home / skills / jiatastic / open-python-skills / fastapi-design

fastapi-design skill

safe

This skill helps you build production-ready FastAPI backends with async patterns, validation, DI, and Upstash integration for secure, scalable APIs.

npx playbooks add skill jiatastic/open-python-skills --skill fastapi-design

Review the files below or copy the command above to add this skill to your agents.

Files (5)

SKILL.md

4.2 KB

---
name: python-backend
description: >
  Python backend development expertise for FastAPI, security patterns, database operations,
  Upstash integrations, and code quality. Use when: (1) Building REST APIs with FastAPI,
  (2) Implementing JWT/OAuth2 authentication, (3) Setting up SQLAlchemy/async databases,
  (4) Integrating Redis/Upstash caching, (5) Refactoring AI-generated Python code (deslopification),
  (6) Designing API patterns, or (7) Optimizing backend performance.
---

# python-backend

Production-ready Python backend patterns for FastAPI, SQLAlchemy, and Upstash.

## When to Use This Skill

- Building REST APIs with FastAPI
- Implementing JWT/OAuth2 authentication
- Setting up SQLAlchemy async databases
- Integrating Redis/Upstash caching and rate limiting
- Refactoring AI-generated Python code
- Designing API patterns and project structure

## Core Principles

1. **Async-first** - Use async/await for I/O operations
2. **Type everything** - Pydantic models for validation
3. **Dependency injection** - Use FastAPI's Depends()
4. **Fail fast** - Validate early, use HTTPException
5. **Security by default** - Never trust user input

## Quick Patterns

### Project Structure

```
src/
├── auth/
│   ├── router.py      # endpoints
│   ├── schemas.py     # pydantic models
│   ├── models.py      # db models
│   ├── service.py     # business logic
│   └── dependencies.py
├── posts/
│   └── ...
├── config.py
├── database.py
└── main.py
```

### Async Routes

```python
# BAD - blocks event loop
@router.get("/")
async def bad():
    time.sleep(10)  # Blocking!

# GOOD - runs in threadpool
@router.get("/")
def good():
    time.sleep(10)  # OK in sync function

# BEST - non-blocking
@router.get("/")
async def best():
    await asyncio.sleep(10)  # Non-blocking
```

### Pydantic Validation

```python
from pydantic import BaseModel, EmailStr, Field

class UserCreate(BaseModel):
    email: EmailStr
    username: str = Field(min_length=3, max_length=50, pattern="^[a-zA-Z0-9_]+$")
    age: int = Field(ge=18)
```

### Dependency Injection

```python
async def get_current_user(token: str = Depends(oauth2_scheme)) -> User:
    payload = decode_token(token)
    user = await get_user(payload["sub"])
    if not user:
        raise HTTPException(401, "User not found")
    return user

@router.get("/me")
async def get_me(user: User = Depends(get_current_user)):
    return user
```

### SQLAlchemy Async

```python
from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine

engine = create_async_engine(DATABASE_URL, pool_pre_ping=True)
SessionLocal = async_sessionmaker(engine, expire_on_commit=False)

async def get_session() -> AsyncGenerator[AsyncSession, None]:
    async with SessionLocal() as session:
        yield session
```

### Redis Caching

```python
from upstash_redis import Redis

redis = Redis.from_env()

@app.get("/data/{id}")
def get_data(id: str):
    cached = redis.get(f"data:{id}")
    if cached:
        return cached
    data = fetch_from_db(id)
    redis.setex(f"data:{id}", 600, data)
    return data
```

### Rate Limiting

```python
from upstash_ratelimit import Ratelimit, SlidingWindow

ratelimit = Ratelimit(
    redis=Redis.from_env(),
    limiter=SlidingWindow(max_requests=10, window=60),
)

@app.get("/api/resource")
def protected(request: Request):
    result = ratelimit.limit(request.client.host)
    if not result.allowed:
        raise HTTPException(429, "Rate limit exceeded")
    return {"data": "..."}
```

## Reference Documents

For detailed patterns, see:

| Document | Content |
|----------|---------|
| `references/fastapi_patterns.md` | Project structure, async, Pydantic, dependencies, testing |
| `references/security_patterns.md` | JWT, OAuth2, password hashing, CORS, API keys |
| `references/database_patterns.md` | SQLAlchemy async, transactions, eager loading, migrations |
| `references/upstash_patterns.md` | Redis, rate limiting, QStash background jobs |

## Resources

- [FastAPI Documentation](https://fastapi.tiangolo.com/)
- [SQLAlchemy 2.0 Documentation](https://docs.sqlalchemy.org/)
- [Upstash Documentation](https://upstash.com/docs)
- [Pydantic Documentation](https://docs.pydantic.dev/)

Overview

This skill provides production-ready Python backend expertise focused on FastAPI, async SQLAlchemy, Upstash/Redis, and secure authentication patterns. It packages practical patterns for building, securing, and optimizing REST APIs and background integration with caching and rate limiting. Use it to enforce async-first design, strong typing with Pydantic, and security-by-default practices.

How this skill works

The skill inspects code and design decisions, recommending refactors to async patterns, dependency injection, and typed data flows with Pydantic. It suggests database session management using async_sessionmaker, safe transaction boundaries, and Upstash-based caching and rate-limiting hooks. It also outlines authentication flows (JWT/OAuth2), token decoding, and secure error handling to fail fast on invalid input.

When to use it

Building REST APIs with FastAPI and well-structured routers
Implementing JWT or OAuth2 authentication and secure dependencies
Setting up async SQLAlchemy sessions and transaction patterns
Integrating Redis/Upstash for caching, TTLs, and rate limiting
Refactoring or cleaning AI-generated Python backend code
Designing API patterns, project layout, and performance optimizations

Best practices

Favor async/await for all I/O and avoid blocking calls in async routes
Type request and response shapes with Pydantic and validate early
Use FastAPI Depends for auth and DB session injection to keep handlers thin
Keep SQLAlchemy sessions short-lived via async_sessionmaker and expire_on_commit=False
Cache computed responses with Upstash Redis and set sensible TTLs to avoid stale writes
Apply rate limiting per client with sliding windows and return clear 429 responses

Example use cases

Create a user service with Pydantic validation, hashed passwords, and JWT issuance
Build paginated async endpoints that use SQLAlchemy eager loading to reduce queries
Add Upstash caching layer to heavy read endpoints with key prefixes and setex TTLs
Implement per-IP rate limiting on public endpoints using Upstash SlidingWindow limiter
Refactor AI-generated synchronous handlers to non-blocking async patterns and improve testability

FAQ

Can I mix sync and async routes in FastAPI?

Yes. FastAPI supports both, but avoid blocking operations in async routes; use sync functions for blocking work or run blocking calls in threadpools.

How should I manage DB sessions in async endpoints?

Provide an async dependency that yields an AsyncSession from async_sessionmaker and ensure expire_on_commit=False to avoid lazy-load issues after commit.