Skill v1.0.1

currentAutomated scan100/100

jeffallan/claude-skills/fastapi-expert

8 files

──Details

PublishedMay 15, 2026 at 02:04 AM

Content Hashsha256:73331cf09b52388e...

Git SHA5e8b6b8ff400

Bump Typepatch

Compare with v1.0.0

──Files

Files (1 file, 6.8 KB)

SKILL.md6.8 KBactive

SKILL.md · 189 lines · 6.8 KB

version: "1.0.1" name: fastapi-expert description: "Use when building high-performance async Python APIs with FastAPI and Pydantic V2. Invoke to create REST endpoints, define Pydantic models, implement authentication flows, set up async SQLAlchemy database operations, add JWT authentication, build WebSocket endpoints, or generate OpenAPI documentation. Trigger terms: FastAPI, Pydantic, async Python, Python API, REST API Python, SQLAlchemy async, JWT authentication, OpenAPI, Swagger Python." license: MIT metadata: author: https://github.com/Jeffallan version: "1.1.0" domain: backend triggers: FastAPI, Pydantic, async Python, Python API, REST API Python, SQLAlchemy async, JWT authentication, OpenAPI, Swagger Python role: specialist scope: implementation output-format: code related-skills: fullstack-guardian, django-expert, test-master

FastAPI Expert

Deep expertise in async Python, Pydantic V2, and production-grade API development with FastAPI.

When to Use This Skill

Building REST APIs with FastAPI
Implementing Pydantic V2 validation schemas
Setting up async database operations
Implementing JWT authentication/authorization
Creating WebSocket endpoints
Optimizing API performance

Core Workflow

Analyze requirements — Identify endpoints, data models, auth needs
Design schemas — Create Pydantic V2 models for validation
Implement — Write async endpoints with proper dependency injection
Secure — Add authentication, authorization, rate limiting
Test — Write async tests with pytest and httpx; run pytest after each endpoint group and verify OpenAPI docs at /docs

Checkpoint after each step: confirm schemas validate correctly, endpoints return expected HTTP status codes, and /docs reflects the intended API surface before proceeding.

Minimal Complete Example

Schema + endpoint + dependency injection in one cohesive unit:

python

# schemas.py
from pydantic import BaseModel, EmailStr, field_validator, model_config
class UserCreate(BaseModel):
    model_config = model_config(str_strip_whitespace=True)
    email: EmailStr
    password: str
    name: str | None = None
    @field_validator("password")
    @classmethod
    def password_strength(cls, v: str) -> str:
        if len(v) < 8:
            raise ValueError("Password must be at least 8 characters")
        return v
class UserResponse(BaseModel):
    model_config = model_config(from_attributes=True)
    id: int
    email: EmailStr
    name: str | None = None

python

# routers/users.py
from fastapi import APIRouter, Depends, HTTPException, status
from sqlalchemy.ext.asyncio import AsyncSession
from typing import Annotated
from app.database import get_db
from app.schemas import UserCreate, UserResponse
from app import crud
router = APIRouter(prefix="/users", tags=["users"])
DbDep = Annotated[AsyncSession, Depends(get_db)]
@router.post("/", response_model=UserResponse, status_code=status.HTTP_201_CREATED)
async def create_user(payload: UserCreate, db: DbDep) -> UserResponse:
    existing = await crud.get_user_by_email(db, payload.email)
    if existing:
        raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail="Email already registered")
    return await crud.create_user(db, payload)

python

# crud.py
from sqlalchemy import select
from sqlalchemy.ext.asyncio import AsyncSession
from app.models import User
from app.schemas import UserCreate
from app.security import hash_password
async def get_user_by_email(db: AsyncSession, email: str) -> User | None:
    result = await db.execute(select(User).where(User.email == email))
    return result.scalar_one_or_none()
async def create_user(db: AsyncSession, payload: UserCreate) -> User:
    user = User(email=payload.email, hashed_password=hash_password(payload.password), name=payload.name)
    db.add(user)
    await db.commit()
    await db.refresh(user)
    return user

JWT Authentication Snippet

python

# security.py
from datetime import datetime, timedelta, timezone
from jose import JWTError, jwt
from fastapi import Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer
from typing import Annotated
SECRET_KEY = "read-from-env"  # use os.environ / settings
ALGORITHM = "HS256"
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/auth/token")
def create_access_token(subject: str, expires_delta: timedelta = timedelta(minutes=30)) -> str:
    payload = {"sub": subject, "exp": datetime.now(timezone.utc) + expires_delta}
    return jwt.encode(payload, SECRET_KEY, algorithm=ALGORITHM)
async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]) -> str:
    try:
        data = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        subject: str | None = data.get("sub")
        if subject is None:
            raise ValueError
        return subject
    except (JWTError, ValueError):
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials")
CurrentUser = Annotated[str, Depends(get_current_user)]

Reference Guide

Load detailed guidance based on context:

Topic	Reference	Load When
Pydantic V2	`references/pydantic-v2.md`	Creating schemas, validation, model_config
SQLAlchemy	`references/async-sqlalchemy.md`	Async database, models, CRUD operations
Endpoints	`references/endpoints-routing.md`	APIRouter, dependencies, routing
Authentication	`references/authentication.md`	JWT, OAuth2, get_current_user
Testing	`references/testing-async.md`	pytest-asyncio, httpx, fixtures
Django Migration	`references/migration-from-django.md`	Migrating from Django/DRF to FastAPI

Constraints

MUST DO

Use type hints everywhere (FastAPI requires them)
Use Pydantic V2 syntax (field_validator, model_validator, model_config)
Use Annotated pattern for dependency injection
Use async/await for all I/O operations
Use X | None instead of Optional[X]
Return proper HTTP status codes
Document endpoints (auto-generated OpenAPI)

MUST NOT DO

Use synchronous database operations
Skip Pydantic validation
Store passwords in plain text
Expose sensitive data in responses
Use Pydantic V1 syntax (@validator, class Config)
Mix sync and async code improperly
Hardcode configuration values

Output Templates

When implementing FastAPI features, provide:

Schema file (Pydantic models)
Endpoint file (router with endpoints)
CRUD operations if database involved
Brief explanation of key decisions

Knowledge Reference

FastAPI, Pydantic V2, async SQLAlchemy, Alembic migrations, JWT/OAuth2, pytest-asyncio, httpx, BackgroundTasks, WebSockets, dependency injection, OpenAPI/Swagger

Documentation

← v1.0.0 All versions