str</span> <span class="n">description</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="n">completed</span><span class="p">:</span> <span class="nb">bool</span> <span class="n">created_at</span><span class="p">:</span> <span class="n">datetime</span> <span class="n">updated_at</span><span class="p">:</span> <span class="n">datetime</span> </code></pre> </div> <p><strong>What's different?</strong></p> <p>This model includes fields that the API generates automatically:</p> <ul> <li> <code>id</code>: Auto-generated UUID</li> <li> <code>completed</code>: Default False, set by the system</li> <li> <code>created_at</code>: Timestamp when task was created</li> <li> <code>updated_at</code>: Timestamp when task was last modified</li> </ul> <p>Users don't send these fields; the API creates them.</p> <h3> Step 5: Helper Function for Error Handling </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">get_task_or_404</span><span class="p">(</span><span class="n">task_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="n">task</span> <span class="o">=</span> <span class="n">tasks_db</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">task_id</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">task</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span> <span class="n">status_code</span><span class="o">=</span><span class="n">status</span><span class="p">.</span><span class="n">HTTP_404_NOT_FOUND</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Task not found</span><span class="sh">"</span> <span class="p">)</span> <span class="k">return</span> <span class="n">task</span> </code></pre> </div> <p><strong>Why create this helper?</strong></p> <p>Multiple endpoints need to check if a task exists. Instead of repeating this code, we create a reusable function. This follows the <strong>DRY principle</strong> (Don't Repeat Yourself).</p> <p><strong>How it works:</strong></p> <ol> <li> <code>tasks_db.get(task_id)</code>: Safely get task (returns None if not found)</li> <li>If task doesn't exist, raise <code>HTTPException</code> with 404 status</li> <li>If task exists, return it</li> </ol> <p><strong>HTTPException explained:</strong></p> <p>When raised, FastAPI automatically converts this to a proper HTTP error response:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"detail"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Task not found"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Step 6: Create Task Endpoint </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">TaskResponse</span><span class="p">,</span> <span class="n">status_code</span><span class="o">=</span><span class="n">status</span><span class="p">.</span><span class="n">HTTP_201_CREATED</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">create_task</span><span class="p">(</span><span class="n">task</span><span class="p">:</span> <span class="n">TaskCreate</span><span class="p">):</span> <span class="n">task_id</span> <span class="o">=</span> <span class="nf">str</span><span class="p">(</span><span class="n">uuid</span><span class="p">.</span><span class="nf">uuid4</span><span class="p">())</span> <span class="n">now</span> <span class="o">=</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">utcnow</span><span class="p">()</span> <span class="n">new_task</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">:</span> <span class="n">task_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">title</span><span class="sh">"</span><span class="p">:</span> <span class="n">task</span><span class="p">.</span><span class="n">title</span><span class="p">,</span> <span class="sh">"</span><span class="s">description</span><span class="sh">"</span><span class="p">:</span> <span class="n">task</span><span class="p">.</span><span class="n">description</span><span class="p">,</span> <span class="sh">"</span><span class="s">completed</span><span class="sh">"</span><span class="p">:</span> <span class="bp">False</span><span class="p">,</span> <span class="sh">"</span><span class="s">created_at</span><span class="sh">"</span><span class="p">:</span> <span class="n">now</span><span class="p">,</span> <span class="sh">"</span><span class="s">updated_at</span><span class="sh">"</span><span class="p">:</span> <span class="n">now</span> <span class="p">}</span> <span class="n">tasks_db</span><span class="p">[</span><span class="n">task_id</span><span class="p">]</span> <span class="o">=</span> <span class="n">new_task</span> <span class="k">return</span> <span class="n">new_task</span> </code></pre> </div> <p><strong>Decorator breakdown:</strong></p> <ul> <li> <code>@app.post("/tasks")</code>: This function handles POST requests to /tasks</li> <li> <code>response_model=TaskResponse</code>: FastAPI validates the response matches this model</li> <li> <code>status_code=status.HTTP_201_CREATED</code>: Returns 201 (resource created) instead of default 200</li> </ul> <p><strong>Why async def?</strong></p> <p>FastAPI is built for asynchronous programming. Even though this function doesn't use <code>await</code>, using <code>async def</code> is best practice and allows FastAPI to handle it efficiently.</p> <p><strong>Function parameters:</strong></p> <ul> <li> <code>task: TaskCreate</code>: FastAPI automatically: <ol> <li>Parses the JSON request body</li> <li>Validates it against TaskCreate model</li> <li>Converts it to a TaskCreate object</li> <li>If validation fails, returns 422 error automatically</li> </ol> </li> </ul> <p><strong>Step-by-step logic:</strong></p> <ol> <li>Generate unique ID: <code>str(uuid.uuid4())</code> creates a random UUID like "a3bb189e-8bf9-..."</li> <li>Get current timestamp: <code>datetime.utcnow()</code> gets UTC time (best practice for APIs)</li> <li>Create task dictionary with all required fields</li> <li>Store in our "database": <code>tasks_db[task_id] = new_task</code> </li> <li>Return the task (FastAPI automatically converts to JSON)</li> </ol> <h3> Step 7: Get All Tasks Endpoint </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">List</span><span class="p">[</span><span class="n">TaskResponse</span><span class="p">])</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">get_all_tasks</span><span class="p">():</span> <span class="k">return</span> <span class="nf">list</span><span class="p">(</span><span class="n">tasks_db</span><span class="p">.</span><span class="nf">values</span><span class="p">())</span> </code></pre> </div> <p><strong>Simple but powerful!</strong></p> <ul> <li> <code>@app.get("/tasks")</code>: Handles GET requests to /tasks</li> <li> <code>response_model=List[TaskResponse]</code>: Returns a list of TaskResponse objects</li> <li> <code>list(tasks_db.values())</code>: Gets all task dictionaries from our storage</li> </ul> <p><strong>What FastAPI does automatically:</strong></p> <ol> <li>Validates each task in the list matches TaskResponse</li> <li>Converts Python datetime objects to ISO format strings</li> <li>Converts the entire list to JSON</li> <li>Sets proper Content-Type header</li> </ol> <h3> Step 8: Get Single Task Endpoint </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks/{task_id}</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">TaskResponse</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">get_task</span><span class="p">(</span><span class="n">task_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="n">task</span> <span class="o">=</span> <span class="nf">get_task_or_404</span><span class="p">(</span><span class="n">task_id</span><span class="p">)</span> <span class="k">return</span> <span class="n">task</span> </code></pre> </div> <p><strong>Path parameters explained:</strong></p> <ul> <li> <code>"/tasks/{task_id}"</code>: Curly braces define a path parameter</li> <li> <code>task_id: str</code>: FastAPI extracts this from the URL</li> <li>Example: GET /tasks/abc123 → task_id = "abc123"</li> </ul> <p><strong>Flow:</strong></p> <ol> <li>FastAPI extracts task_id from URL</li> <li>Our helper checks if it exists</li> <li>If not found, raises 404 automatically</li> <li>If found, returns the task</li> </ol> <h3> Step 9: Update Task Endpoint </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.put</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks/{task_id}</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">TaskResponse</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">update_task</span><span class="p">(</span><span class="n">task_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">task_update</span><span class="p">:</span> <span class="n">TaskUpdate</span><span class="p">):</span> <span class="n">task</span> <span class="o">=</span> <span class="nf">get_task_or_404</span><span class="p">(</span><span class="n">task_id</span><span class="p">)</span> <span class="k">if</span> <span class="n">task_update</span><span class="p">.</span><span class="n">title</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="n">task</span><span class="p">[</span><span class="sh">"</span><span class="s">title</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">task_update</span><span class="p">.</span><span class="n">title</span> <span class="k">if</span> <span class="n">task_update</span><span class="p">.</span><span class="n">description</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="n">task</span><span class="p">[</span><span class="sh">"</span><span class="s">description</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">task_update</span><span class="p">.</span><span class="n">description</span> <span class="n">task</span><span class="p">[</span><span class="sh">"</span><span class="s">updated_at</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">utcnow</span><span class="p">()</span> <span class="k">return</span> <span class="n">task</span> </code></pre> </div> <p><strong>PUT vs PATCH:</strong></p> <ul> <li>PUT: Update entire resource (we're using this)</li> <li>PATCH: Partial update (we'll use this for completion toggle)</li> </ul> <p><strong>Why check <code>is not None</code>?</strong></p> <p>Fields in TaskUpdate are optional. We only update fields that were actually sent in the request:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Request: {"title": "New Title"} # Only title is updated, description stays the same </span> <span class="k">if</span> <span class="n">task_update</span><span class="p">.</span><span class="n">title</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="c1"># True </span> <span class="n">task</span><span class="p">[</span><span class="sh">"</span><span class="s">title</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">task_update</span><span class="p">.</span><span class="n">title</span> <span class="k">if</span> <span class="n">task_update</span><span class="p">.</span><span class="n">description</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="c1"># False (not sent) </span> <span class="n">task</span><span class="p">[</span><span class="sh">"</span><span class="s">description</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">task_update</span><span class="p">.</span><span class="n">description</span> <span class="c1"># Skipped! </span></code></pre> </div> <p><strong>Always update timestamp:</strong></p> <p>Even if only one field changed, we update <code>updated_at</code> to track when the task was last modified.</p> <h3> Step 10: Toggle Completion Endpoint </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.patch</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks/{task_id}/complete</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">TaskResponse</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">toggle_task_completion</span><span class="p">(</span><span class="n">task_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="n">task</span> <span class="o">=</span> <span class="nf">get_task_or_404</span><span class="p">(</span><span class="n">task_id</span><span class="p">)</span> <span class="n">task</span><span class="p">[</span><span class="sh">"</span><span class="s">completed</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="ow">not</span> <span class="n">task</span><span class="p">[</span><span class="sh">"</span><span class="s">completed</span><span class="sh">"</span><span class="p">]</span> <span class="n">task</span><span class="p">[</span><span class="sh">"</span><span class="s">updated_at</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">utcnow</span><span class="p">()</span> <span class="k">return</span> <span class="n">task</span> </code></pre> </div> <p><strong>Why PATCH here?</strong></p> <p>PATCH is perfect for small, specific updates. This endpoint does one thing: toggle completion status.</p> <p><strong>The toggle logic:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">task</span><span class="p">[</span><span class="sh">"</span><span class="s">completed</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="ow">not</span> <span class="n">task</span><span class="p">[</span><span class="sh">"</span><span class="s">completed</span><span class="sh">"</span><span class="p">]</span> </code></pre> </div> <ul> <li>If completed is True → becomes False</li> <li>If completed is False → becomes True</li> </ul> <p>Simple and elegant!</p> <h3> Step 11: Delete Task Endpoint </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.delete</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks/{task_id}</span><span class="sh">"</span><span class="p">,</span> <span class="n">status_code</span><span class="o">=</span><span class="n">status</span><span class="p">.</span><span class="n">HTTP_204_NO_CONTENT</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">delete_task</span><span class="p">(</span><span class="n">task_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="n">task</span> <span class="o">=</span> <span class="nf">get_task_or_404</span><span class="p">(</span><span class="n">task_id</span><span class="p">)</span> <span class="k">del</span> <span class="n">tasks_db</span><span class="p">[</span><span class="n">task_id</span><span class="p">]</span> <span class="k">return</span> <span class="bp">None</span> </code></pre> </div> <p><strong>HTTP 204 No Content:</strong></p> <p>Standard for successful deletions. Means:</p> <ul> <li>✅ Request succeeded</li> <li>ℹī¸ No content in response body</li> </ul> <p><strong>Why check if exists first?</strong></p> <p>We want to return 404 if the task doesn't exist, not silently succeed. This gives clients better feedback.</p> <p><strong>Delete operation:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">del</span> <span class="n">tasks_db</span><span class="p">[</span><span class="n">task_id</span><span class="p">]</span> </code></pre> </div> <p>Removes the key-value pair from our dictionary.</p> <h2> Testing Your API </h2> <h3> Run the Server </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>uvicorn main:app <span class="nt">--reload</span> </code></pre> </div> <p><strong>Command breakdown:</strong></p> <ul> <li> <code>uvicorn</code>: The ASGI server</li> <li> <code>main:app</code>: File name (main.py) : FastAPI instance (app)</li> <li> <code>--reload</code>: Auto-restart on code changes (development only!)</li> </ul> <h3> Access Interactive Docs </h3> <p>Open your browser to:</p> <ul> <li> <strong>Swagger UI</strong>: <a href="http://localhost:8000/docs" rel="noopener noreferrer">http://localhost:8000/docs</a> </li> <li> <strong>ReDoc</strong>: <a href="http://localhost:8000/redoc" rel="noopener noreferrer">http://localhost:8000/redoc</a> </li> </ul> <p><strong>This is FastAPI's superpower!</strong></p> <p>You get a full interactive API documentation where you can:</p> <ul> <li>See all endpoints</li> <li>Read descriptions</li> <li>Try requests directly in the browser</li> <li>See request/response examples</li> </ul> <h3> Manual Testing Examples </h3> <h4> Create a Task </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST <span class="s2">"http://localhost:8000/tasks"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"title": "Learn FastAPI", "description": "Build a REST API"}'</span> </code></pre> </div> <p><strong>Response:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"a3bb189e-8bf9-423b-bb46-98c7c5f3e5a7"</span><span class="p">,</span><span class="w"> </span><span class="nl">"title"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Learn FastAPI"</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Build a REST API"</span><span class="p">,</span><span class="w"> </span><span class="nl">"completed"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"created_at"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2026-03-05T10:30:00.123456"</span><span class="p">,</span><span class="w"> </span><span class="nl">"updated_at"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2026-03-05T10:30:00.123456"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h4> Get All Tasks </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl http://localhost:8000/tasks </code></pre> </div> <h4> Update a Task </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> PUT <span class="s2">"http://localhost:8000/tasks/{task_id}"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"title": "Updated Title"}'</span> </code></pre> </div> <h4> Toggle Completion </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> PATCH <span class="s2">"http://localhost:8000/tasks/{task_id}/complete"</span> </code></pre> </div> <h4> Delete a Task </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> DELETE <span class="s2">"http://localhost:8000/tasks/{task_id}"</span> </code></pre> </div> <h2> Key Concepts Learned </h2> <h3> 1. REST API Design </h3> <p><strong>CRUD Operations mapped to HTTP methods:</strong></p> <ul> <li> <strong>C</strong>reate → POST /tasks</li> <li> <strong>R</strong>ead → GET /tasks, GET /tasks/{id}</li> <li> <strong>U</strong>pdate → PUT /tasks/{id}</li> <li> <strong>D</strong>elete → DELETE /tasks/{id}</li> </ul> <p><strong>Proper HTTP Status Codes:</strong></p> <ul> <li>200 OK: Successful GET, PUT, PATCH</li> <li>201 Created: Successful POST</li> <li>204 No Content: Successful DELETE</li> <li>404 Not Found: Resource doesn't exist</li> <li>422 Unprocessable Entity: Validation failed (automatic!)</li> </ul> <h3> 2. Pydantic Validation </h3> <p>Pydantic handles all this automatically:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Too long title (&gt;100 chars) </span><span class="p">{</span><span class="sh">"</span><span class="s">title</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">A</span><span class="sh">"</span> <span class="o">*</span> <span class="mi">101</span><span class="p">}</span> <span class="c1"># Returns: 422 with error message </span> <span class="c1"># Missing required field </span><span class="p">{</span><span class="sh">"</span><span class="s">description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Only description</span><span class="sh">"</span><span class="p">}</span> <span class="c1"># Returns: 422 "title is required" </span> <span class="c1"># Wrong type </span><span class="p">{</span><span class="sh">"</span><span class="s">title</span><span class="sh">"</span><span class="p">:</span> <span class="mi">123</span><span class="p">}</span> <span class="c1"># Returns: 422 "title must be string" </span></code></pre> </div> <h3> 3. Type Hints </h3> <p>Type hints make code:</p> <ul> <li> <strong>Self-documenting</strong>: Clear what each variable should be</li> <li> <strong>Editor-friendly</strong>: Better autocomplete</li> <li> <strong>FastAPI-compatible</strong>: Framework uses them for validation</li> </ul> <h3> 4. Async/Await </h3> <p>While we didn't use <code>await</code> in this project, using <code>async def</code> prepares our code for:</p> <ul> <li>Database operations</li> <li>External API calls</li> <li>File operations</li> <li>Concurrent request handling</li> </ul> <h2> Common Mistakes and How to Avoid Them </h2> <h3> Mistake 1: Mutable Default Arguments </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># ❌ WRONG </span><span class="k">def</span> <span class="nf">create_task</span><span class="p">(</span><span class="n">tags</span><span class="p">:</span> <span class="nb">list</span> <span class="o">=</span> <span class="p">[]):</span> <span class="n">tags</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="sh">"</span><span class="s">new</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Modifies the same list every time! </span> <span class="c1"># ✅ CORRECT </span><span class="k">def</span> <span class="nf">create_task</span><span class="p">(</span><span class="n">tags</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">List</span><span class="p">[</span><span class="nb">str</span><span class="p">]]</span> <span class="o">=</span> <span class="bp">None</span><span class="p">):</span> <span class="k">if</span> <span class="n">tags</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="n">tags</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">tags</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="sh">"</span><span class="s">new</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> Mistake 2: Not Checking Existence Before Update </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># ❌ WRONG </span><span class="nd">@app.put</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks/{task_id}</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">update_task</span><span class="p">(</span><span class="n">task_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">task_update</span><span class="p">:</span> <span class="n">TaskUpdate</span><span class="p">):</span> <span class="c1"># What if task_id doesn't exist? KeyError! </span> <span class="n">tasks_db</span><span class="p">[</span><span class="n">task_id</span><span class="p">][</span><span class="sh">"</span><span class="s">title</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">task_update</span><span class="p">.</span><span class="n">title</span> <span class="c1"># ✅ CORRECT (using our helper) </span><span class="nd">@app.put</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks/{task_id}</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">update_task</span><span class="p">(</span><span class="n">task_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">task_update</span><span class="p">:</span> <span class="n">TaskUpdate</span><span class="p">):</span> <span class="n">task</span> <span class="o">=</span> <span class="nf">get_task_or_404</span><span class="p">(</span><span class="n">task_id</span><span class="p">)</span> <span class="c1"># Returns 404 if not found </span> <span class="n">task</span><span class="p">[</span><span class="sh">"</span><span class="s">title</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">task_update</span><span class="p">.</span><span class="n">title</span> </code></pre> </div> <h3> Mistake 3: Wrong HTTP Methods </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># ❌ WRONG </span><span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks/{task_id}/delete</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Should be DELETE, not GET </span> <span class="c1"># ✅ CORRECT </span><span class="nd">@app.delete</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks/{task_id}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> Mistake 4: Not Using Status Codes </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># ❌ WRONG </span><span class="nd">@app.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Returns 200 by default </span> <span class="c1"># ✅ CORRECT </span><span class="nd">@app.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks</span><span class="sh">"</span><span class="p">,</span> <span class="n">status_code</span><span class="o">=</span><span class="n">status</span><span class="p">.</span><span class="n">HTTP_201_CREATED</span><span class="p">)</span> </code></pre> </div> <h2> Next Steps and Improvements </h2> <h3> Immediate Enhancements </h3> <ol> <li> <strong>Add filtering:</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">get_tasks</span><span class="p">(</span><span class="n">completed</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">bool</span><span class="p">]</span> <span class="o">=</span> <span class="bp">None</span><span class="p">):</span> <span class="k">if</span> <span class="n">completed</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="k">return</span> <span class="p">[</span><span class="n">t</span> <span class="k">for</span> <span class="n">t</span> <span class="ow">in</span> <span class="n">tasks_db</span><span class="p">.</span><span class="nf">values</span><span class="p">()</span> <span class="k">if</span> <span class="n">t</span><span class="p">[</span><span class="sh">"</span><span class="s">completed</span><span class="sh">"</span><span class="p">]</span> <span class="o">==</span> <span class="n">completed</span><span class="p">]</span> <span class="k">return</span> <span class="nf">list</span><span class="p">(</span><span class="n">tasks_db</span><span class="p">.</span><span class="nf">values</span><span class="p">())</span> </code></pre> </div> <ol> <li> <strong>Add pagination:</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">get_tasks</span><span class="p">(</span><span class="n">skip</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="mi">0</span><span class="p">,</span> <span class="n">limit</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="mi">10</span><span class="p">):</span> <span class="n">tasks</span> <span class="o">=</span> <span class="nf">list</span><span class="p">(</span><span class="n">tasks_db</span><span class="p">.</span><span class="nf">values</span><span class="p">())</span> <span class="k">return</span> <span class="n">tasks</span><span class="p">[</span><span class="n">skip</span> <span class="p">:</span> <span class="n">skip</span> <span class="o">+</span> <span class="n">limit</span><span class="p">]</span> </code></pre> </div> <ol> <li> <strong>Add search:</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/tasks</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">get_tasks</span><span class="p">(</span><span class="n">search</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="bp">None</span><span class="p">):</span> <span class="k">if</span> <span class="n">search</span><span class="p">:</span> <span class="k">return</span> <span class="p">[</span><span class="n">t</span> <span class="k">for</span> <span class="n">t</span> <span class="ow">in</span> <span class="n">tasks_db</span><span class="p">.</span><span class="nf">values</span><span class="p">()</span> <span class="k">if</span> <span class="n">search</span><span class="p">.</span><span class="nf">lower</span><span class="p">()</span> <span class="ow">in</span> <span class="n">t</span><span class="p">[</span><span class="sh">"</span><span class="s">title</span><span class="sh">"</span><span class="p">].</span><span class="nf">lower</span><span class="p">()]</span> <span class="k">return</span> <span class="nf">list</span><span class="p">(</span><span class="n">tasks_db</span><span class="p">.</span><span class="nf">values</span><span class="p">())</span> </code></pre> </div> <h3> Future Learning Path </h3> <p><strong>Day 2-5:</strong> Database integration (SQLAlchemy + PostgreSQL)<br> <strong>Day 6-10:</strong> Authentication and authorization (JWT, OAuth2)<br> <strong>Day 11-15:</strong> Testing (pytest, coverage)<br> <strong>Day 16-20:</strong> Docker deployment</p> <h2> Real-World Applications </h2> <p>This exact pattern is used for:</p> <ul> <li> <strong>Todo apps</strong> (like we built)</li> <li> <strong>Blog APIs</strong> (posts, comments)</li> <li> <strong>E-commerce</strong> (products, orders)</li> <li> <strong>Social media</strong> (posts, likes)</li> <li> <strong>Project management</strong> (tasks, projects)</li> </ul> <p>The CRUD pattern is fundamental to web development!</p> <h2> Conclusion </h2> <p>Today I learned:</p> <p>✅ FastAPI basics and why it's gaining popularity<br> ✅ How to build a complete REST API from scratch<br> ✅ Pydantic models for automatic validation<br> ✅ Proper HTTP methods and status codes<br> ✅ Error handling best practices<br> ✅ How to structure a professional API</p> <p><strong>Time Investment:</strong> 2.5 hours<br> <strong>Knowledge Gained:</strong> Production-ready API skills</p> <h2> Resources </h2> <ul> <li><a href="https://fastapi.tiangolo.com/" rel="noopener noreferrer">FastAPI Documentation</a></li> <li><a href="https://docs.pydantic.dev/" rel="noopener noreferrer">Pydantic Documentation</a></li> <li><a href="https://restfulapi.net/" rel="noopener noreferrer">REST API Best Practices</a></li> <li><a href="https://httpstatuses.com/" rel="noopener noreferrer">HTTP Status Codes</a></li> </ul> <h2> Full Code </h2> <p>The complete code is available on my GitHub:<br> <a href="https://github.com/archi-jain/100-days-of-python/tree/main/day01-task-management-api" rel="noopener noreferrer">100-days-of-python/days/001</a></p> <p><strong>Tomorrow's Challenge:</strong> Adding PostgreSQL database integration and learning SQLAlchemy ORM.</p> <p>Following my 100 Days journey? Connect with me on <a href="https://x.com/ArchiLearns" rel="noopener noreferrer">Twitter</a> and <a href="https://www.linkedin.com/in/archijain19/" rel="noopener noreferrer">LinkedIn</a>!</p> <p><strong>Day 1/100 complete!</strong> ✅</p> <p><em>Tags: #100DaysOfCode #Python #FastAPI #BackendDevelopment #WebDevelopment #RestAPI #LearningInPublic</em></p> api beginners fastapi python No-code tools for SQL development archi-jain Fri, 27 Jan 2023 19:53:29 +0000 https://dev.to/archijain/no-code-tools-for-sql-development-3o2j https://dev.to/archijain/no-code-tools-for-sql-development-3o2j <p>There are several tools that can make development with SQL easier without the need to write code:</p> <p>SQL Management Studio: This is a graphical user interface (GUI) tool that allows developers to interact with databases, create and modify tables, run queries and manage data.</p> <p>SQL Workbench: This is a free, open-source SQL client that provides a GUI for working with databases. It is available for Windows, Linux, and Mac.</p> <p>DBVisualizer: This is a database management tool that allows developers to work with multiple databases simultaneously and includes features such as a SQL editor, data browsing, and visual data modeling.</p> <p>Toad: This is a commercial tool that provides a GUI for working with databases, including a SQL editor, data browsing, and visual data modeling.</p> <p>Navicat: This is a commercial SQL client that provides a GUI for working with databases, including a SQL editor, data browsing, and visual data modeling.</p> <p>DataGrip: This is a commercial SQL client that provides a GUI for working with databases, including a SQL editor, data browsing, and visual data modeling.</p> <p>All these tools are designed to provide an easy and intuitive way to work with SQL, allowing developers to quickly and efficiently manage databases, run queries and analyze data without the need to write code.</p> devjournal database sql nocode Getting started with Reactjs archi-jain Fri, 27 Jan 2023 18:13:12 +0000 https://dev.to/archijain/getting-started-with-reactjs-1ejl https://dev.to/archijain/getting-started-with-reactjs-1ejl <p>Here are a few tips for someone who is just getting started with React</p> <ol> <li><p><u>Learn the basics of JavaScript</u>: React is a JavaScript library, so it's important to have a solid understanding of JavaScript before diving into React. Make sure you understand concepts like variables, functions, and objects.</p></li> <li><p><u>Understand the component-based architecture</u>: React is based on a component-based architecture, where the UI is divided into small, reusable components. Understanding this concept is essential for building efficient and maintainable React applications.</p></li> <li><p><u>Start with the basics</u>: React has a gentle learning curve, but it can be overwhelming at first. Start with the basics, such as creating and rendering components, handling events, and passing data between components.</p></li> <li><p><u>Practice, practice, practice</u>: The best way to learn React is by building projects with it. Try building small projects, such as a to-do list or a weather app, to get a feel for how React works and how to structure your code.</p></li> </ol> <p>5.<u> Learn JSX</u>: JSX is a syntax extension for JavaScript that allows you to write HTML-like elements in your JavaScript code. It's used in React to describe the structure of a component's UI.</p> <ol> <li><p><u>Understand the Virtual DOM</u>: React uses a virtual DOM to improve the performance of updates and re-renders. Understanding how the virtual DOM works and how it interacts with the actual DOM can help you write more efficient React code.</p></li> <li><p><u>Learn about state and props</u>: React components have two types of data: props and state. Props are passed from a parent component to a child component, and state is managed within a component. Understanding the difference between props and state is important for building correct and efficient React applications.</p></li> <li><p><u>Familiarize yourself with the React Developer Tools</u>: React Developer Tools is a browser extension that allows you to inspect and debug your React code. It's a great tool for understanding how your components are structured and how they interact with each other.</p></li> <li><p><u>Learn about React hooks</u>: React Hooks are a way to use state and other React features in functional components. It's a powerful feature that can help you write more readable and reusable code.</p></li> <li><p><u>Keep an eye on the community</u>: React is a rapidly-evolving library, and new features and best practices are being introduced all the time. Keep an eye on the React community, by following blogs, forums, and social media, to stay up-to-date with the latest developments.</p></li> </ol> career productivity discuss 5 habits that can make you a good developer archi-jain Thu, 26 Jan 2023 12:12:52 +0000 https://dev.to/archijain/5-habits-that-can-make-you-a-good-developer-2h99 https://dev.to/archijain/5-habits-that-can-make-you-a-good-developer-2h99 <p>Developing good habits is essential for a developer to be productive, efficient, and successful.<br> So, here are 5 must-have habits for a good developer</p> <ol> <li> <strong>Continual learning</strong>: Technology is constantly evolving, and it's essential for developers to stay current with the latest tools, technologies, and best practices. This can involve taking online courses, reading technical books, and experimenting with new technologies.</li> <li> <strong>Writing clean and readable code</strong>: Writing code that is easy to read and understand is essential for both the developer and other team members who may need to work on the code in the future. This includes using meaningful variable names, commenting code, and following a consistent coding style.</li> <li> <strong>Time management</strong>: Developers often have a lot of tasks to complete, and it's essential to manage time effectively to meet deadlines and prioritize tasks. This can involve using tools such as calendars, to-do lists, and project management software, and learning how to estimate how long a task will take.</li> <li> <strong>Focus and concentration</strong>: Developing the ability to focus and concentrate for long periods of time is essential for developers to be productive. This can involve setting up a comfortable work environment, minimizing distractions, and using techniques such as the Pomodoro Technique to increase focus and concentration.</li> <li> <strong>Collaboration and teamwork</strong>: Developers often work in teams, and it's essential to have strong collaboration and teamwork skills to effectively communicate and work with other team members. This can involve using tools such as version control, issue tracking, and agile development methodologies to work with other team members.</li> </ol> beginners productivity management devjournal 7 Techniques for optimizing JavaScript performance and reducing load times archi-jain Tue, 24 Jan 2023 18:52:47 +0000 https://dev.to/archijain/7-techniques-for-optimizing-javascript-performance-and-reducing-load-times-39c2 https://dev.to/archijain/7-techniques-for-optimizing-javascript-performance-and-reducing-load-times-39c2 <p>There are several techniques you can use to optimize the performance of your JavaScript code and reduce load times. Here are a few</p> <ol> <li><p>Minification: This is the process of removing unnecessary characters from your code (such as whitespace, comments, and newlines) to reduce its file size. Minifying your code can help it load faster, especially on slow connections.</p></li> <li><p>Bundling: This is the process of combining multiple JavaScript files into a single file. By reducing the number of requests the browser needs to make to load your code, bundling can help improve load times.</p></li> <li><p>Lazy loading: This is a technique where you only load the JavaScript that is needed for the current view or user action. This can help improve the initial load time of your website, as well as the performance of the website as the user interacts with it.</p></li> <li><p>Code splitting: Similar to lazy loading, it's a technique where you can split your code into multiple chunks and load them only when needed. This way, your initial load time will be faster, and users won't need to download the entire codebase to run your website.</p></li> <li><p>Using a Content Delivery Network (CDN): CDN is a network of servers that are distributed around the world to deliver content to users based on their geographic location. By hosting your JavaScript on a CDN, you can reduce the distance that the data has to travel, and therefore, improve load times.</p></li> <li><p>Using a JavaScript framework/library: Popular frameworks and libraries like React, Angular, and Vue.js can help you write better-structured and more maintainable code, as well as provide performance optimizations.</p></li> <li><p>Properly Optimizing Images: Optimizing images is not directly related to JavaScript, but it's essential to mention it, as images can take a significant amount of time to load. Optimizing images by compressing or resizing them can greatly improve load times for your website.</p></li> </ol> discuss productivity career Facts no one knows about programmers archi-jain Mon, 23 Jan 2023 21:24:14 +0000 https://dev.to/archijain/facts-no-one-knows-about-programmers-1b4l https://dev.to/archijain/facts-no-one-knows-about-programmers-1b4l <p>Here are a few fun facts about coders or programmers that you may not know about:</p> <ol> <li><p>Many early computer programmers were women: During the 1950s and 1960s, when computers were first being developed, many of the programmers were women. This is because computers were seen as more of a "girl's job," and many women were hired to work as "computers" (people who did calculations by hand) before computers were even invented.</p></li> <li><p>The first computer programmer was a woman: Ada Lovelace, an English mathematician and writer, is considered to be the world's first computer programmer for her work on Charles Babbage's Analytical Engine in the 19th century. She wrote the first algorithm intended to be processed by the machine.</p></li> <li><p>Some programmers use "rubber duck debugging": This is a technique where a programmer explains their code, line by line, to a rubber duck or any other inanimate object. The act of explaining the code helps the programmer to find the errors or bugs in their code.</p></li> <li><p>The term "debugging" comes from an actual bug: In the early days of computing, bugs were not just a metaphorical term for errors in the code, but actual bugs that would crawl into the computer and cause problems. The term "debugging" comes from the practice of physically removing bugs from the computer.</p></li> <li><p>The first computer virus was created by a 15-year-old: In 1986, a 15-year-old boy named Rich Skrenta created the first computer virus, called Elk Cloner. He wrote it as a joke and distributed it on floppy disks to his friends.</p></li> <li><p>The first computer game was written by a programmer: The first computer game was written in 1958 by William Higinbotham, a physicist and programmer, called Tennis for Two. It was a simple game that used an oscilloscope as a display and was played on an analog computer.</p></li> <li><p>The term "hacker" was originally a compliment: In the early days of computing, a "hacker" was someone who was skilled and clever with computers. The term has since taken on a negative connotation, but it originally was a compliment.</p></li> </ol> deployment productivity