fastapi-expert_skill

This skill helps you design production-ready FastAPI apps with async APIs, Pydantic v2, SQLAlchemy 2.0, and robust authentication.
  • Shell

25

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill martinholovsky/claude-skills-generator --skill fastapi-expert

  • SKILL.md34.9 KB

Overview

This skill is an expert FastAPI developer profile focused on building production-ready async REST APIs using Pydantic v2, SQLAlchemy 2.0, and secure OAuth2/JWT authentication. It emphasizes performance, type safety, and OWASP-aligned security so APIs are fast, resilient, and safe for real-world deployments. Use it to design, implement, test, and harden high-throughput Python web services.

How this skill works

I inspect and produce code and patterns for async FastAPI apps: dependency injection, async DB sessions, Pydantic v2 models, and JWT-based auth flows with refresh tokens. I provide TDD-first test setups (httpx AsyncClient, pytest-asyncio), secure configuration (CORS, rate limiting, headers), and SQLAlchemy 2.0 async patterns including migrations and transaction management. The skill outputs concrete examples, boilerplate, and best-practice checklists to make APIs production-ready.

When to use it

  • Building a high-performance REST API with async I/O and database access
  • Implementing OAuth2/JWT authentication with access and refresh tokens
  • Migrating or creating type-safe request/response models with Pydantic v2
  • Hardening endpoints to mitigate OWASP Top 10 vulnerabilities
  • Creating a test-first workflow for reliable, maintainable endpoints

Best practices

  • Write tests first with pytest-asyncio and httpx AsyncClient to define behavior
  • Use async drivers (asyncpg) and AsyncSession with async_sessionmaker; never block the event loop
  • Keep request and response models separate; never expose password hashes or tokens
  • Enforce strict CORS origins, secure headers, rate limits, and parameterized queries
  • Rotate and revoke refresh tokens; use short-lived access tokens and bcrypt hashing (cost >= 12)
  • Run mypy, ruff, pip-audit, and coverage as part of CI before deployment

Example use cases

  • Create a user registration and login system with hashed passwords, JWT access and refresh tokens, and RBAC
  • Build async endpoints with database transactions, background tasks, and connection pooling for high throughput
  • Implement test fixtures that spin up a temporary async SQLite or Postgres test DB and override dependencies
  • Harden an existing FastAPI app: add CSP/HSTS headers, tighten CORS, add rate limiting and input sanitization
  • Design OpenAPI-driven clients and customize Swagger UI while hiding docs in production

FAQ

Use pytest-asyncio with httpx.AsyncClient and ASGITransport, override the get_db dependency to point at a transient test database, and write tests before implementation.

What should I avoid exposing in response models?

Never include password_hash, tokens, secrets, or any internal IDs you don’t want leaked; use separate response schemas and model_config from_attributes=True when needed.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
fastapi-expert skill by martinholovsky/claude-skills-generator | VeilStrat